Podcast appearances and mentions of harrison van riper

Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are Cyber Security Engineers at The MITRE Corporation and presented this new tool at the recent SANS CTI Summit. During the discussion, they talk through: - What brought them to MITRE - TRAM - what it is, goals that the project was designed to address, and how to get involved - Highlights and key takeaways from the SANS CTI Summit Huge thanks to Sarah and Jackie for joining! ***Resources From this Episode*** Slides from SANS Session: https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1579547257.pdf Github page: github.com/mitre-attack/tram Sarah’s Twitter: https://twitter.com/sarah__yoder

We’ve got all 3 ShadowTalk hosts in Dallas this week: Harrison Van Riper, Viktoria Austin, and Alex Guirakhoo. The team first looks at Avast, which encountered a cyber espionage attempt. Then NordVPN announced that a hacker had breached servers used by NordVPN. And finally Dr. Richard Gold put out a new blog this week on dispelling the myths around using public wifi, so the team helps summarize some of the key points. Check out the full blog at https://www.digitalshadows.com/blog-and-research/wifi-security-dispelling-myths-of-using-public-networks/ To check out our weekly intelligence summary, visit https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-17-oct-24-oct-2019 More Resources from this week’s episode: - Avast breach attempt: https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss - NordVPN breach & PR nightmare: https://nakedsecurity.sophos.com/2019/10/23/hacker-breached-servers-used-by-nordvpn/ - Krebs: https://krebsonsecurity.com/2019/10/avast-nordvpn-breaches-tied-to-phantom-user-accounts/

Rick Holland and Alex Guirakhoo join Harrison Van Riper this week to talk through more Sodinokibi activity. Just yesterday, a cloud hosting provider for Digital Dental Records was hit with Sodinokibi, apparently affecting around 400 different dental providers around the US. It seems like were hearing about more and more people actually paying out these ransom demands. Do we think it’s just a reporting bias or do we think they’re actually paying out more often? Then the team looks at the Imperva breach, where its Incapsula Web Application Firewall product was inadvertently exposing some data, including email addresses, hashed and salted passwords, API keys and SSL certificates. Google’s Project Zero also discovered a series of 0-day exploits being actively used in the wild targeting iPhones. The team discuses how this will factor into risk models moving forward. We close out with everyone’s top (and weirdest) choices at the Texas State Fair. Yummmmm. Enjoy :) Resources From this Week’s Episode: More Sodinokibi activity https://www.scmagazine.com/home/security-news/dentist-offices-nationwide-hit-with-revil-ransomware-attacks/ https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/ https://www.bleepingcomputer.com/news/security/a-look-inside-the-highly-profitable-sodinokibi-ransomware-business/ Imperva breach https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ iOS exploits discovered https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html?m=1

The US cyberattack against Iranian targets remains only indistinctly visible in the information fog of cyberwar. Iran’s APT33 seems to have altered its tactics after its operations against Saudi targets were described by Symantec at the end of March. An insurer and provider of vision and dental benefits investigates a “data incident.” Skids-on-skids, kids. Facebook talks information operations, and teases plans concerning identity. Notes on the labor market. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on malware C&C channels making use of TLS. Tamika Smith speaks with Harrison Van Riper from Digital Shadows about their recent report, “Too Much Information: The Sequel,” outlining the increase in data exposure over the past year. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_27.html  Support our show

The Photon Research Team’s Rafael Amado, Richard Gold and Harrison Van Riper get together to discuss Digital Shadows’ latest research report, A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure. Whereas many of the cyber security issues covered by researchers may seem obscure and irrelevant to the majority of businesses and individuals out there, extortion is a topic with a real human impact, and one that can have physical, psychological and financial consequences. The team look at how extortionists are diversifying their methods, emboldened by the credentials, sensitive documents and technical vulnerabilities that we leave exposed online. Download the latest report at https://info.digitalshadows.com/ExtortionResearchReport-Podcast.html, and listen to the podcast to learn how to properly manage your online exposure and reduce extortion risks.

Harrison Van Riper hosts this week’s Intelligence Summary with guests Rose Bernard (Strategic Intelligence Manager) and Alex Guirakhoo (Strategic Intelligence Analyst). Our main story involves the leak of personal information from several German political parties. We also discuss the other big threat intelligence stories from the week and find out what everyone would name their APT group. Subscribe to ShadowTalk on iTunes and follow us @digitalshadows, use #ShadowTalk to submit a question for next week! The full intelligence summary can be downloaded at https://resources.digitalshadows.com/weekly-intelligence-summary.

Rick Holland and Harrison Van Riper join Michael Marriott to discuss the implications of the Marriott data breach, as well as a look forward to trends we might see in 2019. Specifically, we dig into ransomware and discuss what you should be considering in 2019. To read more about these trends (and more) read Harrison’s blog (https://www.digitalshadows.com/blog-and-research/2019-cyber-security-forecasts-six-things-on-the-horizon/). To register for our upcoming webinar with the FBI, https://info.digitalshadows.com/LiveWebinar-CyberThreatstoWatchin2019-Registration.html?Source=podcast.

For this special mid-week edition of ShadowTalk, Harrison Van Riper, Jamie Collier, and Rafael Amado focus on cyber security threats over the Black Friday weekend and holiday season. Despite increased sales for retailers and bargain opportunities for consumers, Black Friday has had the unintended consequence of emboldening and enabling profit-seeking cybercriminals. The team discuss continuing activity by the Magecart group, as well as the ways in which cybercriminals are gearing up for the holidays from our investigations of online forums and messaging applications. For more, check out our Black Friday blog at: https://www.digitalshadows.com/blog-and-research/black-friday-and-cybercrime-retails-frankenstein-monster/

Some called him a hero. Some called him the most dangerous man to the defense industry. In today’s ShadowTalk, Dr. Richard Gold and Harrison Van Riper join Rafael Amado to discuss the vigilante hacker known as Phineas Fisher. Leaked court documents surfaced this week, detailing how Italian authorities tried and ultimately failed to identify and convict Phineas Fisher for the infamous breach against the Italian surveillance and technology company, Hacking Team. The team dive into the history of Phineas Fisher, the techniques used to break into the Hacking Team network, and the OPSEC practices that allowed Phineas Fisher to remain at large.

Harrison Van Riper and Rafael Amado join Michael Marriott to discuss the latest stories from the week. This week’s podcast has a strong Guy Richie flavor, with a focus on lock, stock and ru smoking barrels. We begin by discussing October’s hot ransomware activity, including the most popular variants, common targets, and mitigation advice. Second, we discuss sliding stock value amid reports of data breaches: we dig into the Cathay Pacific and Facebook breaches. And, finally we discuss the recent attribution of Triton malware to a Russian entity and why it’s TTPs you should care about.

In this edition of Shadow Talk, Richard Gold joins us to discuss the issue of security debt, a term used to refer to the accumulation of security risks over time, such as missed patches, misapplied configurations, mismanaged user accounts. Richard looks into how many of the attacks we see on a regular basis are actually a result of security risks that build up over time, and how security debt is a ticking time bomb for most organizations. In Part II, Harrison Van Riper covers the recent website defacement attack and data breach incident targeting the event ticketing company, Ticketfly. Security debt resources: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/286667/FAQ2_-_Managing_Information_Risk_at_OFFICIAL_v2_-_March_2014.pdf