The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community.

• On March 24, The Atlantic’s editor-in-chief Jeffrey Goldberg reported a significant OPSEC failure involving U.S. Secretary of Defense Pete Hegseth, who allegedly sent him detailed U.S. military plans over Signal—an encrypted messaging app—on March 15.
• A newly discovered supply chain attack on the npm ecosystem is targeting developers by backdooring local packages through a process known as “manifest confusion.”
• Unit 42 researchers at Palo Alto Networks have uncovered an ongoing software supply chain attack targeting GitHub repositories via malicious GitHub Actions workflows.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Google has announced a $32 billion ALL CASH acquisition of the Israeli cybersecurity startup Wiz, making it one of the largest deals in the company’s history.
• A newly discovered zero-day vulnerability in Windows allows attackers to escalate privileges, potentially granting them full control over affected systems.
• Security researchers have identified new intrusion techniques used by the SocGholish malware framework, which is increasingly being leveraged to distribute ransomware.
• Security researchers have uncovered a new technique that allows attackers to disable Endpoint Detection and Response (EDR) solutions using Windows Defender Application Control (WDAC).
• Security researchers have discovered undocumented commands in a widely used Bluetooth chip, potentially exposing over a billion devices to security risks.

On today's episode of the Cybersecurity Defenders Podcast, we speak with Jen VanAntwerp, the Founder of Sober in Cyber.

Jen is a cybersecurity marketing professional and the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober and sober-curious individuals working in infosec. Jen is passionate about breaking the stigma of addiction recovery and is profoundly driven to increase the number of professional networking events that don’t revolve around alcohol. She is also the founder of JVAN Consulting, where she provides marketing consultation services to cybersecurity startups.

Sober in Cyber Discord can be found here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of the LimaCharlie community.

• The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant operational challenges as budget constraints force it to scale back key cybersecurity programs.
• Scammers are taking a new approach to extortion by mailing physical ransom letters to victims, claiming to be the operators of the BianLian ransomware group.
• A newly identified advanced persistent threat (APT) group, dubbed "Crafty Camel," has been targeting aviation operational technology (OT) systems using a sophisticated technique involving polyglot files.
• A new malvertising campaign is leveraging deceptive online ads to distribute information-stealing malware hosted on GitHub, highlighting an ongoing evolution in cybercriminal tactics.
• Security researchers have disclosed details of multiple vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems that could be exploited to facilitate attacks on industrial environments.

On this episode of The Cybersecurity Defenders Podcast we speak with Andrew Cook, CTO of Recon InfoSec, about lessons learned scaling Managed Security Operations.

On this episode of The Cybersecurity Defenders Podcast we speak with Philippe Humeau, CEO of CrowdSec, about Multimodal Offensive Artificial Intelligence (MOAI).

Philippe is a cybersecurity expert and seasoned entrepreneur with a deep passion for enhancing global internet security. He is the founder and CEO of CrowdSec, an innovative open-source platform that harnesses the power of community-driven threat intelligence to protect systems worldwide. Philippe's work focuses on collaborative approaches to cybersecurity, ensuring that organizations can stay ahead of evolving threats by pooling collective knowledge and resources. With years of experience building solutions that address complex security challenges, Philippe has made a significant impact on the field.

Before founding CrowdSec, Philippe successfully launched and led several companies within the cybersecurity space, further cementing his reputation as a thought leader and innovator. His journey reflects a commitment to addressing the most pressing challenges in the digital age, from fostering safer internet ecosystems to empowering businesses with the tools they need to defend against cyberattacks. Philippe is also an advocate for open-source technology and community-driven solutions, underscoring his belief that collaboration is key to combating global threats.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• North Korea’s state-backed Lazarus Group is believed to be responsible for the largest cryptocurrency heist ever recorded, stealing $1.5 billion from the Bybit exchange.
• The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.
• GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS.
• Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.
• Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.
• SEKOIA researchers have uncovered a previously unknown IoT botnet named PolarEdge, which has been operating covertly for an extended period.

