The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia’s APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."

On today's episode of The Cybersecurity Defenders Podcast we talk about cybercrime cottage industries with Reed McGinley-Stempel, the Co-Founder and CEO of StytchStytch is a platform designed to streamline authentication, authorization, and fraud prevention in a way that enhances security while minimizing user friction. Stytch serves both consumer and B2B applications, offering a variety of authentication solutions, including features like Google One-Tap and Biometrics for consumer-facing applications, as well as SSO, Role-Based Access Control, and SCIM integrations for enterprise SaaS. Reed founded Stytch after witnessing the challenges teams face when building secure and user-friendly authentication solutions, a problem he first encountered while working at Plaid. He is also a proud duke alumni and was the recipient of the prestigious Fullbright Scholarship

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby’s story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.This tool helps security researchers identify vulnerabilities within macOS’s sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VMRay's analysis on Latrodectus highlights the malware family’s development, detailing how it evolved from simple loaders to highly evasive, sophisticated malware.The WarmCookie malware is a recent, persistent threat known for its self-updating capabilities, specifically designed to evade security tools and establish long-term presence in systems. Fortinet recently disclosed a critical zero-day vulnerability in its FortiManager product, assigned CVE-2024-47575, which has been actively exploited in the wild.The European Union (EU) recently updated its product liability framework to better address the challenges of the digital age and support the shift toward a circular economy. Linux creator Linus Torvalds recently reaffirmed the expulsion of Russian maintainers from the Linux MAINTAINERS file due to sanctions compliance, sparking discussion within the open-source community.

On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel.My guest today is Joshua Sitta, the co-founder and CTO of Sittadel, a cybersecurity company specializing in 24/7/365 Managed Detection and Response services. With a focus on enterprise-grade EDR solutions, Sittadel provides comprehensive cybersecurity monitoring and incident response. Before founding Sittadel, Joshua served as the Director of Enterprise Security Architecture at SouthState Bank, where he built a robust in-house cybersecurity program that safeguarded billions in assets. He brings a deep expertise in protecting organizations from modern cyber threats.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil’s Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.

On this episode of The Cybersecurity Defenders Podcast we examine how AI is revolutionizing compliance with Dr. Gaurav Banga, CEO of Balbix.Gaurav Banga, the CEO and Founder of Balbix, an AI-powered cybersecurity risk management startup. Gaurav is an accomplished inventor with over 50 patents to his name, and he has a deep background in founding and leading multiple successful tech ventures. His journey into entrepreneurship is unique—it began over a decade ago when he was inspired by a book that eventually led him to leave academia and pursue his passion for deep tech.Gaurav regularly speaks with CISOs, gaining firsthand insights into their biggest challenges as they navigate an increasingly complex cybersecurity landscape. As regulatory scrutiny around security disclosures intensifies, Gaurav offers a unique perspective on how AI can reshape the future of risk management, helping organizations strike the right balance between innovation and security.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK’s decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations. Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.

On this episode of The Cybersecurity Defenders Podcast we speak with Rich Heimann, AI researcher and author.Rich is a visionary leader in artificial intelligence and business transformation. As a Chief Artificial Intelligence Officer, Rich has a proven track record of developing and deploying AI solutions that drive measurable impact across a range of industries. Known for his ability to blend technical expertise with strategic insight, he consistently helps organizations unlock the full potential of AI to achieve real business results. Rich is also committed to ethical AI practices and excels at building innovative, high-performing teams. He’s recently authored a new book titled Generative Artificial Intelligence Revealed.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware. Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a range of sophisticated methods.Comcast recently disclosed that over 237,000 customers had their personal data compromised due to a ransomware attack targeting a former debt collection agency, Financial Business and Consumer Solutions (FBCS).TrustedSec's research on EKUwu sheds light on a significant Active Directory Certificate Services (AD CS) vulnerability that allows attackers to misuse version 1 certificate templates. Stats on business outcomes after breaches referenced by Matt.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.The Andariel hacking group, a subgroup of North Korea’s Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.

