See how one global retailer detected almost 2,000 domains impersonating their brand.
Other content in this Stream
Phishing Protection
Discover attackers impersonating your domains, social accounts, people, and mobile applications.
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
10:00Typosquatting and the 2020 U.S. Presidential election
Photon Research Team thought it would be interesting to use this pool of candidates as a backdrop for research into typosquatted domains
Dark Web Typosquatting: Scammers v. Tor
Time and time again, we see how the cybercriminal ecosystem often mirrors what happens in the business world. This can ...
Simon talks about how easy it is to conduct domain squatting and typosquatting, and how little monitoring still goes on around them in the industry.
Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability
Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). Then we dig into the hot topics of the week.
Weekly Intelligence Summary 10 Oct - 17 Oct 2019
In the spotlight this week is the “Simjacker” exploit, publicly disclosed in September 2019 and now potentially affecting entities across 29 countries.
ANU Breach Report: Mapping to Mitre ATT&CK Framework
We decided to map this intrusion to the Mitre ATT&CK framework, as we have done previously for:
5 Ways Cybercriminals Can Access Your Emails Without Phishing
Here are 5 ways that cybercriminals gain access to emails without conducting a phishing campaign or network intrusion.
Phishing Site Impersonates Financial Services Institution
If the infamous bank robber, Willie Sutton, were alive today and honed his cyber skills, he might turn his attention ...
Tackling Phishing: The Most Popular Phishing Techniques and What You Can Do About It
We cover a range of the different techniques attackers of all persuasions (whether sophisticated nation state or low-level hacker) choose when performing their phishing campaigns.
Weekly Intelligence Summary 03 Oct - 10 Oct 2019
In the spotlight this week is the Iran-linked threat group “APT35”, which took aim at the email accounts of political entities in the United States and prominent Iranians living outside Iran.
Iran-Linked APT35, Skimming By Magecart 4, Rancour, And Emotet Resurgence
We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories. - APT35 Targets Email of US political figures & prominent Iranians -...
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction
How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia? The answer is in how dark web marketplaces grow and die.
Texas Ransomware Outbreaks And Phishing Attacks Using Custom 404 Pages
Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team...
Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor
Since Facebook’s announcement on June 18, there has been a gold rush, with people scrambling to register a myriad of domain permutations that infringe on the new trademarks. These have ranged from see
Detecting Fake Social Media Profiles | Case Study
See how a bank removed a spoof social media profiles targeting customers.
Automating 2FA phishing and post-phishing looting with Muraena and Necrobrowser
Phishing remains one of the most pervasive threats to enterprise, the simple but effective technique of tricking unassuming users into ...
Google Calendar Phishing, Exim Email Server Vulnerability, and Diversity in Cybersecurity
This week Alex and Jamie (@TheCollierJam) chat with Harrison (@pseudohvr) on a cyber-threat campaign involving the abuse of legitimate features in Google Calendar. Then they dive into other...
Online Brand Security Overview