On this episode of The Cybersecurity Defenders Podcast we talk with John Vaina, AI Researcher and Red Teamer, about AI risk and safety.

John is an expert in AI risk, safety, and security. John currently works as an AI red team operator, tackling some of the most complex challenges in the field. His work spans traditional cybersecurity concerns, such as identifying vulnerabilities in AI systems, to cutting-edge tasks like testing for emergent behaviors and conducting AI alignment and safety audits.

John’s expertise includes evaluating ethical and bias risks, ensuring model robustness, and running adversarial attack simulations to uncover potential weaknesses. Beyond these technical aspects, he also addresses broader safety issues, including scenarios involving CBRNE threats and other high-stakes risks.

John’s unique combination of technical skills, strategic thinking, and a focus on ethical considerations makes him a leading voice in ensuring that AI technologies are safe, secure, and aligned with human values.

In this episode of The Cybersecurity Defenders Podcast, we discuss stress management and avoiding burnout with Amanda Berlin, CEO of Mental Health Hackers.

Amanda is the Senior Product Manager of Cybersecurity at Blumira, where she collaborates with a talented team to make security more accessible. With a career in IT spanning nearly her entire adult life, her expertise includes infrastructure security, network troubleshooting, purple teaming, and security awareness training.

Beyond her role at Blumira, Amanda leads Mental Health Hackers, an organization dedicated to addressing the unique mental health challenges faced by cybersecurity professionals and heavy technology users. Through education and advocacy, she helps shine a light on the critical intersection of mental health and the tech industry.

All of the links:

Coffee bot: Donuts

Book: The Fearless Organization

American Psychological Association

Mental Health hackers next at: Bsides Charm in Baltimore, Blue Team Con in Chicago... check social media for more

On this episode of The Cybersecurity Defenders Podcast, we talk about security issues in the Arctic with Deepak Dutt, Founder of Zighra.

Deepak is a technology leader and entrepreneur on a mission to secure the future against AI-powered threats and to inspire founders to transform their ideas from zero to meaningful impact.

Deepak’s career began in the software space, inspired by his father’s passion for technology. In his late teens, he founded his first company in the eLearning space, which he successfully led to an acquisition, relocating to Ottawa at the age of 21.

While in Ottawa, Deepak balanced graduate studies with roles at Newbridge Networks and Nortel, where he spent nearly a decade gaining expertise in product development, go-to-market strategy, and technological innovation. These experiences reinforced his drive to harness technology’s transformative potential.

In 2009, Deepak founded his second startup, a cloud-based cybersecurity company. Over the years, he has participated in leading accelerators worldwide, including Barclays/Techstars, Creative Destruction Labs, and the Canadian Technology Accelerator. Today, as Founder and CEO of Zighra, he is building an operating system designed to defend against AI-powered attacks, working with financial institutions and governments to deliver robust security solutions powered by explainable AI, behavioral biometrics, and contextual intelligence.

A passionate advocate of the Zero to Impact philosophy, Deepak is committed to inspiring tech founders to embrace big challenges and develop innovations that drive meaningful change.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.

The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.

GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.

Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.

Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.

On this episode of The Cybersecurity Defenders Podcast, we explore MSSP partnerships and technology providers with Raffaele Mautone, CEO of Judy Security.

Raffaele brings a strong background in IT, sales, and operations, with extensive experience in cybersecurity and IT shaping the foundation of Judy Security. He has a proven track record of leading teams through successful acquisitions, strategic planning, and large-scale program deployments.

Throughout his career, he has worked with major companies like Duo, FireEye, McAfee, and Dell, focusing on marketing and sales strategies, business process improvements, and go-to-market programs.