On this episode of The Cybersecurity Defenders Podcast, we dive into cryptocurrency and it’s role in money laundering with BBC journalist and author Geoff White.Geoff is an accomplished author, speaker, investigative journalist, and podcast creator with over 20 years of experience, focusing on organized crime and technology. He has worked with major outlets including the BBC, Audible, Penguin, Sky News, and The Sunday Times, covering topics such as financial crime, money laundering, cryptocurrency, and cybercrime. His recently released book, Rinsed, dives into how technology is transforming the money laundering industry, and was published by Penguin back in June of 2024.His previous book, The Lazarus Heist, followed the success of the hit BBC podcast series he co-hosted, which investigated North Korea’s cyber operations. He’s also the author of Crime Dot Com, which explores the global rise of hacking, and has created multiple podcast series for Audible, including The Dark Web and Artificial Intelligence: Friend or Foe?In addition to writing, he is a sought-after public speaker who has given keynote talks for brands like Microsoft, MasterCard, and HSBC. He has also won numerous awards for his reporting, including his work on the Snowden leaks and his investigations into internet fraud.Rinsed: From Cartels to Crypto How the Tech Industry Washes Money for the World's Deadliest Crooks

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Apple’s release of macOS 15, or Sequoia, has caused significant disruptions for several security tools and software vendors, including CrowdStrike, SentinelOne, Microsoft, and others.Attackers are exploiting GitHub notifications for phishing by sending legitimate-looking alerts with malicious URLs.Truffle Security's research exposes a significant issue in GitHub’s handling of deleted and private repository data via Cross Fork Object Reference (CFOR).AhnLab’s report details Supershell, a malware targeting Linux SSH servers via brute-force attacks.Since 2022, Mandiant has tracked DPRK IT workers infiltrating global organizations by posing as non-North Koreans to fund the regime's weapons programs and evade sanctions.In August 2024, Telegram CEO Pavel Durov was arrested in France, facing charges for allowing criminal activities to proliferate on the platform, including the distribution of illegal content such as child sexual abuse material.

On this episode of The Cybersecurity Defenders Podcast we talk about some of the common pitfalls faced by founders with Andrew Plato, Founder & CEO of Zenaciti.Andrew is an experienced CEO, founder, author, and cybersecurity expert. In 1995, Andrew founded Anitian, one of the earliest cybersecurity companies on record, where he pioneered innovations in intrusion detection, endpoint security, and cloud security. He led the development of a revolutionary automated platform for secure cloud environments, and under his leadership, Anitian formed strategic partnerships with major tech companies like AWS, Microsoft, and Trend Micro before he exited the company in 2022. Andrew also leads Zenaciti, providing business and security intelligence, and recently founded Screenopolis, focusing on media analysis. He is also the author of The Founder’s User Manual: Practical Strategies for the Startup Leader.

On this episode of The Cybersecurity Defenders Podcast we talk about low noise threat detection with Joshua Neil, Founder at Alpha Level.Josh is a seasoned expert with over 20 years of experience in developing data-driven solutions to security challenges faced by both the U.S. Government and industry at large. With a deep understanding of enterprise security, they are focused on the fact that perimeter defenses alone aren't enough to prevent attackers from breaching systems. They emphasize the importance of visibility into enterprise behavior, the need for statistical methods in attack detection, and the interconnected nature of attacks across multiple endpoints. Their work revolves around quantifying security-relevant rare events and leveraging context to support analysts in distinguishing true breaches from false positives.Statistical Inference by George Casella and Roger Berger

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Fortinet responded by confirming that the breach involved unauthorized access to files on a third-party cloud-based shared drive, affecting a small portion of customer data.Hackers are targeting Oracle WebLogic servers with a new Linux malware named "Hadooken," which is designed to deploy a cryptominer and facilitate distributed denial-of-service (DDoS) attacks. Microsoft has reclassified a previously patched bug, CVE-2024-43461, as a zero-day vulnerability actively exploited by the "Void Banshee" threat group.Security researchers from Tenable revealed a critical remote code execution vulnerability in Google Cloud Platform that could have allowed attackers to run malicious code on millions of Google’s servers.

On this episode of The Cybersecurity Defenders Podcast we take a look at quantum cryptography with David Carvalho, CEO & Chief Scientist at Naoris Protocol.David is the founder, CEO, and Chief Scientist of Naoris Protocol, a decentralized cybersecurity mesh. David is an accomplished leader and innovator who advises nation-states and highly regulated sectors on critical issues such as cyber espionage, cyber warfare, and cyber terrorism. He is deeply involved in blockchain-based projects, digital currencies, and cybersecurity innovations. With over 20 years of experience in the field, David has worked as a Chief Information Security Officer in multi-billion-dollar companies and brings a forward-thinking approach to risk mitigation, automation, AI, and next-gen cybersecurity. He continues to advise a wide range of organizations, from startups to national-level projects, on transformative strategies for the future.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Specula C2 framework represents a sophisticated attack method that transforms Microsoft Outlook into a command-and-control system by exploiting its Home Page feature. Attackers exploit browser notifications in Chromium-based browsers by tricking users through CAPTCHA-like prompts to enable notifications.The Biden administration has launched an initiative aimed at addressing the growing cybersecurity talent shortage, which has reached critical levels. Mustang Panda, a Chinese state-backed cyber-espionage group, has adapted its tactics by launching a USB-based attack campaign that leverages a worm for self-propagation across air-gapped networks.

