The Cybersecurity Defenders Podcast

On this episode of The Cybersecurity Defenders Podcast we take a closer look at the RSA Conference: past, present and future.The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

On this episode of The Cyebrsecurity Defenders Podcast, we talk platformization and the SecOps Cloud Platform with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie.In a world where digital transformation has become the norm, cybersecurity professionals face unprecedented challenges. The traditional approach of managing dozens of disparate point solutions and siloed security tools, while attempting to control costs, is no longer sufficient.It's time to embrace a new era of cybersecurity in the SecOps Cloud Platform – one that treats cybersecurity as a set of capabilities much like how cloud providers did for IT. We challenge you to question the status quo and to open your mind a new way of thinking about security operations.You can get started for free at limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ukrainian hackers claim to have breached the Russian drone developer Albatross, leaking 100 gigabytes of data, including internal documentation, technical data and drawings of various types of unmanned aerial vehicles.A critical vulnerability in Atlassian Confluence Data Center and Server was used to deploy a Linux variant of Cerber ransomware.Cisco Talos are actively monitoring a global increase in brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services since at least March 18, 2024. An emerging threat campaign named ArcaneDoor, orchestrated by a previously unknown actor identified as UAT4356, now also known as STORM-1849 by Microsoft.The MITRE Corporation reported a significant security breach within one of its specialized networks, the Networked Experimentation, Research, and Virtualization Environment - or NERVE.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Open Source Intelligence with Mishaal Khan, Cybersecurity Practice Lead at Mindsight.Misshal is a jack of all trades and master of some! With a profound knack for thinking like the bad guys, Misshal harnesses his extensive knowledge—from the nitty-gritty of bits and bytes to intricate business processes. As a techie, Ethical Hacker, OSINT enthusiast, and Social Engineer, he leverages his diverse skillset to help organizations fortify their defenses and tackle real-world security challenges. You can find out more about his book, The Phantom CISO, on his website, here.And you can learn more about Operation Privacy here.

In this episode of The Cybersecurity Defenders Podcast, we discuss the GRU-backed cyber unit Sandworm which was recently promoted to APT44 by Mandiant.Sandworm is a notorious hacking group, believed to be linked to Russia's military intelligence agency, the GRU. Known for its destructive cyberattacks, Sandworm has targeted various sectors worldwide, including energy, media, and election systems. Their activities are marked by the use of sophisticated malware and tactics that not only seek to steal information but also to disrupt critical infrastructure. The group gained international prominence with attacks like NotPetya in 2017, which caused billions of dollars in damage across multiple countries, emphasizing their capability to impact global cyber stability.The name "Sandworm" is inspired by the monstrous creatures from Frank Herbert's science fiction novel "Dune," reflecting the group's elusive and destructive nature. Over the years, Sandworm's operations have evolved, showcasing their adaptability and the increasing complexity of their attacks. This evolution highlights the growing challenges in cybersecurity, making the understanding of such threat actors crucial for developing robust defense strategies against state-sponsored cyber warfare.YouTube video showing Sandworm attacking a Ukrainian power plant here.Episode #56 - When the lights went out in Ukraine (Part 1)Episode #74 - When the lights went out in Ukraine (Part 2)Episode #16 - NotPetya

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.eSentire's Threat Response Unit has observed FakeBat loader being distributed via FakeUpdates, ultimately leading to a LummaC2 infection via a custom-written PaykRunPE provided by the FakeBat Threat Actors.CISA is investigating a breach at business intelligence company Sisense and urged all Sisense customers to reset any credentials and secrets that may have been shared with the company.CISA has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.Volexity identified a zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring customers.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Digital Forensics with Carlos Cajigas, CTO of Covert Bit.Carlos is a seasoned Incident Response professional hailing from San Juan, Puerto Rico. Carlos's journey in the field began after dedicating over a decade to law enforcement, specializing as a Digital Forensics Detective and Examiner in West Palm Beach, Florida. His extensive experience spans conducting detailed examinations on numerous digital devices, backed by hundreds of hours in specialized training from reputable institutions like EnCase, NW3C, Access Data, and SANS, to name a few. Carlos is not just an expert in the field; he's also a dedicated educator, holding instructor roles with both the Florida Department of Law Enforcement and SANS, where he teaches courses on Windows Forensic Analysis and Advanced Incident Response. With a solid academic foundation, Carlos brings a wealth of knowledge and insight into today's digital forensics and incident response landscape.You can find Carlos on Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.On March 29, 2024 defenders became aware that a backdoor was intentionally planted inside of XZ Utils an open source data compression utility available on many installations of Linux and other Unix-like operating systems. The threat actors behind this implant likely spent years on this operation and were very close to getting the backdoor merged into Debian and Redhat before it was discovered.The original disclosure email can be found here.A technical break down of the compromise can be found here.A Wired article covering the compromise in-depth can be found here.

