A podcast about cybersecurity and the people that keep the internet safe.The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about their thoughts and experiences, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.
On this episode of the Cybersecurity Defenders Podcast we speak with Joshua Hoffman, CRO at ControlCase.Josh brings a unique perspective to the cybersecurity conversation, shaped by years of building revenue strategies in fast-changing, highly regulated environments. At ControlCase, he's helping organizations navigate the growing complexity of compliance standards like CMMC, SOC, and PCI DSS, while driving adoption of tech-forward approaches to risk management. His background spans advisory roles and leadership positions across the cybersecurity ecosystem, making him a key voice on how businesses can move beyond checkbox compliance to a more strategic, scalable security posture.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A report from Google on how to defend against UNC3944, better known as Scattered Spider.North Korea-backed threat actor TA406 has shifted its focus to targeting Ukrainian government agencies, according to new research from Proofpoint.Since October 2024, urlscan.io has been tracking a phishing campaign known as Oriental Gudgeon, which is targeting over 40 Japanese commercial entities—mostly in the financial services sector.Apple has released a substantial batch of security updates across its software ecosystem, including iOS 18.5, iPadOS, and the latest versions of macOS. And the article Matt mentions about CISA shifting their alert distribution strategy: https://www.infosecurity-magazine.com/news/cisa-alert-strategy-email-social/
On episode 215 of the Cybersecurity Defenders Podcast, Hank Thomas, Managing Partner and Founder at Strategic Cyber Ventures, shares his journey from Army intelligence officer to cyber-focused venture capitalist. But the most pressing part of the conversation is his call for a structural overhaul in how the US military handles cyber operations.Thomas argues that cyber is no longer a niche; it is the starting point for modern conflict. Yet cyber capability remains fragmented across service branches, leading to inefficiencies, talent drain, and even internal competition for resources. He makes the case for a separate, fully resourced cyber force, similar to the creation of the Air Force and Space Force, to truly secure the digital domain.He also shares concerns about government overreliance on contractors in critical cyber roles, the need for agile decision-making authority during cyber operations, and why AI must be deployed responsibly to defend a fractured critical infrastructure landscape.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Since March 2025, Volexity has tracked an escalation in sophisticated phishing campaigns executed by two suspected Russian threat actors, UTA0352 and UTA0355, targeting the Microsoft 365 accounts of individuals connected to Ukraine and human rights organizations. A recent security assessment by watchTowr uncovered a pre-authenticated Remote Code Execution (RCE) vulnerability in Commvault's on-premise Backup and Recovery solution (Innovation Release 11.38.20). CISA has added two SonicWall vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating an escalation in exploitation activity against the vendor's SMA series of secure remote access appliances. Bot traffic has overtaken legitimate human use on the internet, with the latest data showing that automated traffic now accounts for 51% of all internet activity—of which 37% is classified as malicious.
On this episode of the Cybersecurity Defenders Podcast we speak with Jonathan Haas, Product at Vanta, about building cybersecurity products.Jonathan's work focuses on making security compliance faster and more accessible, helping teams move from months-long processes to efficient workflows that take just days. Before Vanta, he was the co-founder and CEO of cybersecurity startup ThreatKey, and before that he held key roles at Snapchat, DoorDash, and Carta, where he built and refined compliance systems during times of rapid growth.Outside of work, Jonathan explores San Francisco on foot, experiments with sourdough pizza recipes, and is cooking a dish from every country in the world. He brings a product philosophy rooted in solving real problems, blending data with user stories, and fostering inclusive teams.You can read his blog, Haas on Saas, here.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.During a talk at RSA, DHS Secretary Kristi Noem provided an update on the future direction of the Cybersecurity and Infrastructure Security Agency (CISA) under the new Trump administration.During the panel discussion titled “AI and Cyber Defense: Protecting Critical Infrastructure” which brought together federal research leaders to talk about how AI and automation are being leveraged to address mounting cyber risks across the U.S. critical infrastructure landscape. A new report titled The Rise of State-Sponsored Hacktivism provides a detailed analysis of how hacktivist operations have become an increasingly prominent feature of geopolitical cyber conflict.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers at Trend Micro have uncovered a new campaign by the Fog ransomware group, notable for its use of DOGE-themed ransom notes aimed at mocking victims rather than just extorting them.In the wake of May 2024's Operation Endgame, which dismantled some of the most prominent malware droppers such as IcedID, Pikabot, SystemBC, Smokeloader, and Bumblebee, law enforcement agencies across Europe and North America have moved into a new phase targeting end users of these platforms.Zscaler researchers have recently observed Mustang Panda—also known by aliases like Bronze President, Stately Taurus, and TA416—upgrading its toolset as part of an ongoing espionage campaign, with a recent operation targeting an organization in Myanmar. Atomic macOS Stealer (AMOS), identified as one of the most impactful macOS-targeting infostealers of 2024, leverages deceptive application installers and phishing tactics to gain access to victim machines.