On this episode of The Cybersecurity Defenders Podcast, we unpack the hacker mindset with Ken Westin, Senior Solutions Engineer at LimaCharlie.Ken is a seasoned thought leader in cybersecurity who has spent years analyzing and understanding the intricacies of cyber threats and the methods behind them. Ken has a unique ability to identify emerging trends in the industry and for figuring out how businesses can protect themselves before they fall victim to attacks. Previous to his current role, Ken was the Field CISO at Panther, where he developed workshops and delivered them around the world. His career also includes significant contributions at Cybereason, Elastic, and Splunk, where he drove security growth, developed innovative tools, and shaped industry conversations on cybersecurity. Ken has been a key spokesperson in the industry, frequently quoted in the media and featured at major conferences like Black Hat and DEF CON.Ken recently joined the team at LimaCharlie as a Senior Solutions Engineer, with the intent to use his deep expertise to help organizations build robust security strategies.Ken's reading list:“Daemon” - Daniel Suarez“Cryptonomicon” - Neal Stephenson“The Myth of Normal” - Gabor Maté“Threats: What Every Engineer Should Learn From Star Wars” - Adam Shostack“The Mitrokhin Archive” Christopher Andrew & Vasili Mitrokhin“The Road” - Cormac McCarthyThe song at the end of the podcast:Decrypted Savant - Mercator Misconceptions

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.The Black Lotus Labs team at Lumen Technologies have uncovered a group of hackers linked to the Chinese government which have exploited a previously unknown software vulnerability to target U.S. internet service providers.Earlier in August, a North Korean hacking group exploited a previously unknown bug in Chrome-based browsers, aiming to steal cryptocurrency, which was reported by Microsoft in a recent update.The Dutch Data Protection Authority, or Dutch DPA, has hit Clearview AI with a €30.5 million fine—about $33.7 million—for illegally collecting data using facial recognition, including photos of Dutch citizens.Energy giant Halliburton has confirmed that its systems were hacked, and intruders were able to steal information following a cyberattack last week.

On this episode of The Cybersecurity Defenders Podcast, we speak with George Gerchow, Head of Trust at MongoDB, about the current narrative surrounding AI in cybersecurity. George challenges the dominant focus on AI as a threat and instead highlights its potential as a powerful ally in defending against sophisticated cyberattacks. We explore how AI-driven defense strategies are reshaping the landscape of proactive threat detection and automated response mechanisms, offering a fresh perspective on balancing security innovation with risk management.George is an experienced executive who has played a key role in guiding highly regulated organizations as they establish and develop agile security, privacy, and compliance programs in fast-paced environments. George’s strong focus on relationships and customer engagement shines through in every interaction, both within his teams and with external clients. He is adept at implementing risk-based security programs that align with overall business objectives, effectively balancing risk reduction with cost management. During his six years at Sumo Logic, George was integral to the team's success in taking the company public and achieving FedRAMP Authorization. Currently, he serves as the Head of Trust at MongoDB, where he continues to drive excellence in security and compliance.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Starting in October, all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts.Documents from a lawsuit revealed that over 2.9 billion records are vulnerable after a massive hack of the Florida-based National Public Data network.Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote Code Execution - or RCE - vulnerability within the Windows TCP/IP stack. Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

On this episode of The Cybersecurity Defenders Podcast we speak with Jacob Salassi, Co-Founder at stealth startup, about product security.Jacob brings over 10 years of experience in software engineering and cybersecurity to the table. Until four months ago, Jacob was a Security Architect at Snowflake, where he ensured every developer was wildly successful in owning security. Since then, he’s been diving into something new and exciting, working on a stealth startup. Before Snowflake, Jacob was busy bootstrapping application security programs in healthcare and engineering secure distributed systems for a hybrid-cloud security platform. He’s passionate about creating a development security experience that not only measurably reduces risk but also earns the love of engineers. In his own words, Jacob solves problems.Books mentioned in the podcast:Engineering Trustworthy Systems: Get Cybersecurity Design Right the First TimeSecurity Engineering: A Guide to Building Dependable Distributed SystemsMeasuring and Managing Information Risk: A FAIR Approach

