Digital Shadows Shadow Talk-logo

Digital Shadows Shadow Talk

Technology Podcasts >

More Information


United States




Iran-Linked APT35, Skimming By Magecart 4, Rancour, And Emotet Resurgence

We’re back in London this week! Viktoria chats with Adam Cook, Philip Doherty, and Josh Poole on this week’s top stories: - APT35 Targets Email of US political figures & prominent Iranians - Skimming activity by Magecart 4 reveals potential link to Cobalt Group - Chinese threat group Rancour casts phishing line to South-East Asian government - Emotet Resurgence Resources From This Week: Account Takeover Kill Chain 5 Step Analysis:...


The Tyurin Indictment- Mapping To The Mitre ATT&CK™ Framework

Director of Security Engineering, Richard Gold, joins Viktoria Austin in this special episode of ShadowTalk to look at the attacker goals, their TTPs, and map this to the Mitre PRE-ATT&CK and ATT&CK framework. Some Background… Between 2012 to mid-2015, U.S. financial institutions, financial services corporations and financial news publishers fell victim to one of the largest computer hacking crimes. The hacking resulted in the theft of information belonging to 100 million customers of the...


Magecart Five Widens Attack Vectors, Targeting of Airbus Suppliers, & Tortoiseshell Developments

Coming to you from London this week, Jamie Collier, Philip Doherty, and Josh Poole join Viktoria Austin for our weekly threat intelligence updates. The team kicks off with a discussion around the top story of the week - Magecart Five Widens Attack Vectors. Recent Magecart Five activity has included loading malicious Javascript files onto commercial-grade Layer 7 routers, injecting malicious code into a free, open-source app module, distributing phishing emails via an unspecified spamming...


Tortoiseshell Targets IT Providers, The Tyurin Indictment, And Emotet’s Return

Viktoria hosts this week’s episode in London with Phillip Doherty and Adam Cook. After a quick debate around the top trending sports at the moment, the team digs into the first story of the week: Tortoiseshell Group (a newly identified threat group) has reportedly conducted some supply chain attack campaigns against 11 IT providers in Saudi Arabia. Next they look at two new malware variants that have emerged, attributed to North Korean-associated Lazarus Group. Emotet botnet has been hot in...


Threat Intelligence Time Management and Prioritization: An Interview with Xena Olsen

Rick Holland and Harrison Van Riper interview Xena Olsen in this episode of ShadowTalk. The team focus their discussion on how to get timely, but effective intelligence out the door, with details on time management and prioritization for intelligence analysts. They also discuss Xena’s passion projects around diversity within cybersecurity and adversary detection pipelines. Check out our other episode resources below to learn more. Episode Resources: Xena’s Site:...


NCSC Threat Trends And Ransomware Updates

It’s Harrison and Alex this week for your threat intelligence updates. The guys first dig into the NCSC’s recent threat trends report, the first of these that the NCSC has put out. It’s UK-specific, so just like we’ve shared thoughts around the FBI IC3 annual report in the past, which is heavily geared toward the US, it’s good to look across the pond as well. The team digs into 3 main areas: - Office365 - Ransomware trends including updates on Emotet, Ryuk, LockerGoga, Bitpaymer, Nemty, and...


Purple Teaming: An Interview With Eliza May Austin

In this episode, Viktoria interviews Eliza May Austin (CEO & Co-Founder of, and our own Richard Gold and James Chappell on Purple Teaming, a security assessment that combines both blue teaming and red teaming. The team discusses: - How do we make the blue and red teams collaborate better? - Is purple teaming a cost-effective measure when it comes to a less mature organization? - Why Purple Teaming needs to be at the forefront - What systems would you start testing with...


Metasploit Project Publishes Exploit For Bluekeep, plus APT3 and Silence Cybercrime Group Updates

Viktoria Austin is joined by Adam Cook and Phil Dohetry this week in the London office to talk about the top story this week: Metasploit Project publishes exploit for Bluekeep bug. Our Photon Research Team tested the Metasploit exploit in their lab environment and has successfully exploited an unpatched Windows 7 machine. “The exploit not only gives the attacker remote access to a target system, but also gives the attacker the highest level of privilege on the target.” - Dr. Richard Gold The...


Ryuk Ransomware, Twitter Rids SMS Tweets, And Facebook Records Exposed

Alex, Alec, and Harrison are in the room today discussing 3 top stories from the week. First up - a hacker deploys Ryuk ransomware against the city of New Bedford, Massachusetts, demanding $5.3 million. What was interesting, though, was that the city tried to negotiate with the attackers for a lower ransom of $400k, but the attackers didn’t want it and ended up cutting off communications. Next the guys chat through the suspension of Twitter’s SMS-based tweet function after the news of...


More Sodinokibi Activity, Imperva Breach, And Weirdest Food At The Texas State Fair

Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the...