In this episode of The Cybersecurity Defenders Podcast we have an in-depth talk about the cyber threat from China, with Adam Kozy and Daniel Velasquez.Daniel started his career as a defender in the United States Marine Corps as an intelligence analyst where he served in Afghanistan - from there he went on to work with the Defense Intelligence Agency, Joint Special Operations Command and the CIA. After his service, he was a director at Mandiant and is now the Executive Vice President of OP[4] - a company providing security for critical devices and embedded systems.Adam began his career as an intelligence analyst working with the Federal Bureau of Investigation where he provided all-source analysis of Asia-Pacifc related cybersecurity issues. After the FBI, Adam was the principal intelligence analyst for the Asia cyber team at CrowdStrike. Currently, he is the founder of SinaCyber which is a boutique consulting firm combining native Chinese language research and cyber intelligence expertise to create bespoke reports for government officials, technology firms, and financial institutions under threat from China's rampant cyber espionage campaigns.The history of China and its people goes back to ancient times. It is a rich and beautiful culture that has given much to the world in the form of art, ideas and technology. When we talk about China or the Chinese in this podcast episode we are specifically talking about the Chinese Communist Party - or CCP - which are a group of elites offering an increasingly authoritarian world view and alternative model to Western ideals of democracy and freedom. The Chinese people themselves are not your enemy. Current laws in China make it easy for the CCP to co-opt its citizenry for use in intelligence operations, wittingly and unwittingly. Unnecessarily making this into a racial divide alienates the folks that can help us the most in the coming years and provides more ammunition for Beijing.It was an incredible honor to speak with these two, and I hope you enjoy this conversation full of valuable information.Adam's testimony before the U.S.-China Economic and Security Review Commission Hearing on, “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States” here.The Mandiant report on APT1 can be found here.

In this episode of The Cybersecurity Defenders Podcast we speak with Salvador Mendoza, Director of Research and Development at Metabase Q, about the tokenization of payment systems.Salvador is a prominent figure in the cybersecurity industry and holds the position of Director of Research and Development at Metabase Q. He is also an integral member of the Ocelot Offensive Security Team. His area of expertise lies in the intricate world of the tokenization process, payment systems, and the development of embedded prototypes. With a commendable history of presenting at high-profile security conferences including Black Hat, DEF CON, Hack in the Box, and Troopers, Salvador brings a wealth of knowledge and insight to our discussion. Furthermore, he is the author of the insightful book, "Show me the e-money. Hacking digital payment systems: NFC, RFID, MST and EMV Chips," where he delves into the vulnerabilities and security measures of digital payment technologies.You can find his book for purchase here.And you can find the PCI spec here.You can follow Salvaador on Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Unit 42 have recently identified a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and U.S.Researchers at Mandiant on Friday raised an alarm after discovering Russia’s APT29 hacking group targeting political parties in Germany, indicating a possible new operational focus beyond typical attacks on diplomatic figures.The newly discovered vulnerability baked into Apple’s M-series of chips that allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations.The Department of Justice this week charged seven Chinese nationals, who are affiliates of threat group APT31, with widespread cyber espionage against US businesses and politicians.