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A heated dispute at DEF CON over the custom electronic badges this year turned physical, leading to an altercation between two attendees.The U.S. Department of Justice has charged Matthew Isaac Knoot, a 38-year-old Nashville resident, with multiple crimes for aiding North Korean IT workers in securing jobs with U.S. and U.K. companies.The FBI has dismantled the infrastructure of the Dispossessor ransomware group, also known as Radar, which had rapidly gained prominence since its inception in August 2023.A critical flaw in Proofpoint’s email filtering service was recently discovered, allowing cybercriminals to impersonate major brands and send phishing emails that bypassed Proofpoint’s security.A newly discovered security flaw affects AMD processors dating back to 2006. The vulnerability, which impacts CPUs from the Athlon 64 to the Ryzen 7000 series, allows attackers to exploit speculative execution to access sensitive data.

On this episode of The Cybersecurity Defenders Podcast we talk about cybersecurity product development with Vijay Pitchuman, Director of Product for Identity Management at Okta.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Chinese hacker group GhostEmperor has re-emerged after a two-year hiatus, displaying new advanced capabilities and sophisticated evasion techniques. The Chinese company, Jiangsu Bangning Science & Technology Co., in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. Following a report by the cybersecurity firm Sekoia.io, the Paris Public Prosecutor’s Office launched a preliminary investigation into a botnet involving millions of global victims, including thousands of machines in France. Microsoft has initiated significant changes to its Windows operating system following a critical incident involving CrowdStrike's kernel driver.

On this episode of the Cybersecurity Defenders podcast, we explore threat intelligence with Jamie Williams, Threat Intelligence Researcher at Palo Alto Networks' Unit 42.Jamie is a seasoned professional in the field of cybersecurity. Before joining Unit 42, he made significant contributions at the MITRE Corporation as a Senior Principal Cyber Operations Engineer. During his tenure at MITRE, Jamie led the development of MITRE ATT&CK® for Enterprise, focusing on adversary emulation and behavior-based detections.In addition to his full-time role, Jamie is also a member of the IANS Faculty, where he shares his extensive knowledge and experience with the cybersecurity community. With a rich background that includes time at the National Security Agency, Jamie brings a wealth of expertise to the podcast.Katie Nickels blog can be found here.Google Mandiant's article on requirement-driven intelligence can be found here.

On this episode of The Cybersecurity Defenders Podcast we sit down with Lee Sult, Chief Investigator at Binalyze, and talk about incident response (IR).Lee is a seasoned cybersecurity expert and investigator with extensive experience in digital forensics and incident response. He is the Chief Investigator at Binalyze and has a strong track record at prestigious organizations like Trustwave-SpiderLabs and Palantir. Lee has supported the US Secret Service and managed complex cybersecurity incidents for Fortune 50 companies.As the co-founder and former CTO of Horangi Cyber Security, Singapore's first cybersecurity startup, Lee's leadership and collaboration skills have significantly impacted the region's cybersecurity landscape. Passionate about mentoring, Lee actively contributes to cybersecurity communities and supports up-and-coming entrepreneurs.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Blast-RADIUS is a vulnerability in the RADIUS protocol that allows a man-in-the-middle attacker to forge valid protocol accept messages in response to failed authentication requests.The blog post on Syntax-Err0r details a technique for silently installing a Chrome extension to maintain persistence, bypassing typical detection methods.American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators using AT&T's wireless network.The U.S. Department of Commerce added Kaspersky to its Entity List, barring U.S. businesses from engaging with the company due to national security concerns related to the Russian government's influence over Kaspersky's operations.On July 19th Crowdstrike distributed a faulty update to its Falcon sensors that caused widespread problems with computers running Microsoft Windows. As a result, roughly 8.5 million systems crashed, bringing up the feared blue screen of death, in what is being called the largest IT outage in history (+outage 1-month ago, +outage 3-months ago).