Approaching Cybersecurity As A Third Party Defense Contractor

Brian Neely, CIO and CISO at American Systems and Rick Holland, CISO at Digital Shadows join Harrison for a discussion around how Brian approaches cybersecurity as a defense contractor. American Systems has been delivering complex IT and engineering solutions to national priority programs since 1975 and has some interesting use cases. The group discusses: - Top cybersecurity concerns as a third party defense contractor - Advice for listeners with similar threat models where sophisticated,...


Texas Ransomware Outbreaks And Phishing Attacks Using Custom 404 Pages

Charles Ragland (a brand new ShadowTalk-er!) and Christian Rencken join Harrison this week to discuss an outbreak of ransomware attacks impacting local government entities across Texas. The team also discusses some phishing attacks that are using custom 404 pages and how Google is starting to remove FTP support from Chrome. They wrap up this episode with the question of the week: Which future technology most worries you from a cyber security perspective? Check out this week’s full...


Breach! Exploring The Modern Digital Breach With Cyber Defense Lab’s CEO Bob Anderson: Part 2

What practical steps should organizations and the professionals within them be thinking about in this new world? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In part 2, the team looks at: - Steps you can take into your programs today as a security or business leader - Advice for boards on how to do to deal...


Nightmare Market In Disarray And SEC Investigation Into Data Leak At First American Financial Corp

Harrison is back! Alex and Christian join this week to discuss how Black Hat and DEFCON went last week, analyze the irregularities of the dark web criminal market, Nightmare, and explore the story reported by Krebs on the SEC investigation into the data leak at First American Financial Corp. Shout-out to all of our new listeners - thanks for your interest and let us know what we can do to continue improving the podcast! Check out the blog on Nightmare Market at...


Breach! Exploring The Modern Digital Breach With Cyber Defense Lab’s CEO Bob Anderson - Part 1

It seems like we read about new breaches every day. What’s changing? How is exposure and the adoption of digital technology changing the breach landscape? We have a special two-part series where Rick Holland, VP Intelligence and CISO at Digital Shadows, interviews Bob Anderson, CEO at Cyber Defense Labs ( and James Chappell, co-founder and Chief Innovation Officer at Digital Shadows. In Part 1, the team looks at: - How the breach landscape has evolved - The role...


Capital One Breach, Ransomware Trends, and Threat Actors

Move out of the way, Harrison! We have a brand new host this week: Viktoria Austin, Strategy and Research Analyst, and Photon Research Team member. Viktoria is joined this week by Rose Bernard and Xueyin Peh in the London office. In a malspam campaign, “Sodinokibi” targeted users in Germany using a spoofed Federal Office for Information Security (BSI) email domain and a data breach-themed lure, while in other countries ransomware attacks have been conducted against local government networks...


2FA - Advice For Deployment & A Technical Assessment

Thinking about deploying 2FA? In this special interview, our Head of Cyber Security & IT, Craig Ellis, and our Head of Security Engineering, Dr. Richard Gold, chat with Harrison around how they implemented 2FA internally. The guys discuss proper ways to go about implementing 2FA, some of the issues with implementing 2FA, what happens when things break, and other advice they wish they were given before implementing 2FA. Then Rich and Harrison deep dive into our latest paper, Two-Factor in...


More BlueKeep updates, FSB contractor hacked, and the Enigma Market

Christian (@Chrencken14) and Travis (@puppyozone) sit down with Harrison (@pseudohvr) to discuss even more BlueKeep updates since last week, as a technical presentation gets uploaded to Github, inching us closer to a full-blown public PoC. the breach and subsequent release of documents from a contractor working with Russia’s FSB intelligence services, and research from the Digital Shadows team about a new marketplace we’ve had our eye on for a few months called Enigma. **Housekeeping note**...


Interview With Dir Of Threat Intelligence At McDonalds, Brian Hillegas

Director of Threat Intelligence at McDonald’s, Brian Hillegas, speaks with Harrison (@pseudohvr) and CISO Rick Holland (@rickhholland) about where to align your security priorities, the importance of operating cross-functionally in your organization, what the biggest threats are in the cyber landscape at the moment, and what they’re looking forward to at Black Hat and DEF CON this year. The team will be at both events in Vegas this year! Check out what we have planned and RSVP for our party...


FaceApp Overblown, BlueKeep Updates, And Libra’s Lawmaker Showdown

Harrison (@pseudohvr), Alex, and Travis (@puppyozone) talk about the recent FaceApp shenanigans and why they’re actually not that shocking as some reports indicate. Researchers indicate that thousands of systems are still vulnerable to the BlueKeep RDP vulnerability. With a public proof of concept yet to be released, could this be the reason why? Finally, Harrison loves some cryptocurrency news, so the guys chat about Facebook’s cryptocurrency head speaking to US lawmakers about Libra and...