In this episode of The Cybersecurity Defenders Podcast we speak with Grace Chi, CoFounder & COO of Pulsedive Cyber Threat Intelligence about a report she published on cyber threat intelligence networking.Cyber Threat Intelligence (CTI) is an evolving field, with an industry-wide consensus that teams cannot effectively operate in an intelligence silo. This sentiment is shared across all stakeholder segments – public, private, vendor, and academic. In support of improved CTI sharing, stakeholders have invested in efforts around cross-boundary collaboration, technical standardization, managing trust, and reporting best practices. However, understanding the time and effort spent in CTI networking (i.e. connecting human-to-human for improved business outcomes) is often overlooked.The report can be found here: Sharing, Compared: A Study on the Changing Landscape of CTI NetworkingThe Op Ed mentioned in the show: Op-Ed: How tro Make STIX StickieAnd the subreddit mention on the show (possibly NSFW): LinkedIn LunaticsPulsedive can be found on Twitter here.Grace can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threat actors have been actively targeting vulnerable Connect Secure VPN appliances after the disclosure of CVE-2023-46805 and CVE-2023-21887.Threat researchers recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code.In the last week of January 2024, a patch was released to address a directory traversal vulnerability in the package that allows unauthenticated, remote attackers to access sensitive information from arbitrary files on the server if exploited. On March 8th, Microsoft said that it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korean threat actors known as the Lazarus Group exploited a zero-day in the Windows AppLocker driver to gain kernel-level access and turn off security tools, allowing them to bypass noisy Bring Your Own Vulnerable Driver techniques.Researchers observed threat actors run the Angry IP Scanner, followed by some Mimikatz functions, and then the kicker, the open-source QEMU hardware emulator and virtualizer.Threat actors have been observed installing RMM tools as a means of maintaining persistence within a compromised organization. Hackers breached some of the systems belonging to CISA in February through some known vulnerabilities in Ivanti products.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Hammond, Principal Security Researcher at Huntress, tell the story of the MOVEit cyberattack: the biggest data theft of 2023.The MOVEit cyberbreach, was a far-reaching cyber attack that unfolded with significant implications worldwide. The breach initially came to light on June 3, when the Government of Nova Scotia disclosed that approximately 100,000 of its current and former employees had been affected, signaling the severity of the breach's impact.The scope of the breach widened on June 5, as it became apparent that numerous organizations in the United Kingdom had also fallen victim. Among those affected were prominent entities such as the BBC, British Airways, Boots, Aer Lingus, and the payroll service provider Zellis. This phase of the breach underscored its indiscriminate nature, with targets spanning across various sectors.Further developments were reported on June 12, with major organizations like Ernst & Young, Transport for London, and Ofcom announcing their entanglement in the breach. Of particular concern was Ofcom's revelation that personal and confidential information had been compromised, highlighting the breach's capacity to infiltrate and extract sensitive data.The United States felt the breach's ramifications by June 15, with reports confirming that the Department of Energy, among other federal entities, was impacted by the MOVEit vulnerability. The breach's reach extended further on June 16, affecting state-level organizations such as the Louisiana Office of Motor Vehicles and Oregon Driver and Motor Vehicle Services, thereby impacting millions of American residents.By October 25, 2023, a report from the cybersecurity firm Emsisoft indicated that the MOVEit cyberbreach had affected over 2,500 organizations globally, with a significant 80% of these being based in the United States. This breach highlights the critical vulnerabilities within digital infrastructures and underscores the urgent need for enhanced security measures to protect against such widespread cyber threats.This story was written by the talented Nathaniel Nelson and produced by the team at LimaCharlie.And a special thank you to John Hammond, Principal Security researcher at Huntress, for sharing his expertise and experienceIf you have any feedback or ideas for future topics or guests, please send an email to [email protected].

