POPULARITY
Christopher Luft, Co-Founder and CCO of LimaCharlie, and Dr. Mike Saylor, CEO of Blackswan Cybersecurity, sat down with the Defender Fridays community for Black Hat week wrap up and a deep dive building secure environments for IR.Dr. Mike Saylor is an accomplished, outcome-driven and solution-focused business professional and entrepreneur with 30+ years of Consulting, IT Audit & Risk, Cyber Security & Incident Response experience. Uniquely qualified as a leader with a solid knowledge of operations, strategy and management, Dr. Mike has enjoyed repeated success guiding highly skilled, cross functional teams in areas of intelligence, security, technology, and audit & compliance. Dr. Mike is an experienced public speaker, writer, and researcher on topics of technology, security, and cybercrime. He stays current with changes in the industry through professional affiliations and continuing professional development. Learn more about Blackswan Cybersecurity at blackswan-cybersecurity.comOn Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at limacharlie.io/defender-fridays
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.At Black Hat USA in Las Vegas, three security researchers demonstrated how Google's Gemini AI could be hijacked to take control of smart home devices using a novel form of indirect prompt injection.Two separate security teams - NeuralTrust and SPLX - have conducted red teaming evaluations of the newly released GPT-5, and both report serious deficiencies in the model's security posture.Another Black Hat story, security researchers Milenko Starcik and Andrzej Olchawa from VisionSpace Technologies presented a compelling case that hacking satellites is not only more cost-effective than deploying anti-satellite missiles, but alarmingly easy due to widespread software vulnerabilities.Our final Black Hat story, Cisco Talos researchers disclosed five critical vulnerabilities in Broadcom's BCM5820X series chips, used in Dell's ControlVault3 secure enclave hardware.CISA and FEMA have jointly announced over $100 million in cybersecurity grant funding for the 2025 fiscal year, targeting state, local, and tribal governments.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and Jeremy Snyder, Founder and CEO of FireTail.ai, sat down with the Defender Fridays community to discuss the hurdles of maintaining secure processes while adding AI to your workflow.Jeremy is the founder and CEO of FireTail.ai. Jeremy was an IT and cybersecurity practitioner for over 10 years before transitioning into product and sales roles in cloud security and cyber. Jeremy once went three days without seeing another human, but saw lots of reindeer. Another time, Jeremy was kicked off a train in central Sweden. Find out more at FireTail.ai.On Defender Fridays we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.Join the live discussions by registering at limacharlie.io/defender-fridays.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.More than 90 state and local government organizations have been targeted in a recent wave of cyberattacks exploiting a vulnerability in Microsoft SharePoint, according to the Center for Internet Security (CIS).Traditional cyber attack methodologies - exploiting endpoints, moving laterally, escalating privileges - are increasingly outdated as enterprise IT shifts toward SaaS and browser-based access.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533 - a high-severity Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print management software - to its Known Exploited Vulnerabilities (KEV) catalog.Researchers at Nozomi Networks have disclosed over a dozen security flaws in Tridium's Niagara Framework, a vendor-agnostic building management platform used in sectors ranging from industrial automation to energy and smart infrastructure.Between April 2024 and April 2025, ransomware attacks on the oil and gas industry increased by an unprecedented 935%, according to new research from cybersecurity firm Zscaler.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A critical new SharePoint vulnerability is under mass exploitation, with attackers targeting on-premises SharePoint Server deployments to exfiltrate sensitive data, including authentication tokens.And then directly related to the first story, Microsoft has now confirmed that at least three China-linked threat actors—Linen Typhoon, Violet Typhoon, and Storm-2603—were actively exploiting CVE-2025-49706 and CVE-2025-49704 a day before the company issued patches on July 8.The UK government announced on July 22, 2025, that it plans to make ransomware payments illegal for public sector bodies and operators of critical national infrastructure (CNI).In-browser cryptocurrency mining, often called crypto jacking, originally gained notoriety in 2017 when Coinhive introduced JavaScript-based mining for Monero.