Digital Shadows

In this episode of ShadowTalk, host Roman, along with Ivan and Brandon, discuss the latest news in cyber security and threat research. Topics this week include:Twitter becoming X security concernsCl0p names 71 new victimsReliaQuest releases Q2 ransomware reportHackers target Norwegian government ministries with Ivanti zero-day exploitALPHV ransomware group creates API key for its data leak siteResources:https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/https://www.bleepingcomputer.com/news/security/alphv-ransomware-adds-data-leak-api-in-new-extortion-strategy/

In this episode of ShadowTalk, host Chris, along with Brian and James, discuss the latest news in cyber security and threat research. Topics this week include:ReliaQuest research into common attacker techniquesAn update on Clop's exploitation of the MOVEit vulnerability ChatGPT rival with ‘no ethical boundaries’ sold on dark webResources:https://www.reliaquest.com/blog/top-adversary-techniques-july-2023/https://www.reliaquest.com/blog/clop-leaks-first-victims/https://www.zdnet.com/article/wormgpt-what-to-know-about-chatgpts-malicious-cousin/

In this episode of ShadowTalk, host Dean Murphy, one of ReliaQuests CISO's Rick Holland and threat research teamers Colin Ferris and Gjergji Paco discuss the latest news in cyber security and threat research. Topics this week include:Chinese hackers breach Microsoft CloudStrava App – Tracked and KilledCl0p UpdateRemote Monitoring and Management Software – RMMSources:- https://www.cnn.com/2023/07/11/europe/russian-submarine-commander-killed-krasnador-intl/index.html- https://www.telegraph.co.uk/news/2023/07/11/russian-submarine-commander-shot-strava-krasnodar-vinnytsia/- https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf- https://www.reliaquest.com/blog/clop-leaks-first-victims/- https://www.cisa.gov/sites/default/files/2023-07/aa23-193a_joint_csa_enhanced_monitoring_to_detect_apt_activity_targeting_outlook_online.pdf- https://www.washingtonpost.com/national-security/2023/07/12/microsoft-hack-china/- https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-chin

Summary: In this episode of ShadowTalk, host Chris Morgan, along with Corey Carter, Jonny Elrod, Gjergji Paco, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:Threat actors obfuscating activity through virtualizationLockBit claim to have impacted Taiwanese semiconductor giant TSMCCISA identify new exploited vulnerabilitiesNew critical vulnerability impacting Fortinet, FortiOS and FortiProxy SSL-VPN appliancesResources:https://www.reliaquest.com/blog/virtual-machines-defense-evasion/https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-bugs-exploited-by-russian-hackers/https://thehackernews.com/2023/07/alert-330000-fortigate-firewalls-still.htmlhttps://www.scmagazine.com/brief/ransomware/tsmc-discloses-data-breach-from-lockbit-claimed-attack-against-third-party

In this episode of ShadowTalk, host Stefano, along with Kim Bromley, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:The SEC reportedly charging SolarWinds executivesAPT29 hunting for credentialsOur new, shiny Annual Threat ReportSources:https://www.reuters.com/technology/solarwinds-executives-receive-wells-notice-us-sec-2023-06-23/https://www.scmagazine.com/brief/identity-and-access/apt29-intensifies-credential-stealing-attackshttps://www.reliaquest.com/resources/research-reports/annual-threat-report/

In this episode of ShadowTalk, host Chris, along with Dani, and one of ReliaQuests CISO's Rick Holland, discuss the latest news in cyber security and threat research. Topics this week include:The latest updates related to Cl0p's exploitation of MOVEit zero-dayKillnet targeting European financial institutionsInsights drawn from our closed sources teamThe team's observations on this years InfoSec conferenceResources:https://www.reliaquest.com/blog/clop-leaks-first-victims/ https://techmonitor.ai/technology/cybersecurity/killnet-revil-and-anonymous-threaten-swift-with-destructive-attack-in-48-hours 

In this episode of ShadowTalk, host Chris, along with Colin and Caroline, discuss the latest news in cyber security and threat research. Topics this week include:The latest updates related to Clop's exploitation of MOVEit zero-dayAn overview of the Gootloader initial access malwareFortinet RCE CVE-2023-27997Ukraine's Cyber Anarchy Squad take down InfotelResources:https://www.reliaquest.com/blog/clop-leaks-first-victims/https://www.scmagazine.com/news/device-security/fortinet-patches-critical-rce-fortigate-ssl-vpn-applianceshttps://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/

In this episode of ShadowTalk, host Stefano, along with Rick, Dean, and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:What you need to know on the MOVEit Zero-day vulnerability and the latest Cl0p updates Infostealers ecosystem: most common malware, impact, and mitigation strategiesKey insights from the latest Verizon's DBIR issueSources:https://www.reliaquest.com/blog/moveit-vulnerability-update-clop-claims-responsibility/ https://www.verizon.com/business/resources/reports/dbir/

In this episode of ShadowTalk, host Chris, along with Gjergji and Ivan, discuss the latest news in cyber security and threat research. Topics this week include:What you need to know on the MOVEit Zero-day vulnerabilityRaidForums user's data breachedThe Buhti ransomware taking a unique approach to targeting victimsSources:https://www.reliaquest.com/blog/moveit-transfer-zero-day/https://www.bleepingcomputer.com/news/security/new-buhti-ransomware-gang-uses-leaked-windows-linux-encryptors/https://www.bleepingcomputer.com/news/security/new-hacking-forum-leaks-data-of-478-000-raidforums-members/