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.AhnLab Security Intelligence Center published an article exploring Nood RAT. Nood RAT is a variant of Gh0st RAT that works in Linux.GTPDOOR is the name of Linux-based malware that is intended to be deployed on systems in telco networks adjacent to the GRPS eXchange Network with the novel feature of communicating C2 traffic over GTP-C Control Plane signaling messages.Researchers reporting on Pikabot evasion techniques for Endpoint Detection and Response systems by employing an advanced technique to hide its malicious activities known as “indirect system calls”.Nit 42 at Palo Alto Networks, they are reporting on a new Linux variant of Bifrost that is showcasing an innovative technique to evade detection.President Biden issued an Executive Order to protect Americans’ sensitive personal data from exploitation by countries of concern.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at weaponizing ASCII escape sequences with Fredrik (STÖK) Alexandersson from Truesec.Fredrik (STÖK) Alexandersson is a dynamic individual driven by a boundless curiosity and a passion for sharing knowledge. With over three decades of professional experience, he's hacked his way through realms ranging from computers and technology to marketing, fashion, communication, and even the human psyche. Renowned for his lightning-fast presentations and his knack for making complex technical subjects entertaining, STÖK is a prominent figure in the cybersecurity community. His meticulous attention to detail, insatiable curiosity, and "Good Vibes Only" attitude have inspired millions worldwide and earned him recognition from industry giants like Salesforce, Microsoft, and Verizon Media, among many others. Currently, he working as a Hacker and Creative Director at TRUESEC.You can follow him on Twitter/X here.And you can watch his talk on Weaponizing ASCII escape sequences here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Law enforcement from 10 countries - in a joint operation called ‘Operation Cronos’ - have disrupted the criminal operation of the LockBit ransomware group.FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads through 2023 they are calling the TicTacToe dropper.Cisco Talos researchers have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. A massive leak from a Chinese Ministry of Public Security contractor called I-Soon shows that Bejing’s intelligence and military groups are attempting large-scale, systemic cyber intrusions against foreign governments, companies, and infrastructure.

In this episode of The Cybersecurity Defenders Podcast, we talk about cybersecurity issues as they relate to the space industry with Tim Fowler, Offensive Security Analyst at Black Hills Information Security.Tim's unique blend of curiosity, determination, and passion for problem-solving make him stand out in the cybersecurity world. As a frequent speaker on topics ranging from Information Security to Open Source software, Tim's mission is clear: to empower others to take control of their journey and make a positive impact in the world of cybersecurity. Currently Tim is working as an offensive security analyst for Black Hills Information Security - and he is here today to talk to use about the research he has been doing around cybersecurity in space…. and yes, it is as awesome as it sounds.Tim’s upcoming training: Introduction to Cybersecurity in Space SystemsResources mentioned in the show:TREKS Cybersecurity FrameworkSpace Attack Research & Tactic Analysis (SPARTA)SPACE-SHIELDOpenSatKitNASA Core Flight SystemTiny GSOpenC3NASA Operational Simulator for Small Satellites

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ZScaler ThreatLabz are reporting on some recent campaigns, which started in February 2024, where they observed Pikabot reemerging with significant changes in its code base and structure.OpenAi is claiming that they have terminated accounts associated with state-affiliated threat actors.A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that were used to commit crimes by the GRU Military Unit 26165.SecurityWeek is reporting on the fine folks at CISA who are urging the patching of a Cisco ASA flaw that is being used in ransomware.A document naming APT groups and operations can be found here.

In this episode of The Cybersecurity Defenders Podcast, we delve into an innovative, engineering-centered perspective on cybersecurity with Maxime Lamothe-Brassard, the Founder & CEO of LimaCharlie.As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from development of cyber defence technologies, Counter Computer Network Exploitation, and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defence and worked for Crowdstrike, Google and Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The spectacular headline announcing a DDOS attack that involved 3-million electric toothbrushes.A hardware attack to bypass TPM-based encryption which is used on most Microsoft Windows devices.CrowdStrike researchers have identified a HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at WiFi attack methods, and the defenses to them, with Lennart Koopmann, Founder of the Nzyme Network Defense System.Lennart Koopman, a tech enthusiast originally from Germany, now calling Houston, TX home. He began coding at a young age and chose to forgo formal education, diving straight into the world of computers after high school.Lennart's career path led him through various roles, from assisting in a hospital's IT helpdesk to web development and eventually joining a startup. In 2009, he launched the Graylog log management system as a side project, marking his entry into the tech scene.Currently, Lennart is focused on his latest endeavor: The nzyme Network Defense System, demonstrating his ongoing commitment to technological advancement.The WiFiPhisher Github account can be found here. Lennart’s talk at MSS CTRL (LINK) can be found here.The Nzyme Network Defense System website can be found here. Lennart can be found in Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the AnyDesk and Cloudflare breaches that were both disclosed on February 2, 2024.AnyDesk, a prominent remote desktop software provider, disclosed a cyberattack late on February 2nd, causing the company to enforce strict security measures for nearly a week. Adversaries breached AnyDesk's systems, compromising vital assets such as source code and private code signing keys, and gaining unauthorized access to production systems.For more on AnyDesk's breach, see the following references:https://techcrunch.com/2024/02/05/remote-access-giant-anydesk-resets-passwords-and-revokes-certificates-after-hack/https://anydesk.com/en/public-statementhttps://www.infosecurity-magazine.com/news/anydesk-hit-cyberattack-customer/https://www.helpnetsecurity.com/2024/02/05/anydesk-hacked/https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.htmlOn the other front, Cloudflare disclosed that a nation-state actor infiltrated their self-hosted Atlassian server on November 14, 2023, utilizing stolen access tokens and service account credentials from the Okta breach. The threat actor conducted reconnaissance activities from November 14th to 17th, gaining access to Cloudflare's internal wiki and bug database. Additional access attempts on November 20th and 21st indicated the actor's persistence, culminating in establishing continuous access through ScriptRunner for Jira on November 22nd. Finally, they tried, unsuccessfully, to access a console server that had access to a data center that Cloudflare had not yet put into production in São Paulo, Brazil.For more details on Cloudflare's breach, consult the following sources:https://www.csoonline.com/article/1303785/nation-state-actor-used-recent-okta-compromises-to-hack-into-cloudflare-systems.htmlhttps://www.techtarget.com/searchsecurity/news/366568694/Cloudflare-discloses-breach-related-to-stolen-Okta-datahttps://www.computing.co.uk/news/4170126/cloudflare-server-breached-suspected-sponsored-threat-actors