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Cisco has disclosed a critical vulnerability—tracked as CVE-2025-20337 with a perfect score of 10—affecting its Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC). A recently updated version of the malware-as-a-service (MaaS) loader Matanbuchus is being deployed in active spear-phishing campaigns that are ultimately aimed at high-value ransomware infections.Cambodia has announced the arrest of over 1,000 individuals this week as part of a nationwide crackdown on cybercrime networks operating within its borders.A threat actor linked to the Abyss ransomware campaign, tracked as UNC6148 by Google's Threat Intelligence Group (GTIG), appears to be exploiting a zero-day vulnerability in SonicWall's end-of-life Secure Mobile Access (SMA) 100 series devices.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Kai West, a 25-year-old British national, has been indicted by the U.S. Attorney's Office for the Southern District of New York for allegedly operating under the online alias “IntelBroker.” Hunters International, a ransomware group that surfaced in 2023 and is believed to have originated from the now-defunct Hive ransomware operation, has announced it is ceasing all activity.Hackers in Brazil managed to steal nearly $140 million USD from six banks by exploiting insider access at a financial technology firm called C&M, which provides connectivity services to financial institutions and the Brazilian Central Bank. Several critical vulnerabilities in Ruckus Networks' management products remain unpatched, leaving large-scale WiFi environments at risk of complete compromise.Microsoft has released security updates addressing 130 vulnerabilities across its product line as part of its July 2025 Patch Tuesday.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two critical local privilege escalation vulnerabilities in the Sudo utility—CVE-2025-32462 and CVE-2025-32463—have been disclosed by the Stratascale Cyber Research Unit.Google Chrome and Mozilla Firefox are both facing distinct, serious threats this week—Chrome from a zero-day vulnerability under active exploitation and Firefox from a campaign of malicious browser extensions targeting cryptocurrency users.The Medusa ransomware group, active since late 2021, has maintained a consistent and aggressive operational tempo into 2025. Cloudflare has rolled out a significant change to how websites handle AI crawlers, positioning itself as the first internet infrastructure provider to block AI-driven scraping by default.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Thai police conducted a major raid on the Antai Holiday Hotel in central Pattaya late on Monday night, June 16th, uncovering a joint operation involving both ransomware distribution and illegal gambling.Canada's national cybersecurity agency has confirmed that a Chinese state-sponsored group known as Salt Typhoon successfully targeted a Canadian telecommunications company earlier this year, exploiting a Cisco vulnerability.The Department of Homeland Security (DHS) has issued a National Terrorism Advisory System bulletin warning of an elevated risk of cyberattacks and potentially violent extremism in response to escalating geopolitical tensions between the U.S. and Iran.Security researchers have confirmed that recent social engineering campaigns exploiting Zoom are the work of BlueNoroff, a North Korean state-sponsored APT group known for targeting financial entities, particularly in the cryptocurrency and online gambling sectors.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A new malware strain known as OtterCookie, developed by the North Korean APT group Lazarus, has been dissected in a detailed technical analysis by offensive security expert Mauro Eldritch. Attackers are currently exploiting a critical vulnerability in the Langflow platform — an open-source Python-based web app used to build AI workflows and agents — to deliver a new botnet called Flodrix.A new campaign from an emerging threat group named Water Curse is targeting the software supply chain by leveraging GitHub repositories that masquerade as legitimate security tools. The threat actor known as Scattered Spider, also tracked as UNC3944 by Google and Mandiant, has apparently shifted its operational focus from the retail sector to the US insurance industry, according to a new alert from Google's Threat Intelligence Group.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Over an eight-month period beginning in July of last year, China-backed threat actors carried out a coordinated campaign that included attempts to breach cybersecurity vendor SentinelOne.CISA has added two newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.OpenAI has banned ChatGPT accounts linked to state-sponsored threat actors, including groups affiliated with governments in China, Russia, North Korea, Iran, and others.A critical vulnerability in Wazuh Server, CVE-2025-24016 (CVSS 9.9), is being actively exploited by threat actors to deliver multiple Mirai botnet variants for distributed denial-of-service (DDoS) operations.