On today's episode of The Cybersecurity Defenders Podcast we speak with Ian L. Paterson, CEO of Plurilock, about the current state of Cybersecurity.Ian is a data entrepreneur with more than 15 years of experience in leading and commercializing technology companies in the fields of data analytics and cybersecurity. Ian is the CEO of Plurilock, where he led the company's growth and its successful listing on the TSX Venture Exchange.He previously founded and served as CEO of a data monetization platform that processed over a billion data events monthly before being acquired. Ian also held the role of Director of Insights at a venture backed analytics firm, where he managed half a trillion dollars in transaction data and helped generate eight-figure analytics sales before the company's acquisition by eBay.Ian has raised tens of millions of dollars in financing, completed four international M&A deals, and is a co-inventor on three patents. He is an active angel investor, a frequent media commentator featured in publications like Forbes and the Wall Street Journal, and a volunteer contributor to national policy through organizations such as the Canadian Council of Innovators and the Centre for International Government Innovation.You can listen to Ian's podcast, Code & COuntry, here: https://plurilock.com/podcast/
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.The U.S. Treasury Department's Office of the Comptroller of the Currency (OCC) has confirmed that emails belonging to its executives and staff were compromised in a cyber incident first detected in February.A critical zero-day vulnerability, tracked as CVE-2025-30406, has been actively exploited since March in CentreStack, a file-sharing platform developed by Gladinet and widely used by managed services providers (MSPs).UNC5174, a state-backed Chinese threat actor, has been observed using stealthy tactics and open source tooling in recent campaigns targeting Western and Asia-Pacific organizations.Oracle is facing sustained criticism over its handling of a recent cybersecurity incident in which a hacker claimed to have breached its systems and obtained records linked to over 140,000 tenants.
On today's episode of The Cybersecurity Defenders Podcast we are going to be speaking with a couple of team members from MORI Associates, a leading firm with over 25 years of experience in delivering comprehensive solutions across technology, communication, and space mission support. Specializing in scalable, high-impact technologies, the company addresses current challenges while anticipating future needs, contributing to a more connected, efficient, and secure future. MORI Associates has played pivotal roles in supporting missions to Earth orbit, the moon, and beyond, contributing to groundbreaking projects that advance both terrestrial applications and interstellar explorations.Our first guest is Gabe Garrett, Senior Vice President of Space and Defense at MORI Associates. With nearly two decades of experience in the aerospace and defense industries, Gabe leads strategy, growth, and operations across key civil and defense accounts. Before joining MORI Associates, he served as Account Vice President at SAIC, overseeing the Human Space Exploration and Operations Solutions division. Gabe's extensive background includes leadership roles at Engility Corporation and engineering experience with spacecraft, launch vehicles, and mission systems at ARES Corporation.Our other guest is Blake Hershey, Chief Growth Officer at MORI Associates. Blake is a visionary entrepreneur known for his passion for creating products that enhance lives and drive positive behavioral changes.With a track record of transforming concepts into successful multi-million-dollar ventures, he brings extensive expertise in business development, including finance, operations, marketing, product innovation, and strategic planning. His leadership has been instrumental in driving significant revenue growth at MORI Associates over the past several years. Blake has also been recognized by Forbes' Next 1000 for his entrepreneurial achievements.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.Japanese law enforcement has publicly linked a Chinese state-sponsored threat group known as MirrorFace to a series of cyberattacks that have targeted Japan over the past five years.Researchers at Cyfirma have detailed a new campaign where attackers are using a Remote Access Trojan (RAT) dubbed Neptune to hijack Windows systems.Researchers have discovered new variants of a previously identified Linux backdoor known as SparrowDoor, believed to be the work of a North Korean state-sponsored group known as Kimsuky.CISA has added a recently disclosed vulnerability in CrushFTP (tracked as CVE-2024-4040) to its Known Exploited Vulnerabilities (KEV) catalog.