In this episode of The Cybersecurity Defenders Podcast, we delve into the ground truth realities of cybersecurity with Yochai Greenberg, a frontline cyber defender.Yochai Greenberg's expertise in cybersecurity is grounded in a lifetime of hands-on experience and military service. From an early age, he immersed himself in computer technology, gaining comprehensive knowledge of hardware and software through practical experimentation. Serving in the IDF further cultivated his understanding of protection and security protocols.Transitioning into the security industry, Yochai applied his diverse skill set as an executive protection professional, bridging the gap between physical and digital security domains. His career is defined by a relentless pursuit of knowledge and innovation, driven by a commitment to integrating and enhancing security measures across various fronts.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft updated the public on their findings - apparently, the threat actors were able to gain persistent access to the privileged email accounts by abusing the OAuth authorization protocol.Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine that could be potentially exploited by threat actors to take control of a Kubernetes cluster.A new campaign is using phishing emails to distribute malware and legitimate services to bypass email protection systems to install NetSupport RAT.On January 20th the Cactus ransomware group attacked a number of victims across varying industries.

On this episode of The Cybersecurity Defenders Podcast, we discuss some of the cybersecurity threats to electric vehicles with Mike Pedrick, VP of Cybersecurity Consulting at Nuspire.Mike is currently serving as the Vice President of Cybersecurity Consulting at Nuspire. In his role over the past two years, Mike has focused on providing advisory services to mid-market clients in the areas of cybersecurity, governance, risk, and compliance with data security and privacy standards. His specialization lies in implementing mature cybersecurity programs tailored for small and medium-sized businesses. Mike is also actively involved with ISACA, where he currently serves as the Certification Coordinator for the Denver Chapter Board, managing certification-related activities.Before joining Nuspire, Mike held positions such as Vice President of Consulting at Stealth - ISS Group Inc. and Director of Security Consulting at Synoptek. In these roles, he provided leadership and advisory services in the cybersecurity domain. With over a decade of self-employment as a Security, Compliance, and Risk Management Consultant, Mike has served as a trusted advisor to SMB/Midmarket organizations, offering guidance in cybersecurity, compliance, and risk management.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SecureList researchers from Kaspersky have come up with a lightweight method to detect iOS malware.Nearly 71 million unique credentials that were leaked from websites such as Facebook, Roblox, eBay, Yahoo, and Coinbase have been circulating on the Internet.Russian threat group COLDRIVER has expanded its targeting of Western officials to include the use of malware.The Microsoft security team is reporting that it detected a nation-state attack on its corporate systems on January 12, 2024.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation about the SaaS Cyber Kill Chain with Luke Jennings, VP of Research & Development at Push Security.In this interview, we explore the evolution of cyber attacks and the impact of the remote working and SaaS revolution on the cyber kill chain.The SaaS Attack Matrix can be found here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A new Bandook variant has been distributed via a PDF since this past October.Akami researchers have uncovered a new crypto-mining campaign that has been active since the start of 2023. The Centres for Medicare and Medicaid Services will reportedly set out the proposed requirements that include two-factor authentication and maintaining a vulnerability-fixing program.Two vulnerabilities were uncovered that impact the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites.