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Microsoft and CrowdStrike have announced a strategic alliance aimed at deconflicting threat actor names across their platforms.A new, anonymous figure calling himself GangExposed has surfaced in the cyber threat landscape, publishing a significant set of internal documents that reveal the identities of top leadership within the Conti and Trickbot ransomware crews.A new supply chain attack targeting the Ruby ecosystem has emerged, leveraging impersonated packages to exfiltrate sensitive data from Telegram communications. Researchers at Wiz have published what appears to be the first confirmed case of active exploitation of misconfigured HashiCorp Nomad servers in the wild, used by attackers to mine Monero cryptocurrency.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two significant crypto security breaches occurred in close succession this month, affecting both decentralized and centralized platforms. On May 22, Cetus—a decentralized exchange built on the Sui Network—was exploited via a vulnerability in its automated market maker (AMM). Meanwhile, Coinbase confirmed what it called a “targeted insider threat operation” that compromised data from less than 1% of its active monthly users.A threat group identified as “Hazy Hawk” has been systematically hijacking cloud-based DNS resources tied to well-known organizations, including the US Centers for Disease Control and Prevention (CDC), since December 2023. A newly disclosed vulnerability in Windows Server 2025, dubbed BadSuccessor, has raised major concerns among enterprise administrators managing Active Directory environments.Federal and international law enforcement, alongside a significant number of private-sector partners, have successfully dismantled the Danabot botnet in a multiyear operation aimed at neutralizing one of the more advanced malware-as-a-service (MaaS) platforms tied to Russian cybercriminal activity.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A report from Google on how to defend against UNC3944, better known as Scattered Spider.North Korea-backed threat actor TA406 has shifted its focus to targeting Ukrainian government agencies, according to new research from Proofpoint.Since October 2024, urlscan.io has been tracking a phishing campaign known as Oriental Gudgeon, which is targeting over 40 Japanese commercial entities—mostly in the financial services sector.Apple has released a substantial batch of security updates across its software ecosystem, including iOS 18.5, iPadOS, and the latest versions of macOS. And the article Matt mentions about CISA shifting their alert distribution strategy: https://www.infosecurity-magazine.com/news/cisa-alert-strategy-email-social/
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Since March 2025, Volexity has tracked an escalation in sophisticated phishing campaigns executed by two suspected Russian threat actors, UTA0352 and UTA0355, targeting the Microsoft 365 accounts of individuals connected to Ukraine and human rights organizations. A recent security assessment by watchTowr uncovered a pre-authenticated Remote Code Execution (RCE) vulnerability in Commvault's on-premise Backup and Recovery solution (Innovation Release 11.38.20). CISA has added two SonicWall vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating an escalation in exploitation activity against the vendor's SMA series of secure remote access appliances. Bot traffic has overtaken legitimate human use on the internet, with the latest data showing that automated traffic now accounts for 51% of all internet activity—of which 37% is classified as malicious.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.During a talk at RSA, DHS Secretary Kristi Noem provided an update on the future direction of the Cybersecurity and Infrastructure Security Agency (CISA) under the new Trump administration.During the panel discussion titled “AI and Cyber Defense: Protecting Critical Infrastructure” which brought together federal research leaders to talk about how AI and automation are being leveraged to address mounting cyber risks across the U.S. critical infrastructure landscape. A new report titled The Rise of State-Sponsored Hacktivism provides a detailed analysis of how hacktivist operations have become an increasingly prominent feature of geopolitical cyber conflict.
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers at Trend Micro have uncovered a new campaign by the Fog ransomware group, notable for its use of DOGE-themed ransom notes aimed at mocking victims rather than just extorting them.In the wake of May 2024's Operation Endgame, which dismantled some of the most prominent malware droppers such as IcedID, Pikabot, SystemBC, Smokeloader, and Bumblebee, law enforcement agencies across Europe and North America have moved into a new phase targeting end users of these platforms.Zscaler researchers have recently observed Mustang Panda—also known by aliases like Bronze President, Stately Taurus, and TA416—upgrading its toolset as part of an ongoing espionage campaign, with a recent operation targeting an organization in Myanmar. Atomic macOS Stealer (AMOS), identified as one of the most impactful macOS-targeting infostealers of 2024, leverages deceptive application installers and phishing tactics to gain access to victim machines.