On this episode of the Cybersecurity Defenders Podcast we dive into the AI Threat Landscape report with Eoin Wickens, Director of Threat Intelligence at HiddenLayer.Eoin specializes in AI security, threat research, and malware reverse engineering. Eoin has authored numerous articles on AI security, co-authored a book on cyber threat intelligence focusing on Cobalt Strike, and has spoken at conferences such as DEF CON AI Village, BSides San Francisco, LABScon, and 44CON. He also delivered the 2024 SCORED opening keynote.You can get a copy of the report here: https://hiddenlayer.com/threatreport2025/
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.On March 24, The Atlantic's editor-in-chief Jeffrey Goldberg reported a significant OPSEC failure involving U.S. Secretary of Defense Pete Hegseth, who allegedly sent him detailed U.S. military plans over Signal—an encrypted messaging app—on March 15.A newly discovered supply chain attack on the npm ecosystem is targeting developers by backdooring local packages through a process known as “manifest confusion.” Unit 42 researchers at Palo Alto Networks have uncovered an ongoing software supply chain attack targeting GitHub repositories via malicious GitHub Actions workflows.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Google has announced a $32 billion ALL CASH acquisition of the Israeli cybersecurity startup Wiz, making it one of the largest deals in the company's history.A newly discovered zero-day vulnerability in Windows allows attackers to escalate privileges, potentially granting them full control over affected systems.Security researchers have identified new intrusion techniques used by the SocGholish malware framework, which is increasingly being leveraged to distribute ransomware.Security researchers have uncovered a new technique that allows attackers to disable Endpoint Detection and Response (EDR) solutions using Windows Defender Application Control (WDAC).Security researchers have discovered undocumented commands in a widely used Bluetooth chip, potentially exposing over a billion devices to security risks.
On today's episode of the Cybersecurity Defenders Podcast, we speak with Jen VanAntwerp, the Founder of Sober in Cyber.Jen is a cybersecurity marketing professional and the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober and sober-curious individuals working in infosec. Jen is passionate about breaking the stigma of addiction recovery and is profoundly driven to increase the number of professional networking events that don't revolve around alcohol. She is also the founder of JVAN Consulting, where she provides marketing consultation services to cybersecurity startups.Sober in Cyber Discord can be found here.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of the LimaCharlie community.The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant operational challenges as budget constraints force it to scale back key cybersecurity programs.Scammers are taking a new approach to extortion by mailing physical ransom letters to victims, claiming to be the operators of the BianLian ransomware group.A newly identified advanced persistent threat (APT) group, dubbed "Crafty Camel," has been targeting aviation operational technology (OT) systems using a sophisticated technique involving polyglot files. A new malvertising campaign is leveraging deceptive online ads to distribute information-stealing malware hosted on GitHub, highlighting an ongoing evolution in cybercriminal tactics.Security researchers have disclosed details of multiple vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems that could be exploited to facilitate attacks on industrial environments.
On this episode of The Cybersecurity Defenders Podcast we speak with Andrew Cook, CTO of Recon InfoSec, about lessons learned scaling Managed Security Operations.
On this episode of The Cybersecurity Defenders Podcast we speak with Philippe Humeau, CEO of CrowdSec, about Multimodal Offensive Artificial Intelligence (MOAI).Philippe is a cybersecurity expert and seasoned entrepreneur with a deep passion for enhancing global internet security. He is the founder and CEO of CrowdSec, an innovative open-source platform that harnesses the power of community-driven threat intelligence to protect systems worldwide. Philippe's work focuses on collaborative approaches to cybersecurity, ensuring that organizations can stay ahead of evolving threats by pooling collective knowledge and resources. With years of experience building solutions that address complex security challenges, Philippe has made a significant impact on the field.Before founding CrowdSec, Philippe successfully launched and led several companies within the cybersecurity space, further cementing his reputation as a thought leader and innovator. His journey reflects a commitment to addressing the most pressing challenges in the digital age, from fostering safer internet ecosystems to empowering businesses with the tools they need to defend against cyberattacks. Philippe is also an advocate for open-source technology and community-driven solutions, underscoring his belief that collaboration is key to combating global threats.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korea's state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange. The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks. GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.
On this episode of The Cybersecurity Defenders Podcast we talk with John Vaina, AI Researcher and Red Teamer, about AI risk and safety.John is an expert in AI risk, safety, and security. John currently works as an AI red team operator, tackling some of the most complex challenges in the field. His work spans traditional cybersecurity concerns, such as identifying vulnerabilities in AI systems, to cutting-edge tasks like testing for emergent behaviors and conducting AI alignment and safety audits.John's expertise includes evaluating ethical and bias risks, ensuring model robustness, and running adversarial attack simulations to uncover potential weaknesses. Beyond these technical aspects, he also addresses broader safety issues, including scenarios involving CBRNE threats and other high-stakes risks.John's unique combination of technical skills, strategic thinking, and a focus on ethical considerations makes him a leading voice in ensuring that AI technologies are safe, secure, and aligned with human values.