On this episode of The Cybersecurity Defenders Podcast we talk threat detection & research with Zack Allen, Security Detection & Research Leader at Datadog.Zack is a seasoned security research, engineering, and product leader with over a decade of experience in building organizations that create impactful security for customers. Zack specializes in threat research and intelligence, cloud security, software engineering, and DevOps. His expertise has significantly contributed to advancing the field of cybersecurity. He is also the visionary behind Detection Engineering Weekly, a platform that provides insights and updates on the latest in detection engineering. You can subscribe to Zack's newsletter here.

On this episode of The Cybersecurity Defenders Podcast we speak with Gene Yu, Founder & CEO of Blackpanda.Gene has a diverse background, with early roles at Palantir's Asia office and Credit Suisse on Wall Street. He also served as a team leader in the US Army Special Forces, completing four combat tours in Iraq and the Southern Philippines. Gene is an active angel investor, renowned for leading the successful rescue of Evelyn Chang from Abu Sayyaf terrorists in 2013. He graduated with top honors in computer science from West Point and has attended Johns Hopkins University and Stanford's Executive Program.Gene’s book, about the incredible rescue of Evelyn Chang, can be purchased here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Likely the biggest password leak ever: nearly 10 billion credentials exposed.Eldorado is a newly discovered ransomware-as-a-service operation targeting both Windows and Linux systems. OVHcloud has reported mitigating a record-breaking distributed denial-of-service attack that peaked at 840 million packets per second.Cisco has issued a warning about a critical remote code execution vulnerability named "regreSSHion," tracked as CVE-2024-6387, affecting OpenSSH on glibc-based Linux systems. In the first half of 2024, cryptocurrency thefts amounted to $1.4 billion, significantly driven by rising crypto prices and a few large-scale attacks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A high-severity security vulnerability in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's been spotted being actively exploited in the wild just hours after it was made public.A new version of the P2P worm, P2PInfect, that targets Redis servers running on both Linux and Windows systems, which is aimed at deploying both ransomware and cryptocurrency mining payloads, is out in the wild.The polyfill.io domain, used for providing backward compatibility for older browsers, has been shut down amid accusations of malicious activity after recently being acquired by Chinese firm Funnull, and was allegedly redirecting users to malicious sites and employing evasion techniques. The Germany-based company behind the world-famous remote desktop software TeamViewer has confirmed that in 2016 TeamViewer software was compromised.

On this episode of The Cybersecurity Defenders Podcast, we talk about automating security detection engineering with Dennis Chow, Security Engineer at EY.Dennis is a multi-industry and seasoned cybersecurity operations leader. Using his experience, he helps organizations achieve their maximum security potential through hybrid training, sec ops management, engineering, and cross-disciplinary integration. He is also a published author, and a veteran of the armed forces. Dennis Chow's book on Automating Security Detection Engineering can be purchased here.Megan Rodie's book on Practical Threat Detection Engineering can be purchased here.

On this episode of The Cybersecurity Defenders Podcast, we talk AI-powered cybersecurity with Rodrigo Loureiro, CEO of Cyber Connective Corporation.Rodrigo's extensive experience includes roles as a global Chief Information Officer where he managed a $215M IT budget and oversaw a team of 1800 people, ensuring world-class infrastructure services around the clock.In addition to his executive roles, Rodrigo is a bestselling author of 'Game On - Leaders Who Last', where he explores the necessity of adaptability and open-mindedness in leadership, particularly within the technology sector. He is also an Operational Partner at the Executive Enterprise Venture Fund, focusing on innovative cybersecurity and AI investments. A recognized keynote speaker and expert in aligning technology with business strategy, Rodrigo’s insights are invaluable to anyone interested in the future of tech and leadership.

