The Cybersecurity Defenders Podcast

On this episode of The Cybersecurity Defenders Podcast, we share the second part of 'When the Lights Went Out in Ukraine.'If you haven’t already, I recommend going back now and listening to “When the Lights Went Out in Ukraine, Part 1.”Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sentinel One talking about emerging trends and evolving techniques for macOS malware in 2023BlackCat operators recently announced new updates to their tooling, including a utility called MunchkinOn October 16, Cisco released an advisory regarding a critical zero-day privilege escalation vulnerability in their IOS XE Web UI software.WithSecure Labs is reporting that Vietnamese cybercrime groups are using multiple different Malware as a Service infostealers and Remote Access Trojans to target the digital marketing sector.The FBI in Phoenix is warning the public of a new scam dubbed “The Phantom Hacker.”Google’s Threat Analysis Group has recently observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831.

On today’s episode, we going to be speaking with Nas Bencherchall, one of the community members behind the scenes of LOLDrivers and Sigma.Nas is an avid learner who is passionate about all things detection, malware, DFIR, threat hunting, and Windows Internals.Nas is one of the community members behind LOLDrivers and one of the maintainers of the SIGMA Rule Repository.The newly re-imagined Sigma project website can be found here: SigmaHQThe LoLDrivers website can be found here: LOLDriversThe VS Code extension we talked about on the show can be found here: VSCOde ExtNas on Twitter: nas_bench Nas’ Blog: nasbench

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A joint advisory that was published by the NSA, the FBI and CISA, along with, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity.ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain.Unit 42 at Palo Alto are reporting that the CL0P ransomware group recently began using torrents to distribute victim data after a rather notorious campaign stealing data from thousands of companies.Checkmarx is reporting on a persistent open-source supply chain attacker targeting the Python ecosystem who has been active and evolving since April 2023.Arstechnica is reporting the discovery of thousands of Androids devices infected with malware right out of the box.Github Security Lab, in coordination with Ilya Lipnitskiy, has disclosed a 0-day memory corruption vulnerability in libcue, noted as CVE-2023-43641. Checkmarx reporting on a targeted campaign that unfolded via Pypi, targeting developers utilizing Alibaba cloud services, AWS, and Telegram.

In this episode of The Cybersecurity Defenders Podcast, we speak with Sean Higgins, consultant, educator, and co-founder of the Herjavec Group.Sean Higgins is a coach, speaker, author, and consultant with a specialization in cybersecurity program evaluation. With over 35 years of experience in information technology, he has dedicated nearly three decades to the field of cybersecurity. From 2003 to 2022, Sean served as the CTO and Co-founder of Herjavec Group. In his Canadian Best Selling book, "Driven," Robert Herjavec described Sean as "the smartest guy I ever met," a recognition that deeply touched him.Today, organizations seek out Sean's expertise when they require guidance on resolving technical issues, evaluating technological solutions, or need assistance in shaping the direction of their company's security program. One of his notable strengths lies in helping Chief Information Security Officers (CISO) and senior management confidently evaluate and refine their security programs.Sean is astounded by the rapid evolution of technology over the years. His career commenced in 1986 when he was writing programs to count light bulbs at General Electric. A few years later, he was instrumental in establishing the first computer network for the North York Public Library in Ontario, an endeavor that predates the widespread internet we know today. During those early days of the ARPANET, Sean used it to send emails to friends still at Purdue University. He also holds the distinction of being the first expert witness in a Canadian court regarding a cybersecurity incident.Passionate about mentoring millennials in the tech industry to find balance between their professional and personal lives, Sean collaborates with various universities, including the University of York's Career Mentorship Program. Additionally, he is a member of the Case Alumni Association Scholarship Committee, where he has the honor of awarding millions of dollars in scholarships to junior and senior STEM students.Sean's coaching approach combines elements of traditional life coaching, entrepreneurial business experience, and his ability to read energy. He has received training from the Quantum Success Coaching Academy, Enwaken Coaching, and Enwaken Apprentice programs.Notably, Sean has self-published his first book on Amazon titled "Living Your Purposeful Life" and is currently working on his second book, "Balancing: How tech managers can avoid burnout, balance priorities, and come back to life," slated for release in January 2023.Residing on picturesque Vancouver Island, Sean enjoys exploring the island's beauty with his faithful Golden Retriever, Rosie. He is an avid mountain biker and has recently discovered a passion for pickleball. His love for college athletics, particularly college basketball, is evident, and he especially cherishes watching his alma mater, Purdue University, during March Madness. So, reaching him during that time might prove a challenge, as he's likely to be glued to the games.