In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products: LimaCharlie: A public cloud for SecOps Honeywell Cyber Insights: An OT security/discovery solution Fortra's CobaltStrike and Outflank: Security tooling for red teamers This episode is also available on Youtube. Show notes
Will Bennett served 12 years as a weather forecaster in the US Air Force. Will deployed in support of three combat operations (Bosnia, Kosovo, and Iraq), and various Army support roles. Will now lives in Southwest Florida with his wife and kids.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.The U.S. Treasury Department's Office of the Comptroller of the Currency (OCC) has confirmed that emails belonging to its executives and staff were compromised in a cyber incident first detected in February.A critical zero-day vulnerability, tracked as CVE-2025-30406, has been actively exploited since March in CentreStack, a file-sharing platform developed by Gladinet and widely used by managed services providers (MSPs).UNC5174, a state-backed Chinese threat actor, has been observed using stealthy tactics and open source tooling in recent campaigns targeting Western and Asia-Pacific organizations.Oracle is facing sustained criticism over its handling of a recent cybersecurity incident in which a hacker claimed to have breached its systems and obtained records linked to over 140,000 tenants.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.Japanese law enforcement has publicly linked a Chinese state-sponsored threat group known as MirrorFace to a series of cyberattacks that have targeted Japan over the past five years.Researchers at Cyfirma have detailed a new campaign where attackers are using a Remote Access Trojan (RAT) dubbed Neptune to hijack Windows systems.Researchers have discovered new variants of a previously identified Linux backdoor known as SparrowDoor, believed to be the work of a North Korean state-sponsored group known as Kimsuky.CISA has added a recently disclosed vulnerability in CrushFTP (tracked as CVE-2024-4040) to its Known Exploited Vulnerabilities (KEV) catalog.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.On March 24, The Atlantic's editor-in-chief Jeffrey Goldberg reported a significant OPSEC failure involving U.S. Secretary of Defense Pete Hegseth, who allegedly sent him detailed U.S. military plans over Signal—an encrypted messaging app—on March 15.A newly discovered supply chain attack on the npm ecosystem is targeting developers by backdooring local packages through a process known as “manifest confusion.” Unit 42 researchers at Palo Alto Networks have uncovered an ongoing software supply chain attack targeting GitHub repositories via malicious GitHub Actions workflows.
Shaun McCutcheon and Dan Backer - EXCLUSIVE: Conservative Group Seeks DOJ, FEC Probes of Jasmine Crockett
LC - Lima Charlie Loud and Clear Welcome to The Stew and The Nunn presents, Lima Charlie. For those not versed in military phonetic alphabet, Lima Charlie means Loud and Clear The purpose of this series is to spotlight the GWOT era with GWOT veterans telling their stories. Our guest this week is KJ.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Google has announced a $32 billion ALL CASH acquisition of the Israeli cybersecurity startup Wiz, making it one of the largest deals in the company's history.A newly discovered zero-day vulnerability in Windows allows attackers to escalate privileges, potentially granting them full control over affected systems.Security researchers have identified new intrusion techniques used by the SocGholish malware framework, which is increasingly being leveraged to distribute ransomware.Security researchers have uncovered a new technique that allows attackers to disable Endpoint Detection and Response (EDR) solutions using Windows Defender Application Control (WDAC).Security researchers have discovered undocumented commands in a widely used Bluetooth chip, potentially exposing over a billion devices to security risks.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of the LimaCharlie community.The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant operational challenges as budget constraints force it to scale back key cybersecurity programs.Scammers are taking a new approach to extortion by mailing physical ransom letters to victims, claiming to be the operators of the BianLian ransomware group.A newly identified advanced persistent threat (APT) group, dubbed "Crafty Camel," has been targeting aviation operational technology (OT) systems using a sophisticated technique involving polyglot files. A new malvertising campaign is leveraging deceptive online ads to distribute information-stealing malware hosted on GitHub, highlighting an ongoing evolution in cybercriminal tactics.Security researchers have disclosed details of multiple vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems that could be exploited to facilitate attacks on industrial environments.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korea's state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange. The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks. GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ransomware payments saw a significant drop in 2024, falling by 35% compared to the previous year. Law enforcement agencies have arrested a suspected core member of the 8Base ransomware group, marking a significant development in efforts to combat cybercrime. The XE Group, a financially motivated cybercrime organization, has shifted its tactics from traditional card-skimming attacks to more sophisticated supply chain compromises.Security researchers at watchTowr have demonstrated a supply chain attack technique that surpasses the scale and stealth of the infamous SolarWinds breach.A newly discovered cyber-espionage campaign is targeting government and military entities in South Asia, according to researchers at Unit 42.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Lumma Stealer, an information-stealing malware, has been observed using new evasion techniques to avoid detection.Researchers at CloudSEK have uncovered a trojanized version of the xWorm Remote Access Trojan (RAT) builder that is being secretly distributed among cybercriminals. A recent disclosure by security researcher Zach Latta highlights how the Washington State Department of Transportation (WSDOT) inadvertently exposed sensitive server credentials on its public website.A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet's FortiOS has been actively exploited in the wild, allowing attackers to execute arbitrary code or gain unauthorized access to affected systems.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats. SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS's Server-Side Encryption with Customer-Provided Keys (SSE-C).A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access. Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada. In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers. SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.