On this episode of The Cybersecurity Defenders Podcast, we speak MIke Pedrick and Adriano Carvalho about the ongoing CDK Global cybersecurity incident.Mike Pedrick is an experienced cybersecurity practitioner with too many certs to list off. He makes his way through the world as a vCISO and happens to have a deep interest in the automobile sector.Adriano Carvalho is consulting partner with the Reynolds and Reynolds company, who has spent over 10 years immersed in the automotive industry.The incident: CDK Global experienced a significant cyberattack starting on June 18, 2024, which led to the shutdown of its systems affecting approximately 15,000 automotive dealerships across the United States. The company, which provides crucial software solutions for dealership management, had to proactively shut down most of its IT systems to prevent the spread of the attack. This resulted in a major disruption of dealership operations, forcing employees to revert to manual processes such as writing work orders by hand.CDK Global has been working with third-party experts to investigate the incident and has started to restore some of its services, including the core dealer management system. However, the full resolution of the issue is expected to take several days, and the company is continuously updating its customers on the progress. The company has emphasized that its priority is the security of its customers and is taking extensive measures to ensure systems are safe before bringing them back online.The impact of the cyberattack has left many dealerships unable to conduct regular business activities, significantly affecting their operations. CDK Global has not yet disclosed who was behind the attack or if any sensitive data was compromised, but further updates are expected as the investigation continues​.Mike can be found on LinkedIn here.Adriano can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SigmaHQ has introduced Sigma Correlations to enhance its rule-based detection capabilities, allowing for more sophisticated event correlation across multiple Sigma rules.Tyler Buchanan, a 22-year-old from the UK and alleged leader of the Scattered Spider hacking group, was arrested in Spain.Microsoft has issued an urgent update for all supported versions of Windows to address a critical Wi-Fi vulnerability, CVE-2024-30078.Three individuals— Yousef Selassie, Ugochukwu Emmanuel Nwosu, and David Gil—have been charged with operating Empire Market, a dark web marketplace that facilitated over $430 million in illegal transactions.In September 2022, Mandiant began investigating several intrusions conducted by UNC3886, a China-linked cyber espionage group, after discovering malware in ESXi hypervisors.

On this episode of The Cybersecurity Defenders Podcast, we speak with Gerard Johansen, Principal Security Solutions Specialist at Red Canary.Gerard is a seasoned expert in the field of cybersecurity. Gerard holds the prestigious Certified Information System Security Professional - or CISSP. His extensive career includes serving as a Special Deputy United States Marshal for the FBI's Connecticut Computer Crimes Task Force and working as a Certification and Accreditation Analyst for a federal inter-agency unit. Gerard has conducted numerous technical and non-technical vulnerability assessments for both financial and government organizations, demonstrating his deep expertise in digital forensics and incident response.With a wealth of experience in risk assessment, cyber threat intelligence, and penetration testing, Gerard is frequently sought after for his knowledge in corporate counterintelligence, threat emulation, and cloud security challenges. He has developed and maintained crucial industry relationships through ongoing professional development and is a trusted resource for information security seminars and training programs.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Mandiant has linked a series of data breaches affecting hundreds of Snowflake instances to the use of infostealer malware, primarily targeting non-Snowflake systems to harvest credentials.Authorities have ramped up something they are calling Operation Endgame which is an effort to capture a fellow that goes by the handle "Odd," the alleged mastermind behind the Emotet botnet.McAfee has identified a fake Bahrain government Android app masquerading as the Labour Market Regulatory Authority app, and is designed to steal personal data for financial fraud.A technical deep-dive on Operation Crimson Palace performed by Sophos X-ops: the operation exposes a sophisticated cyberespionage campaign targeting a Southeast Asian government, attributed to Chinese state interests.

On this episode of The Cybersecurity Defenders Podcast, we talk API security with Jeremy Snyder, Founder and CEO at FireTail.io.FireTail.io is a pioneering company specializing in end-to-end API security. With APIs being the number one attack surface and a significant threat to data privacy and security, Jeremy and his team are at the forefront of protecting sensitive information in an increasingly interconnected world.Jeremy brings a wealth of experience in cloud, cybersecurity, and data domains, coupled with a strong background in M&A, international business, business development, strategy, and operations. Fluent in five languages and having lived in five different countries, he offers a unique global perspective on cybersecurity challenges and innovations.FireTail.io's data breach tracker.vacuum - The world's fastest OpenAPI & Swagger linter.Nuclei - Fast and customisable vulnerability scanner based on simple YAML based DSL.

On this episode of The Cybersecurity Defenders Podcast, we talk network threat hunting with Chris Brenton, COO at Active Countermeasures.Chris is a dedicated professional with a passion for simplifying the process of threat hunting. Chris is deeply committed to enhancing cybersecurity knowledge through delivering both free and affordable security training. Alongside this, he plays a crucial role in the development of both open-source and commercially accessible threat hunting tools. Whether you’re aiming to sharpen your threat hunting skills or are looking to establish a robust threat hunting program within your organization, Chris is the go-to expert. Stay tuned as we dive deeper into his journey, and feel free to reach out to him directly to learn more or get involved.You can find Chris on LinkedIn here.And you can find Chris in Twitter here.