Judy Security delivers enterprise-grade cybersecurity tailored for SMBs and MSPs. Their AI-powered platform is affordable, intuitive, and designed to seamlessly integrate with MSP business models while addressing the unique security challenges of SMBs. With Judy Security, businesses can stay protected with advanced, easy-to-use cybersecurity solutions—because safeguarding data shouldn’t be complicated.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Ransomware payments saw a significant drop in 2024, falling by 35% compared to the previous year.
• Law enforcement agencies have arrested a suspected core member of the 8Base ransomware group, marking a significant development in efforts to combat cybercrime.
• The XE Group, a financially motivated cybercrime organization, has shifted its tactics from traditional card-skimming attacks to more sophisticated supply chain compromises.
• Security researchers at watchTowr have demonstrated a supply chain attack technique that surpasses the scale and stealth of the infamous SolarWinds breach.
• A newly discovered cyber-espionage campaign is targeting government and military entities in South Asia, according to researchers at Unit 42.

On this episode of The Cybersecurity Defenders Podcast we talk about talent acquisition, training, and retention in the MSSP space with Paul Ihme, Cofounder & Managing Principle at Soteria.

Paul is a cybersecurity professional with extensive experience in both federal and private sectors. He is the co-founder and managing principal of Soteria, a firm that provides tailored cybersecurity solutions and strategic advisory services to help businesses defend against cyber threats 24/7. Soteria specializes in managed detection and response, domain monitoring, and risk management for Microsoft 365 environments among other things. Prior to founding Soteria, Paul held key roles in cybersecurity, including Vice President of Active Network Defense at JPMorgan Chase and as a Cyber Warfare Operator in the U.S. Air Force. Today, we are going to be discussing what it takes to Build a Skilled Team and exploring his experience with Talent acquisition, training, and retention in the MSSP space.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Lumma Stealer, an information-stealing malware, has been observed using new evasion techniques to avoid detection.
• Researchers at CloudSEK have uncovered a trojanized version of the xWorm Remote Access Trojan (RAT) builder that is being secretly distributed among cybercriminals.
• A recent disclosure by security researcher Zach Latta highlights how the Washington State Department of Transportation (WSDOT) inadvertently exposed sensitive server credentials on its public website.
• A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet’s FortiOS has been actively exploited in the wild, allowing attackers to execute arbitrary code or gain unauthorized access to affected systems.

On this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP.

Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and E*Trade, as well as public sector organizations including the U.S. Navy and the EPA.

Garret began his career as a security programmer at Texas Instruments, IBM, and Tandem Computers, later advancing to key roles at RSA, Netegrity, and Cisco. He is also the founder and creator of SecureAuth IdP, a two-factor authentication and SSO platform. Known for his expertise in security architecture, product development, and leadership, Garret is a thought leader in modern IT architecture, including mobile deployments, cloud, hybrid environments, and advanced authentication technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats.
• SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).
• The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C).
• A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access.
• Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.

Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.

Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she’s helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.

She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market.

You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark

On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light.

David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes.

David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community.

Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.
• In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada.
• In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers.
• SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.

MSSPs and other security service providers comprise the backbone of the cybersecurity industry. They are the organizations on the front line that keep the world running in the face of ever more sophisticated adversaries.

In this special series we are going to be exploring a variety of topics with seasoned experts around the ways they have learned to improve the effectiveness of their organizations.

Our guest today is Nick Gipson - the founder and CEO of Gipson Cyber.

Nick founded Gipson Cyber in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare.

Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.

Nick Gipson, the founder of Gipson Cyber, a company he launched in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare.

Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial Pipeline

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.

This episode was written by the talented Nathaniel Nelson.

Casey Ellis can be found on LinkedIn here.

On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.'

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”

This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack. The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack.  Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.

Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name.

In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities.

Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21.

Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware.

Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.
• U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms.
• A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories.
• A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022.

And you can subscribe to Detection Engineering Weekly here.

On this episode of The Cybersecurity Defenders Podcast we explore the reality of modern browser threats with John Tuckner, Founder at Secure Annex.