Summary: In this episode of ShadowTalk, host Stefano, along with Kim, Rick, and Dean, discuss the latest news in cyber security and threat research. Topics this week include:An investigation into the GootLoader malwareThe latest operation from hacktivist group Intrusion TruthA cyber espionage campaign conduct by Volt TyphoonRQ Exponent conference debriefSources:https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144ahttps://www.washingtonpost.com/politics/2023/05/15/they-dox-chinese-hackers-now-theyre-back/

In this episode of ShadowTalk, host Chris Morgan , along with Caroline Fenstermacher and Gjergji Paco, discuss the latest news in cyber security and threat research. Topics this week include:Revisiting the SocGholish malware distribution framework Getting pricked by the Cactus ransomwareGreatness Phishing-as-a-service Resources:https://www.reliaquest.com/blog/socgholish-fakeupdates/https://thehackernews.com/2023/05/new-ransomware-strain-cactus-exploits.htmlhttps://www.bleepingcomputer.com/news/security/new-greatness-service-simplifies-microsoft-365-phishing-attacks/

Summary: In this episode of ShadowTalk, host Stefano, along with Caroline and Colin, discuss the latest news in cyber security and threat research. Topics this week include:Five Eyes agencies takedown FSB-linked Snake malwareHunting Kubernetes for privilege escalation techniquesInvestigation offers insights into Caffeine PhaaS platformSources:https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129ahttps://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/kubernetes-privilege-escalation-excessive-permissions-in-popular-platformshttps://www.bleepingcomputer.com/news/security/caffeine-service-lets-anyone-launch-microsoft-365-phishing-attacks/

In this episode of ShadowTalk, host Chris Morgan is joined by Corey Carter and Ivan Righi to discuss:A day in the life of a Threat Engineer at ReliaQuestALPHV leaking internal comm's related to victims incident responseHigh Severity vulnerability affecting Veeam back servers exploited in the wild (CVE-2023-27532)

In this episode of ShadowTalk, host Stefano, along with Kim, Ivan, and Brandon, discuss the latest news in cyber security and threat research. Topics this week include:Highlights from the ReliaQuest Ransomware Quarterly Report Q1 2023A supply-chain of a supply-chain: 3CX UpdateAnalysis of Russia-Ukraine cyber operationsA look into recent shifts in the cybercriminal ecosystemResources:https://www.reliaquest.com/blog/2023-ransomware-attacks-q1/https://www.ncsc.gov.uk/news/new-analysis-eccri-highlights-ukraine-defence-against-russian-offensivehttps://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

In this episode, host and CISO Rick Holland is joined by ReliaQuest's Chief Technical Officer Joe Partlow and Chief Strategy Officer Jason Pfeiffer to discuss cyber trends they're seeing across RSA Conference 2023, the benefits of such an event, AI in cyber and more.

In this episode of ShadowTalk, host Chris Morgan, along with Dani and Dean Murphy, discuss the latest news in cyber security and threat research. Topics this week include:A breakdown of ReliaQuest's latest Vulnerability quarterly reportAftermath of the ransomware attack affecting CapitaThe "Domino" Backdoor and "Project Nemesis" information stealing malwareLockbit targeting macOSResources:https://www.reliaquest.com/blog/2023-q1-vulnerabilities-cves/https://www.reliaquest.com/blog/2023-ransomware-attacks-q1/

Summary: In this episode of ShadowTalk, host Stefano, along with Caroline and Kitch, discuss the latest news in cyber security and threat research. Topics this week include:A new approach in malicious infrastructure takedownThe latest TTPs of MERCURY aka MuddyWaterWhat's new on this Patch Tuesday?Resources:https://blogs.microsoft.com/on-the-issues/2023/04/06/stopping-cybercriminals-from-abusing-security-tools/https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/

Summary: In this episode of ShadowTalk, host Stefano, along with Ivan and Corey, discuss the latest news in cyber security and threat research. Topics this week include:The prominent Genesis Market has been seized: What's next?Confidential Vulkan Files expose ties between Russian APTs and private sectorMicrosoft mitigates malicious attachments delivered via OneNoteResources:https://news.sky.com/story/notorious-criminal-marketplace-genesis-market-which-sold-stolen-bank-details-taken-down-12850517https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tacticshttps://www.securityweek.com/microsoft-onenote-starts-blocking-dangerous-file-extensions/https://www.reliaquest.com/blog/top-reads-march-2023/

In this early released episode of ShadowTalk, host Chris Morgan, along with ReliaQuest CISO Rick Holland, Kim Bromley, and Colin Ferris discuss the latest news in cyber security and threat research. Topics this week include:Implications from the 3CX supply-chain attack and what you need to do going forwardRussian telco Rostec deanonymizing Telegram usersUpdates to the IcedID malwareEpisode resources:https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/https://www.reliaquest.com/blog/3cx-trojan-attack/https://www.bleepingcomputer.com/news/security/russia-s-rostec-allegedly-can-de-anonymize-telegram-users/https://www.bleepingcomputer.com/news/security/new-icedid-variants-shift-from-bank-fraud-to-malware-delivery/

In this episode of ShadowTalk, host Chris Morgan, along with Ivan Righi and Caroline Fenstermacher, discuss the latest news in the cyber security and the information security landscape. Topics this week include:Implications following the arrest of BreachForums administrator PompompurinCryptojacking activity group the TeamTNT threat group Microsoft Outlook bug CVE-2023-23397Episode Resources:https://www.reliaquest.com/blog/breachforums-arrest-fbi/https://www.reliaquest.com/blog/cyber-threats-svb-collapse/https://www.reliaquest.com/platform/phishing-analyzer/