On this episode of The Cybersecurity Defenders Podcast we speak with Adnan Khan, Lead Security Engineer at Praetorian, about a supply chain attack that was successful in poisoning Gihub’s runner images.Adnan is an Offensive Security Engineer and Security Researcher with a strong development background and passion for CI/CD and supply chain security. Adnan’s research can be found here.The Github Attack TOolkit can be found here.And Adnan can be found on LinkedIn here.

On today's episode of The Cybersecurity Defenders Podcast, we chat with Gerald Auger, Chief Content Creator at Simply Cyber.Dr. Gerald Auger is deeply passionate about information security, holding a steadfast belief that there exists a bespoke information security program for every organization. This tailored approach, he contends, not only mitigates cybersecurity risks but also amplifies overall value, aligning harmoniously with the business mission. Through Coastal Information Security Group, Dr. Auger extends his consulting and advisory cybersecurity services to both large and small organizations. With a focus on guiding the implementation of robust information security programs, he strives to meet the unique needs of each client.Gerald Auger's, 'Build an Elastic SIEM lab' videoEric Capuano's, 'So you want to be a SOC Analyst?' Part 1 & Part 2You can find Gerald on the various social media platforms as linked below.YouTubeTwitterLinkedIn

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.An international group of law enforcement agencies has seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat.IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections with a possible connection to DanaBot.Kaspersky published some new research in which they have identified a vulnerability in Apple System on a chip - or SOC - that has played a critical role in the attacks they saw in Operation Triangulation.NPM package “everything” downloads millions of packages and prevents all authors on npmjs.com from removing their packages.Russian hackers were inside the Ukrainian telecom giant Kyivstar's system from at least May last year and recently caused a destructive outage.And the Hacker History episodes, When the Lights Went Out in Ukraine Part 1 & Part 2.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation with James McMurry, Founder and CEO of ThreatHunter.ai.James is a cybersecurity veteran (and a veteran) with a career that spans over 30 years. He's the problem-solver who sees complexity as a puzzle to unravel.His approach goes beyond buzzwords; James transforms innovation into reality by blending AI, machine learning, and a team of human threat hunters into an effective cybersecurity strategy. Beyond the office, James is a discerning whisk(e)y enthusiast, showcasing a refined taste that matches his coding finesse. He is also a philanthropist and the Founder of VETCON.James can be found on Twitter here.And on Instagram here.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation with JP Bourget, Founder and President of Blue Cycle, who shares some hard-won lessons from his entrepreneurial journey.JP Bourget specializes in empowering Blue Teams and Security Operations Centers (SOCs) by implementing cutting-edge methodologies to enhance Cyber Maturity. His expertise spans automation, data engineering, API integration, and advocating security-as-code principles. Additionally, he holds the role of Entrepreneur in Residence (EIR) at Lytical Ventures.Previously, JP was the Founder and Chief Security Officer (CSO) of Syncurity, a company acquired by Swimlane and an early pioneer in the Security Orchestration, Automation, and Response (SOAR) landscape. Syncurity's flagship product, IR-Flow, revolutionized alert triage, allowing organizations to optimize their security efforts efficiently.Before co-founding Syncurity, JP honed his skills as the Network Security Manager at Arnold Magnetic Technologies, a prominent global manufacturing enterprise valued at $250 million.JP can be found on LinkedIn here.