John, the founder of Secure Annex, an innovative platform focused on helping organizations manage and secure browser extensions. With over a decade of experience in cybersecurity and technical program management, they have held key leadership roles at companies like Tines, Cyderes, and Optiv. At Tines, they spearheaded multiple initiatives, including the creation of Tines Labs, the development of a natural language AI workflow tool, and the expansion of the Tines Library of automation workflows.

John’s career also includes building customer success engineering teams, driving security automation research, and implementing cutting-edge network and security solutions. They bring a wealth of expertise in creating scalable frameworks, strategic tools, and impactful automation technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment.

The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore.

Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider.

Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2024, and bring together all of the predictions for the future of cybersecurity.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.
• Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose.
• A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.
• Russia’s APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.
• Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."

On today's episode of The Cybersecurity Defenders Podcast we talk about cybercrime cottage industries with Reed McGinley-Stempel, the Co-Founder and CEO of Stytch

Stytch is a platform designed to streamline authentication, authorization, and fraud prevention in a way that enhances security while minimizing user friction. Stytch serves both consumer and B2B applications, offering a variety of authentication solutions, including features like Google One-Tap and Biometrics for consumer-facing applications, as well as SSO, Role-Based Access Control, and SCIM integrations for enterprise SaaS. Reed founded Stytch after witnessing the challenges teams face when building secure and user-friendly authentication solutions, a problem he first encountered while working at Plaid. He is also a proud duke alumni and was the recipient of the prestigious Fullbright Scholarship

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.
• U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency.
• The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).
• In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms.
• In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season.
• Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.

With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby’s story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled.
• CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.
• This tool helps security researchers identify vulnerabilities within macOS’s sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.
• Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.
• In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.
• After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.
• Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• VMRay's analysis on Latrodectus highlights the malware family’s development, detailing how it evolved from simple loaders to highly evasive, sophisticated malware.
• The WarmCookie malware is a recent, persistent threat known for its self-updating capabilities, specifically designed to evade security tools and establish long-term presence in systems.
• Fortinet recently disclosed a critical zero-day vulnerability in its FortiManager product, assigned CVE-2024-47575, which has been actively exploited in the wild.
• The European Union (EU) recently updated its product liability framework to better address the challenges of the digital age and support the shift toward a circular economy.
• Linux creator Linus Torvalds recently reaffirmed the expulsion of Russian maintainers from the Linux MAINTAINERS file due to sanctions compliance, sparking discussion within the open-source community.

On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel.

My guest today is Joshua Sitta, the co-founder and CTO of Sittadel, a cybersecurity company specializing in 24/7/365 Managed Detection and Response services. With a focus on enterprise-grade EDR solutions, Sittadel provides comprehensive cybersecurity monitoring and incident response. Before founding Sittadel, Joshua served as the Director of Enterprise Security Architecture at SouthState Bank, where he built a robust in-house cybersecurity program that safeguarded billions in assets. He brings a deep expertise in protecting organizations from modern cyber threats.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.
• Brazil’s Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.
• A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers.
• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.

On this episode of The Cybersecurity Defenders Podcast we examine how AI is revolutionizing compliance with Dr. Gaurav Banga, CEO of Balbix.

Gaurav Banga, the CEO and Founder of Balbix, an AI-powered cybersecurity risk management startup. Gaurav is an accomplished inventor with over 50 patents to his name, and he has a deep background in founding and leading multiple successful tech ventures. His journey into entrepreneurship is unique—it began over a decade ago when he was inspired by a book that eventually led him to leave academia and pursue his passion for deep tech.

Gaurav regularly speaks with CISOs, gaining firsthand insights into their biggest challenges as they navigate an increasingly complex cybersecurity landscape. As regulatory scrutiny around security disclosures intensifies, Gaurav offers a unique perspective on how AI can reshape the future of risk management, helping organizations strike the right balance between innovation and security.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload.
• There is uncertainty surrounding the .io domain following the UK’s decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.
• The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations.
• Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.
• Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.
• The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.