On this episode of the Cybersecurity Defenders Podcast, a hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for Managed Security Service Providers.The panel is moderated by LimaCharlie Co-founder, Christopher Luft. The panel participants are:Co-founder at Soteria, Paul IhmeCo-founder/CTO at Horangi Security, Lee SultWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Intel471 are reporting on a campaign utilizing Bumblebee, a type of a loader that has increasingly been used by threat actors affiliated with ransomware.ESentire are reporting on several attacks conducted by the Russia-linked LockBit Gang.Permiso reporting on LUC-3 who overlaps with Scattered Spider.Cisco Talos has discovered a new malware family they have dubbed HTTPSnoop being deployed against telecommunication providers in the Middle East.  WeLiveSecurity have stumbled upon a previously unknown backdoor being deployed in the Middle East that they have named DeadGlyph. Unit42 have started investigating a series of espionage attacks targeting a government in Southeast Asia.LimaCharlie's Office Hours, where we break down some TTPs in-depth, take place every Friday at 9.00 AM PT / 12.00 PM ET. You can find more information here: limacharlie.io/office-hoursThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On the special episode of The Cybersecurity Defenders Podcast we take a close look at the MGM cyberattack that took place in September 2023. On September 11 numerous MGM Resorts International properties in Las Vegas and throughout the United States were attacked by ransomware which shut down many aspects of its IT. Checking in and out, reservations, digital room keys, tickets, credit card systems, some slot machines, and even elevators at several MGM casino hotels became inoperative, forcing their staffs to use manual methods to serve their clientele, i.e. analog pen and paper. MGM filed a Form 8-K report with the SEC the next day. The relatively recent criminal hacking group Scattered Spider is believed to have used social engineering to bypass multi-factor authentication. The published statement by Scattered Spider can be found here. A list of APT groups/names can be found here.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we speak with Chad Loeven, VP Business Development at OPSWAT. Chad Loeven is an experienced cybersecurity professional who leads OPSWAT's OEM technology licensing business and technology partners. OPSWAT technology helps secure over 150M endpoints by working with many of the world's largest technology vendors. They provide threat intelligence, malware analysis, vulnerability assessment, patch management, device compliance, and more.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Securonix Threat Labs are reporting that threat actors working as part of the DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks. AhnLab’s Security Emergency Response Center are reporting on threat actors using phishing emails to distribute some fileless malware.The researchers over at Group-IB have uncovered a covert business email compromise phishing campaign targeting Microsoft 365.NSFOCUS Security Labs captured a new APT34 phishing attack against enterprise targets that released a variant of the SideTwist Trojan to achieve long-term control of the victim host.Threat Analysis Group publicly disclosed a campaign from government-backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we speak with Matthew Fulmer, Director of Cyber Threat Intelligence at BLOKWORX.With over 9 years of experience in the cyber security field, Matthew is a passionate and driven leader who strives to protect organizations from evolving and emerging threats. He has a strong background in threat intelligence, malware analysis, offensive security, and customer success, and he holds a Six Sigma Green Belt certification. As the Director of Cyber Threat Intelligence at BLOKWORX, Matthew integrates with internal teams to provide them with the latest knowledge and insights on the threat landscape and the best practices to prevent and deflect attacks.In his previous role as the Manager of Cyber Intelligence Engineering at Deep Instinct, Matthew managed a growing team of cyber intelligence engineers who operated within the customer success organization. He was responsible for creating a new service offering, developing the professional skills of his team, analyzing threat vectors in various environments, communicating proactively with customers, creating technical articles and content, and assisting with security education. He also contributed to the malware analysis, the pre-load product, and the administrator certification course. Some of the skills that Matthew applied and enhanced in this role include network administration, information security, and technical support.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

A hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:Senior Security Researcher at Thinkst, Casey SmithSecurity Evangelist at RunZero, Huxley BarbeeHead of Tines Labs, John TucknerWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Ross Haleliuk, Co-Lead of the Venture in Security Angel Syndicate, and Head of Product at LimaCharlie.Ross is a head of product at LimaCharlie - a startup that enables organisations to detect & respond to threats, automate processes, and future-proof their security operations. His areas of expertise include go-to-market and product strategy, B2B product-led growth, strategic positioning, product-market fit expansion, and growth. Outside of work, Ross is a startup advisor, angel investor, frequent contributor to TechCrunch, Forbes, and VentureBeat, and author of VentureinSecurity.netThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos reporting on both QuiteRAT and CollectionRAT from the Lazarus Group.JPCERT/CC has confirmed a new technique used in an attack that bypasses detection by embedding a malicious Word file into a PDF file. Telekom Security was recently made aware via trust groups about a new malware campaign involving DarkGate .The FBI and the Justice Department announced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

A hosted panel discussion with industry leaders to explore the advantages of the SecOps Cloud Platform for product builders.The panel is moderated by LimaCharlie's Head of Product, Ross Haleliuk. The panel participants are:Founder & CTO of Recon InfoSec, Eric CapuanoLead Incident Detection Engineer at Blumira, Amanda BerlinWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The return of the Racoon Stealer after temporarily being disrupted.EclecticIQ, analysts have assessed with high-confidence two observed PDF documents that are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.MalwareBytes is following up on a tech support scam campaign dubbed WoofLocker.The threat research team at BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.SentinelOne are reporting a new iteration of the XLoader malware-as-a-service infostealer and botnet .The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with John Hammond, Principal Security Researcher at Huntress, about security research.John Hammond is a cybersecurity researcher, educator and content creator. As part of the Threat Operations team at Huntress, John spends his days making hackers earn their access and helping tell the story. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs and other cyber security content. John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie, about the SecOps Cloud Platform.The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. A new injector written in Rust is used to inject shellcode and introduce XWorm into a victim’s environment.Multiple cases where the SugarCRM was the initial attack vector and allowed threat actors to gain access to AWS accounts.Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems and steals sensitive information.Patrick Wardle's research says that macOS's Background Task Manager can be easily bypassed and that Apple failed to act on his recommendations to fix it.CISA are reporting on the Seaspy and Whirlpool backdoors after obtaining malware samples from a compromised device.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Burkett, Founder of Signalblur, about the growing threat of Linux ransomware.David is a dedicated and highly experienced Cloud Detection Engineer and Security Architect, with a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.His expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. David is proud to have been part of a security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. David is constantly seeking opportunities to grow and learn and is eager to connect with like-minded professionals in the cybersecurity domain. The article on Linux ransomware referenced in the podcast can be found here: A Deep Dive into Linux Ransomware ResearchAnd David's previous appearance on the show can be found here: Episode #6The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast we host a panel discussion with industry leaders and explore the advantages of the SecOps Cloud Platform for securing enterprise organizations.The panel is moderated by LimaCharlie's Chief Revenue Officer, Jessica Crytzer. The panel participants are:Founder & CEO of LimaCharlie, Maxime Lamothe-BrassardFounder & CEO of Turngate, Bruce Potter Head of Product, Interpres Security, Fred WilmotPrincipal Consultant at Higgins Cybersecurity Consulting, Sean HigginsWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Decoy Dog is a malware toolkit that cleverly uses DNS to perform command and control.Breaking down the infection chain for Casbaneiro, another banking trojan targeting Latin America.An initial-access malware campaign that leverages malicious advertising - or malvertising - to impersonate legitimate software and compromise business networks.The VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques.Trellix Advanced Research Center who have identified a novel method for exploiting the ‘search-ms” protocol handler.The source code of the BlackLotus Unified Extensible Firmware Interface - or UEFI - rootkit was leaked on GitHub.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Seidman, Head of Detection & Response at Robinhood, about building high-performance teams.David manages the Detection & Response team at Robinhood,  and is responsible for detection, incident response, and D&R infrastructure. Robinhood's Platform team develops the "pipes and engines": log ETL, transport, data lake, Splunk, SIEM, SOAR, experimental tech, etc. Robinhood emphasizes engineering excellence and agility - they are moving fast and getting a lot done. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that brings together critical cybersecurity capabilities and eliminates integration challenges and security gaps for more effective protection against today’s threats.Watch the SecOps Cloud Platform panel discussions here: Introducing the SecOps Cloud PlatformThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we sit down with LimaCharlie Founder & CEO, Maxime Lamothe-Brassard, and talk about the history and vision of the SecOps Cloud Platform.About the SecOps Cloud Platform:The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.About Maxime:After graduating from the University of Victoria with a degree in Computer Science Maxime began his career in cybersecurity working for the Canadian Government as part of the Communications Security Establishment (CSE). CSE is Canada's national cryptologic agency, providing the Government of Canada with information technology security and foreign signals intelligence. As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from the development of cyber defense technologies, Counter Computer Network Exploitation and Counter Intelligence.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defense. He was an early employee at Crowdstrike, then worked for Google where he eventually landed in Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The RustBucket malware allows operators to download and execute various payloads. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.Charming Kitten sends a lure masquerading as a senior fellow with the Royal United Services Institute to a public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. New Truebot malware variants deployed on networks compromised using a critical remote code execution vulnerability in the Netwrix Auditor software.TrendMicro is reporting a new ransomware family and its variant named Big Head.Zscaler ThreatLabz has recently uncovered a new targeted attack campaign striking businesses in the Latin American region.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation around best practices for submitting papers to conferences with Huxley Barbee, Security Evangelist at runZero & organizer of BSidesNYC.Throughout Huxley's career, he has held key positions at Cisco, Datadog and now runZero. He is passionate about cybersecurity and supporting the community in order to create a better security posture for all. Huxley encourages our listeners to connect with him on various platforms as linked below.LinktreeLinkedInMastadonTwitterSome resources for finding conferences to submit papers to are linked below.Infosec ConferencesCFP TimeSecurity BSidesPulesdive's list of threat intel conferencesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. ASEC discovered that RedEyes is distributing and using an infostealer with wiretapping features. Symantex is reporting that The Flea has continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023. Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID Rapid7 researchers recently undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered. Members across the military have reported receiving smartwatches unsolicited in the mail. And you can register here to attend the LinkedIn Live Event, An Invitation to Change: Introducing the SecOps Cloud Platform The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Bambenek, tell the story of one of the largest and most complicated supply chain attacks in history: SolarWinds On December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds's Orion software.Victims of this attack include the cybersecurity firm FireEye, the US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration, as well as the US Department of Homeland Security.Prominent international SolarWinds customers investigating whether they were impacted include the North Atlantic Treaty Organization (NATO), the European Parliament, UK Government Communications Headquarters, the UK Ministry of Defence, the UK National Health Service (NHS), the UK Home Office, and AstraZeneca. FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020". FireEye named the malware SUNBURST. Microsoft called it Solorigate.The attack used a backdoor in a SolarWinds library; when an update to SolarWinds occurred, the malicious attack would go unnoticed due to the trusted certificate.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VulnCheck comes across a malicious GitHub repository that is claimed to be a Signal 0-day.CheckMarx are reporting that Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking a S3 bucket.Team CYMRU has released a detailed publication on Vidar infrastructure which encompasses both the primary administrative aspects and the underlying backend. Bit Defender Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. Researchers have found an unofficial package called 'https' that exists on NPM with over 1600 other packages that depend on it.An attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers.Cl0p rewards of up to $10 million are being offered by the U.S. State Department's Rewards for Justice program.SentinelOne is reporting on the Terminator EDR killer - Spyboy. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about AI in cybersecurity with Jon Bagg, Founder & CEO of Salem Cyber.Jon Bagg is the creator of Salem Cyber, an innovative cyber analysis technology that helps scale their alert investigation capacity so they can find threats in the noise. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. $35 million has reportedly been stolen from users of Atomic Wallet.On June 9th the Microsoft Azure Portal was down on the web as a result of suspected DDOS.The US Department of Justice has indicted 6 people for their involvement in a $6 million dollar business email compromise scam.CVE-2023-27997 was reported by Fortinet on June 13th (Fortinet hardening guide).Trend Micro recently discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine.And a really cool PDF - the Cy-Xplorer 2023 report put out by Orange Cyberdefense.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about edge computing with Theresa Lanowitz, Head of Evangelism and Portfolio Marketing at AT&T Cybersecurity.Theresa Lanowitz is a proven global influencer and speaks on trends and emerging technology poised to help today’s enterprise organizations flourish. Theresa is currently the head of evangelism at AT&T Business - Cybersecurity.Prior to joining AT&T, Theresa was an industry analyst with boutique analyst firm voke and Gartner. While at Gartner, Theresa spearheaded the application quality ecosystem, championed application security technology, and created the successful Application Development conference.As a product manager at Borland International Software, Theresa launched the iconic Java integrated development environment, JBuilder. While at Sun Microsystems, Theresa led strategic marketing for the Jini project – a precursor to IoT (Internet of Things).Theresa’s professional career began with McDonnell Douglas where she was a software developer on the C-17 military transport plane and held a US Department of Defense Top Secret security clearance.Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.The report referenced in the podcast can be acquired here: 2023 AT&T Cybersecurity Insight Report: Edge Ecosystem The open-source Genie Framework referenced in the podcast can be viewed here: Genie FrameworkThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.BlackCat makes some changes geared towards improving its tradecraft and increasing the likelihood of data theft and encryption. A new hacking forum called Exposed has publicly leaked a substantial database from the infamous RaidForums.A critical vulnerability in the MOVEit Transfer software.Camaro Dragon targets European foreign affairs entities linked to Southeast and East Asia.Kaspersky is reporting on some unknown malware targeting iOS devices.The Hacker News is reporting a surge in TrueBot activity that was observed starting in May 2023.Uptycs is reporting on the threat group behind the Cyclops ransomware and stealer combo. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined Devon Ackerman, Global Service Line Leader for Digital Forensics and Incident Response (DFIR) services at Kroll Cyber.Prior to Kroll, Devon served as a Supervisory Special Agent at the FBI's Operational Technology Division in the CART Field Operations Unit. He navigated digital forensic issues, managed 56 FBI Division executive management relationships, organized team deployments during mass incident response events such as the San Bernardino Domestic Terrorism shooting (Apple iPhones), and served as a senior certified Forensic Examiner (CART) for on-scene collections and forensic analysis.As mentioned in the show, an excellent resource for all things DFIR: aboutDFIR.comThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer’s personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub RunnersThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Malware Bytes researchers reporting on the Red Stinger group which has targeted entities in Ukraine.Apple is reporting three new zero days affecting iPhones, iPads, Macs and even Apple watches and TVs. The folks over at CISCO Talos have recently identified a new RA group that has been operating since at least April 22, 2023.Check Point researchers have uncovered the GuLoader that has been used in a large number of attacks.Trend Micro is reporting on a new capability seen in a BlackCat ransomware incident.Kaspersky is introducing the world to a new APT group they are calling GoldenJackal.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about mental health in cybersecurity with Amanda Berlin, CEO of Mental Health Hackers.Mental Health Hackers' stated mission is to educate tech professionals about the unique mental health risks faced by those in our field – and often by the people who we share our lives with – and provide guidance on reducing their effects and better manage the triggering causes.They also aim at providing support services to those who may be susceptible to related mental health issues such as anxiety, depression, social isolation, eating disorders, etc.If you are struggling please know that there are a lot of people in your community that care, as well as resources that you can access. Mental Health First AidWorkplace Mental HealthA list of resources from Mental Health HackersMental Health: Know the Warning Signs Mental Health: How to find help  Mental Health: Maintaining a Healthy LifestyleThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this special episode of the Cybersecurity Defenders Podcast, we have a longer-form discussion about the recent FBI takedown of the Russian malware known as Snake. The FBI dismantled the global peer-to-peer network of Snake-infected computers with Operation MEDUSA in coordination with multiple cybersecurity agencies.Resources referenced in this show:Press release from the Department of JusticeCISA's cybersecurity advisoryCISA breakdown of the Snake malwareThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This episode of the Cybersecurity Defenders podcast is the second part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet.Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.If you have not heard the first episode it is recommended that you do so before listening to this one. You can listen to the first episode here: Stuxnet (Part 1)Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threatmmon have uncovered a targeted PowerShell backdoor malware attack that bypasses normal detection methodology.Researchers have uncovered an attack that is based on a classic sideloading technique with a twist in which a first-stage clean application sideloads a second clean application and auto-executes it.US authorities have announced the seizure of 13 internet domains.The Blackberry Threat Research and Intelligence team has discovered a new campaign from the Sidewinder APT group against Pakistani government organizations.CISA has issued an advisory letting the public know that the FBI has used a court order to take down a Russian government-controlled malware network.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The initial  attack vector of 3CX’s network was via malicious software downloaded from Trading Technologies websiteQuaDream has allegedly fired all of its staff and is shutting down its operations in the coming daysState-sponsored campaigns targeting global infrastructure: looks like obvious targeting to support future destructive attacksA new information-stealing malware called Atomic macOS Stealer (AMOS)Attackers have been observed attempting to disable EDR clients with a new defensive evasion tool we’ve dubbed AuKillA new report put out by the National Cyber Security Centre is meant to help defenders understand selected malware threats in more technical depth, and provide indicators and TTPs to support threat hunting or modeling: View the ReportThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders podcast we have a conversation around the history of security tooling with Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud.Dr. Anton Chuvakin is currently involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast http://www.twitter.com/CloudSecPodcastUntil June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry. In addition, Anton taught classes (including his own SANS SEC434 class on log management) and presented at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on the advisory boards of several security start-ups.Before joining Gartner in 2011, Anton was running his own security consulting practice www.securitywarriorconsulting.com, focusing on SIEM, logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Anton earned his Ph.D. degree from Stony Brook University.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders podcast we have a focused discussion on ransomware with Paul Ihme, Co-Founder and Managing Principle at Soteria Security Solutions and Advisory.Paul is a cybersecurity professional with experience in federal and private environments. Wide array of expertise in multiple information technology domains, specializing in penetration testing, vulnerability assessments, and security incident response.The blog article, "Ransomware Is Irrelevant (Wait WHAT?!)" written by Adrian Sanabria that is referenced in the podcast can be viewed here. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Over 1 million Wordpress sites have been infected by the Balada Injector malwareNokoyawa ransomware attacks are being seen in the wild exploiting a Windows zero-dayAn emerging Python-based credential harvester and hacktool, named LegionA recently discovered malware family being called “Domino” Care increasingly using the Action1 remote access software for persistence on compromised networksA ransomware group has created encryptors targeting Macs for the first timeAnd a Chrome type confusion issue in the V8 Javascript engineThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Emergency security updates issued by Apple: CVE-2023-28206 & CVE-2023-28205 .Check Point researchers have unveiled a new sophisticated and fast acting ransomware.eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.The CrowdStrike Falcon OverWatch team recently observed threat actors exploit WinRAR self-extracting archives.FBI, Europol and the Dutch Police have disrupted the infamous browser cookie market known as Genesis Market. Microsoft’s Digital Crimes Unit along with a cybersecurity software company Fortra and Health Information Sharing and Analysis Center are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike.And then we dive into OT security with Dave Cullen, Field CTO for OTORIO.As mentioned in the podcast, here is a link to the “So you want to be a SOC Analyst?” by Eric Capuano.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Crowdstrike reports the 3CX supply chain attack.Agents arrested Conor Brian Fitzpatrick on a charge of conspiracy to commit access device fraud.SentinelOne reporting on the CatB ransomware family which is sometimes referred to as CatB99 or Baxtoy.A new everything infostealer on the dark market called Radamanthys.Mandiant has assessed with high confidence they identified a new APT: APT43.And then we deep dive the Capital One data breach discovered on July 19, 2019, with DataDog Cloud Threat Detection Engineer, Day Johnson.As mentioned in the podcast, Day's cybersecurity education-focused YouTube channel can be found here: @daycyberwoxThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.