Welcome to the Cybersecurity Defenders Podcast. My name is Christopher Luft, one of the founders of LimaCharlie and I am your host.This podcast is set up as a series of segments in and around cybersecurity - with a focus on the defensive side.Tune in for weekly intelligence reports and discussions, as well as deep-dives into major incidents like the MGM ransomware attack or the recent Okta breach with expert guests who can break down the events.I also get the privilege of interviewing many information security experts to share their unique stories. Hear from security analysts, detection engineers, CISOs, and other high-profile public figures. And my personal favourite, is a special segment called Hacker History where we narrate the true stories of infamous cybersecurity incidents with the help from those that were directly involved.The show is a constant work in progress and we would love for you to join us. We are always happy to hear from our listeners and encourage you to engage with us so that we can make this show the best it can be. So subscribe and follow along as we learn and grow together in this ever-evolving realm of cybersecurity.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2023, and bring together all of the predictions for the future of cybersecurity.It is a fun episode, and we hope you enjoy listening to it. And a Happy New Year to all our listeners! Wishing you security and success in 2024.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial PipelineOn May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.This episode was written by the talented Nathaniel Nelson.Casey Ellis can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sonar Source are reporting on a few vulnerabilities they have found in pfSense.eSentire’s Threat Response Unit launched a multi-pronged offensive against the Gootloader Initial Access-as-a-Service Operation. ESET researchers documented a series of new OilRig downloaders, all relying on legitimate cloud service providers for command and control communications.The Black Lotus Labs team at Lumen Technologies is tracking a small or home office router botnet that forms a covert data transfer network for advanced threat actors. You can make a donation in support of ending domestic violence through Cybersecurity Cares.

On this episode of The Cybersecurity Defenders Podcast, we have a detailed conversation with James Potter, founder of DSE, about Active Directory.James boasts over two decades of expertise in Active Directory security, serving as a trusted consultant for major companies. His focus is on fortifying security measures and devising strategies to strengthen critical systems. He's collaborated with diverse teams, identifying vulnerabilities and implementing robust security measures while balancing cost, usability, and security for each client's specific needs.Beyond consultancy, James proudly leads a team at DSE, providing cutting-edge security solutions to global corporations. Actively engaging in the security community, he shares insights through conferences, publications, and forums, emphasizing continuous learning and innovation to counter evolving threats.His passion lies in aiding organizations to navigate the dynamic threat landscape, ensuring resilient security frameworks and efficient business objectives. Whether crafting secure Active Directory environments, conducting assessments, or delivering tailored training, James's dedication ensures exceptional results surpassing client expectations.James can be found on LinkedIn here: James Potter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Unidentified governments are surveilling smartphone users via their apps' push notifications, as reported by a US senator on December 6th.Cyber.wtf reporting on an interesting piece of malware that turned out to be a RAT written in C#.Israel’s critical infrastructure is under threat from an Iranian proxy hacking group operating out of Lebanon.Hacker News is reporting on a critical Bluetooth security flaw that could be exploited by threat actors to take control of Android, Linux, MacOS and iOS devices.A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.The Cybersecurity Cares Holiday Telethon is taking place on December 15th. More information can be found at cybersecurity-cares.com

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MalwareBytes is reporting on Atomic Stealer, a popular information stealer for MacOS.Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system.Huntress is reporting that threat actors of varying types continue to target managed file transfer applications for exploitation. Microsoft has detected Danabot infections leading to hands-on-keyboard activity by ransomware operator Twisted Spider, culminating in the deployment of Cactus ransomware.

On this episode of The Cybersecurity Defenders Podcast, we speak with Jack Rhysider, the creator of Darknet Diaries.Darknet Diaries is a captivating podcast that delves into the intriguing and often clandestine world of cybersecurity and hacking. Hosted by Jack Rhysider, each episode features gripping narratives that explore real-life cybercrime incidents, hacking escapades, security breaches, and the individuals involved. Rhysider skillfully combines storytelling with in-depth interviews, providing a unique and engaging perspective on the complex landscape of cybersecurity. The podcast not only highlights the darker aspects of the internet but also sheds light on the efforts of cybersecurity professionals, their challenges, and the measures taken to defend against cyber threats. With its compelling storytelling and insightful discussions, Darknet Diaries offers a fascinating glimpse into the ever-evolving world of digital security.Learn more about the show, purchase swag, and listen to episodes at https://darknetdiaries.com/You can find Jack Rhysider on Twitter/X here: @JackRhysider

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.NSFOCUS Research Labs about how the DarkCasino APT group has leveraged a recently disclosed WinRAR zero-day vulnerability.G DATA CyberDefense is reporting on a threat actor using the ZPAQ archive and .wav file extension to infect systems with Agent Tesla.A technical analysis of DarkGate Malware-as-a-Service which is widely available on various cybercrime forums by the RastaFarEye persona.The Micrososft Threat Intelligence team has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.The Chinese hacker group “Chimera” broke into NXP - a Dutch chip maker - at the end of 2017 and had access to the manufacturer’s systems until the spring of 2020.To learn more about the community initiative to help end domestic violence please visit cybersecurity-cares.com