On this episode of The Cybersecurity Defenders Podcast we speak with Rich Heimann, AI researcher and author.

Rich is a visionary leader in artificial intelligence and business transformation. As a Chief Artificial Intelligence Officer, Rich has a proven track record of developing and deploying AI solutions that drive measurable impact across a range of industries. Known for his ability to blend technical expertise with strategic insight, he consistently helps organizations unlock the full potential of AI to achieve real business results. Rich is also committed to ethical AI practices and excels at building innovative, high-performing teams. He’s recently authored a new book titled Generative Artificial Intelligence Revealed.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware.
• Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.
• Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a range of sophisticated methods.
• Comcast recently disclosed that over 237,000 customers had their personal data compromised due to a ransomware attack targeting a former debt collection agency, Financial Business and Consumer Solutions (FBCS).
• TrustedSec's research on EKUwu sheds light on a significant Active Directory Certificate Services (AD CS) vulnerability that allows attackers to misuse version 1 certificate templates.

Stats on business outcomes after breaches referenced by Matt.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.
• The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations.
• A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.
• The Andariel hacking group, a subgroup of North Korea’s Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.
• Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.

On this episode of The Cybersecurity Defenders Podcast, we dive into cryptocurrency and it’s role in money laundering with BBC journalist and author Geoff White.

Geoff is an accomplished author, speaker, investigative journalist, and podcast creator with over 20 years of experience, focusing on organized crime and technology. He has worked with major outlets including the BBC, Audible, Penguin, Sky News, and The Sunday Times, covering topics such as financial crime, money laundering, cryptocurrency, and cybercrime. His recently released book, Rinsed, dives into how technology is transforming the money laundering industry, and was published by Penguin back in June of 2024.

His previous book, The Lazarus Heist, followed the success of the hit BBC podcast series he co-hosted, which investigated North Korea’s cyber operations. He’s also the author of Crime Dot Com, which explores the global rise of hacking, and has created multiple podcast series for Audible, including The Dark Web and Artificial Intelligence: Friend or Foe?

In addition to writing, he is a sought-after public speaker who has given keynote talks for brands like Microsoft, MasterCard, and HSBC. He has also won numerous awards for his reporting, including his work on the Snowden leaks and his investigations into internet fraud.

Rinsed: From Cartels to Crypto How the Tech Industry Washes Money for the World's Deadliest Crooks

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Apple’s release of macOS 15, or Sequoia, has caused significant disruptions for several security tools and software vendors, including CrowdStrike, SentinelOne, Microsoft, and others.
• Attackers are exploiting GitHub notifications for phishing by sending legitimate-looking alerts with malicious URLs.
• Truffle Security's research exposes a significant issue in GitHub’s handling of deleted and private repository data via Cross Fork Object Reference (CFOR).
• AhnLab’s report details Supershell, a malware targeting Linux SSH servers via brute-force attacks.
• Since 2022, Mandiant has tracked DPRK IT workers infiltrating global organizations by posing as non-North Koreans to fund the regime's weapons programs and evade sanctions.
• In August 2024, Telegram CEO Pavel Durov was arrested in France, facing charges for allowing criminal activities to proliferate on the platform, including the distribution of illegal content such as child sexual abuse material.

On this episode of The Cybersecurity Defenders Podcast we talk about some of the common pitfalls faced by founders with Andrew Plato, Founder & CEO of Zenaciti.

Andrew is an experienced CEO, founder, author, and cybersecurity expert. In 1995, Andrew founded Anitian, one of the earliest cybersecurity companies on record, where he pioneered innovations in intrusion detection, endpoint security, and cloud security. He led the development of a revolutionary automated platform for secure cloud environments, and under his leadership, Anitian formed strategic partnerships with major tech companies like AWS, Microsoft, and Trend Micro before he exited the company in 2022. Andrew also leads Zenaciti, providing business and security intelligence, and recently founded Screenopolis, focusing on media analysis. He is also the author of The Founder’s User Manual: Practical Strategies for the Startup Leader.