In this episode of The Cybersecurity Defenders Podcast, we discuss stress management and avoiding burnout with Amanda Berlin, CEO of Mental Health Hackers.Amanda is the Senior Product Manager of Cybersecurity at Blumira, where she collaborates with a talented team to make security more accessible. With a career in IT spanning nearly her entire adult life, her expertise includes infrastructure security, network troubleshooting, purple teaming, and security awareness training.Beyond her role at Blumira, Amanda leads Mental Health Hackers, an organization dedicated to addressing the unique mental health challenges faced by cybersecurity professionals and heavy technology users. Through education and advocacy, she helps shine a light on the critical intersection of mental health and the tech industry.All of the links:Coffee bot: DonutsBook: The Fearless OrganizationAmerican Psychological AssociationMental Health hackers next at: Bsides Charm in Baltimore, Blue Team Con in Chicago... check social media for more
On this episode of The Cybersecurity Defenders Podcast, we talk about security issues in the Arctic with Deepak Dutt, Founder of Zighra.Deepak is a technology leader and entrepreneur on a mission to secure the future against AI-powered threats and to inspire founders to transform their ideas from zero to meaningful impact.Deepak's career began in the software space, inspired by his father's passion for technology. In his late teens, he founded his first company in the eLearning space, which he successfully led to an acquisition, relocating to Ottawa at the age of 21.While in Ottawa, Deepak balanced graduate studies with roles at Newbridge Networks and Nortel, where he spent nearly a decade gaining expertise in product development, go-to-market strategy, and technological innovation. These experiences reinforced his drive to harness technology's transformative potential.In 2009, Deepak founded his second startup, a cloud-based cybersecurity company. Over the years, he has participated in leading accelerators worldwide, including Barclays/Techstars, Creative Destruction Labs, and the Canadian Technology Accelerator. Today, as Founder and CEO of Zighra, he is building an operating system designed to defend against AI-powered attacks, working with financial institutions and governments to deliver robust security solutions powered by explainable AI, behavioral biometrics, and contextual intelligence.A passionate advocate of the Zero to Impact philosophy, Deepak is committed to inspiring tech founders to embrace big challenges and develop innovations that drive meaningful change.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.
On this episode of The Cybersecurity Defenders Podcast, we explore MSSP partnerships and technology providers with Raffaele Mautone, CEO of Judy Security.Raffaele brings a strong background in IT, sales, and operations, with extensive experience in cybersecurity and IT shaping the foundation of Judy Security. He has a proven track record of leading teams through successful acquisitions, strategic planning, and large-scale program deployments.Throughout his career, he has worked with major companies like Duo, FireEye, McAfee, and Dell, focusing on marketing and sales strategies, business process improvements, and go-to-market programs.Judy Security delivers enterprise-grade cybersecurity tailored for SMBs and MSPs. Their AI-powered platform is affordable, intuitive, and designed to seamlessly integrate with MSP business models while addressing the unique security challenges of SMBs. With Judy Security, businesses can stay protected with advanced, easy-to-use cybersecurity solutions—because safeguarding data shouldn't be complicated.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ransomware payments saw a significant drop in 2024, falling by 35% compared to the previous year. Law enforcement agencies have arrested a suspected core member of the 8Base ransomware group, marking a significant development in efforts to combat cybercrime. The XE Group, a financially motivated cybercrime organization, has shifted its tactics from traditional card-skimming attacks to more sophisticated supply chain compromises.Security researchers at watchTowr have demonstrated a supply chain attack technique that surpasses the scale and stealth of the infamous SolarWinds breach.A newly discovered cyber-espionage campaign is targeting government and military entities in South Asia, according to researchers at Unit 42.