On this episode of The Cybersecurity Defenders Podcast we take a look into the cybercriminal underworld with Jon DiMaggio, Chief Security Strategist at Analyst1.Jon DiMaggio is the chief security strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-state intrusions, such as”Ransom Mafia:Analysis of the World’s first Ransomware Cartel”,“Nation State Ransomware” and a “History of REvil”. He has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks, and discussed his work with The New York Times, Bloomberg, Fox, CNN, Reuters, and Wired. You can find Jon speaking about his research at conferences such as RSA. Additionally, in 2022, Jon authored the book “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” published by No Starch Press.You can buy “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” here.The Ransomware Diaries: Volume1 & Volume2Jon DiMaggio on LinkedInJon DiMaggio on Twitter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A look at a versatile piece of malware that gets categorised as proxy malware, a bot, a backdoor, and even as a RAT, known as SystemBC.The AhnLab Security Emergency response Center’s analysis team has published an article outlining their recent discovery that the Ddostf DDoS bot is being installed on vulnerable MySQL servers.The notorious ALPHV ransomware group has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.A new Anti-Sandbox technique LummaC2 v4.0 stealer is using to avoid detonation if no human mouse activity is detected, along with some other techniques being employed such as Control Flow Flattening.And you can sign up to participate in the Defender Fridays series here. Join us as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

On this episode of The Cybersecurity Defenders Podcast, we talk with Chris Cochran, VP & Head of Marketing at AKA Identity, about brand and marketing for cybersecurity startups.Chris Cochran is an entrepreneur who combines a wealth of experience in technology and innate creativity that has proven to be invaluable to both brands and individuals who work with him. As the Co-Founder and CEO of Hacker Valley Media, Chris has a unique perspective on how to craft compelling narratives that engage, inform, and entertain technical audiences. His experience in technology allows him to bring a rare depth of knowledge to any creative project, and his ability to communicate complex ideas equally clearly and entertainingly makes for a powerful combination for reaching everyone, from students to entrepreneurs.As a US Marine veteran and former cybersecurity professional, Chris has been an intelligence analyst, incident responder, SOC analyst, threat intelligence leader, and security operations leader. On the creative side, Chris has been an award-winning podcaster, TV series showrunner, short film director, keynote speaker, event host, and writer. He is passionate about inspiring and empowering people to live out their personal and professional legend. With his unique combination of industry knowledge and creative skills, Chris can connect with audiences in an authentic and relatable way, inspiring trust and loyalty, which are crucial elements to building a successful brand, whether personal or corporate. He has created many award-winning shows, including Hacker Valley Studio and Technically Divided, alongside his co-founder Ron Eddings; he is a highly sought-after keynote speaker in technology and helps technology brands stand out from the rest through impactful storytelling.If you have a story to tell, an experience to create, or a community to reach, Chris can help.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Arstechnica is reporting that identity and authentication management provider Okta has been hit by another breach.Deep Instinct’s Threat Research team has identified a new campaign from the “MuddyWater” group. Google is warning of multiple threat actors sharing a public proof-of-concept exploit that leverages its Calendar service to host command-and-control infrastructure.BlackBerry Research and Intelligence Team has found a wiper variant that targets Windows systems being deployed by hacktivists in support of Hamas.

On this episode of The Cybersecurity Defenders Podcast, we talk with David Burkett, founder of Signalblur, about reimagining the cyber kill chain from a defenders perspective.David is a dedicated and highly experienced Cloud Detection Engineer and Security Architect, with a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers. His expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. David is proud to have been part of a security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. David is constantly seeking opportunities to grow and learn and is eager to connect with like-minded professionals in the cybersecurity domain.

The Cybersecurity Defender's host, Christopher Luft, along with special guest Eric Capuano, walk through the available details of the most recent Okta security breach that affected 1Password, BeyondTrust, and CloudFlare.On Friday, October 20th, Okta announced that it suffered an intrusion in its customer support system. The company confirmed that 'certain Okta customers' were affected and stated that it notified 'around 1 percent' of its 18,400 customers that they were impacted.