See how one global retailer detected almost 2,000 domains impersonating their brand.
Top Cyber Threats to the Technology Sector
The nature of the services offered by technology companies means they often collect sensitive customer data...
Error - something went wrong!
Other content in this Stream
Top Cyber Threats to the Technology Sector
The nature of the services offered by technology companies means they often collect sensitive customer data and supply critical communication infrastructure to their clients.
Digital Risk Protection: Forrester New Wave Report
Digital Shadows Named a "Leader" in 2018 Forrester New Wave for Digital Risk Protection
A Practical Guide to Reducing Digital Risk
This practical guide provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.
Weekly Intelligence Summary 24 Oct - 31 Oct 2019
In the spotlight this week: A card skimming operation targeted the online retailer First Aid Beauty and evaded notice for months.
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
7.5M Adobe Creative Cloud User Records Exposed, City Of Joburg Ransomware Attack, and APT28 Updates
Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of aboutt 7.5 million Adobe Creative Cloud...
Understanding the Different Cybercriminal Platforms: AVCs, Marketplaces, and Forums
We’re all familiar with forums and marketplaces (we use them in our daily lives – think Reddit, eBay, or Amazon, for example), but what exactly is an AVC? What do they look like?
Cybercriminal credit card stores: Is Brian out of the club?
In this blog, we determine whether this targeted attack on BriansClub will impact the wider cybercriminal credit carding landscape, and speculate whether it could galvanize the community to push anoth
SecDevOps: Continued Database Exposures Point to Growing Challenges
Last week, we learned that millions of Ecuadorian’s personal details had been exposed by a misconfigured ElasticSearch database. This is ...
WiFi Security: Dispelling myths of using public networks
In this blog we are going to review where this view of dangerous public WiFi networks came from, how close it comes to reality, and how to actually protect yourself from the real dangers which can occ
Too Much Information: The Sequel | New Research
There are now 750 million more files exposed than we reported last year; not all of them are blatantly sensitive, but there is plenty of gold in these mountains.
Understanding the Consequences of Data Leakage through History
One of the most interesting aspects of transitioning from high school history teacher to cyber threat intelligence professional is the ...
Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability
Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). Then we dig into the hot topics of the week.
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services
Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of ...
Dark Web Overdrive: The Criminal Marketplace Understood Through Cyberpunk Fiction
How can the modern network of .onion marketplaces be understood through novels about a cyberpunk dystopia? The answer is in how dark web marketplaces grow and die.
Domain Squatting: The Phisher-man’s Friend
Simon talks about how easy it is to conduct domain squatting and typosquatting, and how little monitoring still goes on around them in the industry.
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework
When the attacker, Andrei Tyurin, pleaded guilty, we thought we could look at the attacker goals, their TTPs and map this to the Mitre PRE-ATT&CK and ATT&CK framework.
Magecart Five Widens Attack Vectors, Targeting of Airbus Suppliers, & Tortoiseshell Developments
Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the...
Dark Web Monitoring: The Good, The Bad, and The Ugly
Gaining access to dark web and deep web sources can be extremely powerful – if you focus on relevant use cases. The most successful strategies we observe have clear requirements, such as fraud detecti
Breach! Exploring the Modern Digital Breach: Part 1