On this episode of The Cybersecurity Defenders Podcast, we speak with Alexander Byrne, Director of Corporate IT Compliance at Thrive.Alexander is a seasoned expert in crafting dynamic information security and IT compliance strategies tailored to meet the needs of businesses ranging from SMBs to large enterprises. With a solid decade of experience, Alexander has delivered solutions across various industries including information technology, fintech, real estate, e-commerce, energy, and healthcare. His approach not only solves business challenges but also ensures alignment with industry best practices and compliance with regulatory requirements, ultimately enabling sustainable value through the technology and cybersecurity investment cycle.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Researchers have identified a new malware, called"GhostEngine," which targets vulnerable drivers to disable endpoint detection and response solutions. MITRE has released some more details on how Chinese state-sponsored hackers recently exploited VMware systems within MITRE's NERVE environment for persistence and evasion.The FBI has once again seized control of BreachForums, a notorious site known for trading stolen data, marking the second such action within a year.Information on MSSN CTRL, the security automation and engineering conference, can be found here.

On this episode of The Cybersecurity Defenders Podcast, we speak with Andrew Katz, Senior Information Security Engineer at Jamf.Andrew is a seasoned security engineer with a sharp focus on security automation. Over the past nine years, Andrew has honed his expertise in Python, API development, AWS, and Docker to craft sophisticated automated security solutions. His journey includes leading the development of SOAR platforms at Jamf, which enhanced distributed alerting systems to help SOC analysts combat alert fatigue. At Tevora, he offered his skills as a consultant, conducting enterprise-level cybersecurity risk assessments. Andrew's earlier roles as a Systems Engineer at Falck and an Information Technologist at GHD laid the groundwork for his profound understanding of IT, which feeds into his current security prowess. A holder of a CISSP and a Bachelor of Science in Geographic Science and Community Planning, Andrew brings a unique blend of technical skill and strategic insight to the field of cybersecurity.The Security Engineering Newsletter can be found here: SecEng Newsletter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Some of the findings that were revealed by this leak about the inner workings of the Russian company Albatross and its Albatross-M5 UAVs, now being used in the war against Ukraine. The U.S. Department of Justice has charged Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, as the leader of the LockBit ransomware group.ESET reveals the persistent threat posed by the Ebury malware, which has compromised approximately 400,000 Linux servers since 2009, which was initially documented in 2014.Zoom has announced the global rollout of post-quantum end-to-end encryption for its video meetings, a significant step forward in securing communications against future quantum computing threats.Dropbox recently disclosed a security breach impacting its Dropbox Sign eSignature service.

On this episode of The Cybersecurity Defenders Podcast, we speak with Kane Narraway, Head of Enterprise Security at Canva, about Zero Trust architecture.Kane brings over a decade of experience to the table, specializing in enterprise security, cloud security, and risk management. He's known for his groundbreaking work in building zero trust architectures at some of the world’s largest tech companies, often from scratch during the early days of zero trust when solutions were not readily available.Kane's career is marked by notable achievements, including integrating multi-billion dollar acquisitions and establishing robust security frameworks for regulations like SOC2, PCI-DSS, and HIPAA. He’s not only a director who has scaled technology companies from startup to enterprise level but also a passionate leader who has nurtured diverse teams, promoting autonomy and inclusivity. Outside of his direct work, Kane is dedicated to giving back to the community—whether it’s sharing cybersecurity insights, mentoring at boot camps, or volunteering at conferences. Join us as we gain insights from his extensive experience and innovative approaches to tackling some of the most complex challenges in cybersecurity today.Kane's blog can be found here.

On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report.The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted​​.The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures​.You can download the full report here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the intersection of CTI & Detection Engineering with Wade Wells, Lead Cybersecurity Threat Detection Engineer.Wade Wells, a seasoned cyber security expert whose passion for technology was sparked at an early age. Growing up with a computer built from parts his dad found dumpster diving, Wade learned how to navigate MS-DOS before he could even spell 'windows'. His lifelong fascination with technology and rule-bending led him naturally into the world of cybersecurity. Today, Wade hunts for evil within networks, reveling in the continuous pursuit of knowledge and the thrill of uncovering deeper insights. Join us as we dive into his journey, explore the challenges of threat hunting, and discuss how his work contributes to a greater cause in cybersecurity.Sublime Security: Email security that's not a black boxSalem Cyber: Find the alerts that actually matterPractical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilitiesPsychology of Intelligence AnalysisAnd the TV show Devs.