On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.'Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia's close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.
This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.
In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.
In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware.Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms. A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories. A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022. And you can subscribe to Detection Engineering Weekly here.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment.The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore.Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider. Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia's APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.This tool helps security researchers identify vulnerabilities within macOS's sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VMRay's analysis on Latrodectus highlights the malware family's development, detailing how it evolved from simple loaders to highly evasive, sophisticated malware.The WarmCookie malware is a recent, persistent threat known for its self-updating capabilities, specifically designed to evade security tools and establish long-term presence in systems. Fortinet recently disclosed a critical zero-day vulnerability in its FortiManager product, assigned CVE-2024-47575, which has been actively exploited in the wild.The European Union (EU) recently updated its product liability framework to better address the challenges of the digital age and support the shift toward a circular economy. Linux creator Linus Torvalds recently reaffirmed the expulsion of Russian maintainers from the Linux MAINTAINERS file due to sanctions compliance, sparking discussion within the open-source community.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil's Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK's decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations. Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware. Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a range of sophisticated methods.Comcast recently disclosed that over 237,000 customers had their personal data compromised due to a ransomware attack targeting a former debt collection agency, Financial Business and Consumer Solutions (FBCS).TrustedSec's research on EKUwu sheds light on a significant Active Directory Certificate Services (AD CS) vulnerability that allows attackers to misuse version 1 certificate templates. Stats on business outcomes after breaches referenced by Matt.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.The Andariel hacking group, a subgroup of North Korea's Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Apple's release of macOS 15, or Sequoia, has caused significant disruptions for several security tools and software vendors, including CrowdStrike, SentinelOne, Microsoft, and others.Attackers are exploiting GitHub notifications for phishing by sending legitimate-looking alerts with malicious URLs.Truffle Security's research exposes a significant issue in GitHub's handling of deleted and private repository data via Cross Fork Object Reference (CFOR).AhnLab's report details Supershell, a malware targeting Linux SSH servers via brute-force attacks.Since 2022, Mandiant has tracked DPRK IT workers infiltrating global organizations by posing as non-North Koreans to fund the regime's weapons programs and evade sanctions.In August 2024, Telegram CEO Pavel Durov was arrested in France, facing charges for allowing criminal activities to proliferate on the platform, including the distribution of illegal content such as child sexual abuse material.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Fortinet responded by confirming that the breach involved unauthorized access to files on a third-party cloud-based shared drive, affecting a small portion of customer data.Hackers are targeting Oracle WebLogic servers with a new Linux malware named "Hadooken," which is designed to deploy a cryptominer and facilitate distributed denial-of-service (DDoS) attacks. Microsoft has reclassified a previously patched bug, CVE-2024-43461, as a zero-day vulnerability actively exploited by the "Void Banshee" threat group.Security researchers from Tenable revealed a critical remote code execution vulnerability in Google Cloud Platform that could have allowed attackers to run malicious code on millions of Google's servers.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Specula C2 framework represents a sophisticated attack method that transforms Microsoft Outlook into a command-and-control system by exploiting its Home Page feature. Attackers exploit browser notifications in Chromium-based browsers by tricking users through CAPTCHA-like prompts to enable notifications.The Biden administration has launched an initiative aimed at addressing the growing cybersecurity talent shortage, which has reached critical levels. Mustang Panda, a Chinese state-backed cyber-espionage group, has adapted its tactics by launching a USB-based attack campaign that leverages a worm for self-propagation across air-gapped networks.