On this episode of The Cybersecurity Defenders Podcast we talk about talent acquisition, training, and retention in the MSSP space with Paul Ihme, Cofounder & Managing Principle at Soteria.Paul is a cybersecurity professional with extensive experience in both federal and private sectors. He is the co-founder and managing principal of Soteria, a firm that provides tailored cybersecurity solutions and strategic advisory services to help businesses defend against cyber threats 24/7. Soteria specializes in managed detection and response, domain monitoring, and risk management for Microsoft 365 environments among other things. Prior to founding Soteria, Paul held key roles in cybersecurity, including Vice President of Active Network Defense at JPMorgan Chase and as a Cyber Warfare Operator in the U.S. Air Force. Today, we are going to be discussing what it takes to Build a Skilled Team and exploring his experience with Talent acquisition, training, and retention in the MSSP space.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Lumma Stealer, an information-stealing malware, has been observed using new evasion techniques to avoid detection.Researchers at CloudSEK have uncovered a trojanized version of the xWorm Remote Access Trojan (RAT) builder that is being secretly distributed among cybercriminals. A recent disclosure by security researcher Zach Latta highlights how the Washington State Department of Transportation (WSDOT) inadvertently exposed sensitive server credentials on its public website.A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet's FortiOS has been actively exploited in the wild, allowing attackers to execute arbitrary code or gain unauthorized access to affected systems.
On this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP.Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and E*Trade, as well as public sector organizations including the U.S. Navy and the EPA.Garret began his career as a security programmer at Texas Instruments, IBM, and Tandem Computers, later advancing to key roles at RSA, Netegrity, and Cisco. He is also the founder and creator of SecureAuth IdP, a two-factor authentication and SSO platform. Known for his expertise in security architecture, product development, and leadership, Garret is a thought leader in modern IT architecture, including mobile deployments, cloud, hybrid environments, and advanced authentication technologies.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats. SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C).A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access. Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.
On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she's helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market. You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark
On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light. David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes.David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community.Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada. In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers. SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.
MSSPs and other security service providers comprise the backbone of the cybersecurity industry. They are the organizations on the front line that keep the world running in the face of ever more sophisticated adversaries. In this special series we are going to be exploring a variety of topics with seasoned experts around the ways they have learned to improve the effectiveness of their organizations.Our guest today is Nick Gipson - the founder and CEO of Gipson Cyber. Nick founded Gipson Cyber in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare.Nick's company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we'll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up. Nick Gipson, the founder of Gipson Cyber, a company he launched in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare.Nick's company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we'll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.
In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial PipelineOn May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.This episode was written by the talented Nathaniel Nelson.Casey Ellis can be found on LinkedIn here.
On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.'Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia's close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.
This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.
In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack. The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.
In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.
In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware.Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms. A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories. A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022. And you can subscribe to Detection Engineering Weekly here.
On this episode of The Cybersecurity Defenders Podcast we explore the reality of modern browser threats with John Tuckner, Founder at Secure Annex.John, the founder of Secure Annex, an innovative platform focused on helping organizations manage and secure browser extensions. With over a decade of experience in cybersecurity and technical program management, they have held key leadership roles at companies like Tines, Cyderes, and Optiv. At Tines, they spearheaded multiple initiatives, including the creation of Tines Labs, the development of a natural language AI workflow tool, and the expansion of the Tines Library of automation workflows.John's career also includes building customer success engineering teams, driving security automation research, and implementing cutting-edge network and security solutions. They bring a wealth of expertise in creating scalable frameworks, strategic tools, and impactful automation technologies.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment.The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore.Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider. Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.
A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2024, and bring together all of the predictions for the future of cybersecurity.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia's APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."
On today's episode of The Cybersecurity Defenders Podcast we talk about cybercrime cottage industries with Reed McGinley-Stempel, the Co-Founder and CEO of StytchStytch is a platform designed to streamline authentication, authorization, and fraud prevention in a way that enhances security while minimizing user friction. Stytch serves both consumer and B2B applications, offering a variety of authentication solutions, including features like Google One-Tap and Biometrics for consumer-facing applications, as well as SSO, Role-Based Access Control, and SCIM integrations for enterprise SaaS. Reed founded Stytch after witnessing the challenges teams face when building secure and user-friendly authentication solutions, a problem he first encountered while working at Plaid. He is also a proud duke alumni and was the recipient of the prestigious Fullbright Scholarship
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.
On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby's story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.This tool helps security researchers identify vulnerabilities within macOS's sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VMRay's analysis on Latrodectus highlights the malware family's development, detailing how it evolved from simple loaders to highly evasive, sophisticated malware.The WarmCookie malware is a recent, persistent threat known for its self-updating capabilities, specifically designed to evade security tools and establish long-term presence in systems. Fortinet recently disclosed a critical zero-day vulnerability in its FortiManager product, assigned CVE-2024-47575, which has been actively exploited in the wild.The European Union (EU) recently updated its product liability framework to better address the challenges of the digital age and support the shift toward a circular economy. Linux creator Linus Torvalds recently reaffirmed the expulsion of Russian maintainers from the Linux MAINTAINERS file due to sanctions compliance, sparking discussion within the open-source community.