Rick Holland, CISO of Digital Shadows (now ReliaQuest), joins Richard Gold and Michael Marriott to discuss the possible implications of Facebook security flaws affecting 50 million accounts. In part two, one year after reports of the Equifax breach surface, the UK arm has been fined £500,000 by the Information Commissioner’s Office (ICO). We look at […]
A user claiming to be the notorious darkoverlord extortionist threat actor has appeared on a dark web cybercriminal forum offering breached datasets for sale. In this blog, Digital Shadows (now ReliaQuest) analyzes whether this is a case of a copy-cat actor hoping to profit from thedarkoverlord name, or whether this marks a genuine return for […]
In this week’s ShadowTalk, Richard Gold and Simon Hall join Michael Marriott to discuss the latest spate of attacks by the threat actor known as Magecart. We dig into the history of Magecart, different approaches to web skimming, and provide advice on how organizations can best protect against this threat. Fallout exploit kit identified distributing […]
It’s common for the exciting and novel issues that confront security professionals on a daily basis to be hyped up. Very often the reporting and discussion focuses on 0day exploits, nation state actors, sophisticated intrusions and theoretical attack classes. The reality, however, is much more mundane. This point is driven home by the GAO (General […]
Not a week goes by without an example where credential stealing, credential reuse, or poor password practices contributed heavily to a successful attack. With this in mind, Dr Richard Gold and Simon Hall join Rafael Amado to discuss the age-old problem of credential hygiene. In this week’s ShadowTalk we covered the ways in which attackers […]
In this week’s ShadowTalk, Richard Gold and Simon Hall join Rafael Amado to discuss SSL (Secure Sockets Layer) interception, a technique used to inspect HTTPS (Hyper Text Transfer Protocol Secure) traffic sent between a client and a webserver. On 30 June, an important Payment Card Industry deadline passed that requires all websites that accept payment […]
Old school security practices simply don’t fit the new IT environment. Cloud computing, applications and distributed workforces have changed the security game. The days of building perimeter walls still exist, but the walls are disappearing. This leaves channel security consultants wondering what the right allocation is for security budgets. As indicated in a 2016 SANS […]
What we know about the Equifax breach On September 7th, credit reporting agency Equifax announced “a cybersecurity incident potentially impacting approximately 143 million U.S. consumers.” To put this in context, at this time, this incident is almost seven times larger than the Office of Personnel Management breach of 2015. Equifax discovered the unauthorized access on […]