On this episode of The Cybersecurity Defenders Podcast we talk about low noise threat detection with Joshua Neil, Founder at Alpha Level.

Josh is a seasoned expert with over 20 years of experience in developing data-driven solutions to security challenges faced by both the U.S. Government and industry at large. With a deep understanding of enterprise security, they are focused on the fact that perimeter defenses alone aren't enough to prevent attackers from breaching systems. They emphasize the importance of visibility into enterprise behavior, the need for statistical methods in attack detection, and the interconnected nature of attacks across multiple endpoints. Their work revolves around quantifying security-relevant rare events and leveraging context to support analysts in distinguishing true breaches from false positives.

Statistical Inference by George Casella and Roger Berger

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Fortinet responded by confirming that the breach involved unauthorized access to files on a third-party cloud-based shared drive, affecting a small portion of customer data.
• Hackers are targeting Oracle WebLogic servers with a new Linux malware named "Hadooken," which is designed to deploy a cryptominer and facilitate distributed denial-of-service (DDoS) attacks.
• Microsoft has reclassified a previously patched bug, CVE-2024-43461, as a zero-day vulnerability actively exploited by the "Void Banshee" threat group.
• Security researchers from Tenable revealed a critical remote code execution vulnerability in Google Cloud Platform that could have allowed attackers to run malicious code on millions of Google’s servers.

On this episode of The Cybersecurity Defenders Podcast we take a look at quantum cryptography with David Carvalho, CEO & Chief Scientist at Naoris Protocol.

David is the founder, CEO, and Chief Scientist of Naoris Protocol, a decentralized cybersecurity mesh. David is an accomplished leader and innovator who advises nation-states and highly regulated sectors on critical issues such as cyber espionage, cyber warfare, and cyber terrorism. He is deeply involved in blockchain-based projects, digital currencies, and cybersecurity innovations. With over 20 years of experience in the field, David has worked as a Chief Information Security Officer in multi-billion-dollar companies and brings a forward-thinking approach to risk mitigation, automation, AI, and next-gen cybersecurity. He continues to advise a wide range of organizations, from startups to national-level projects, on transformative strategies for the future.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• The Specula C2 framework represents a sophisticated attack method that transforms Microsoft Outlook into a command-and-control system by exploiting its Home Page feature.
• Attackers exploit browser notifications in Chromium-based browsers by tricking users through CAPTCHA-like prompts to enable notifications.
• The Biden administration has launched an initiative aimed at addressing the growing cybersecurity talent shortage, which has reached critical levels.
• Mustang Panda, a Chinese state-backed cyber-espionage group, has adapted its tactics by launching a USB-based attack campaign that leverages a worm for self-propagation across air-gapped networks.

On this episode of The Cybersecurity Defenders Podcast, we unpack the hacker mindset with Ken Westin, Senior Solutions Engineer at LimaCharlie.

Ken is a seasoned thought leader in cybersecurity who has spent years analyzing and understanding the intricacies of cyber threats and the methods behind them. Ken has a unique ability to identify emerging trends in the industry and for figuring out how businesses can protect themselves before they fall victim to attacks.

Previous to his current role, Ken was the Field CISO at Panther, where he developed workshops and delivered them around the world. His career also includes significant contributions at Cybereason, Elastic, and Splunk, where he drove security growth, developed innovative tools, and shaped industry conversations on cybersecurity. Ken has been a key spokesperson in the industry, frequently quoted in the media and featured at major conferences like Black Hat and DEF CON.

Ken recently joined the team at LimaCharlie as a Senior Solutions Engineer, with the intent to use his deep expertise to help organizations build robust security strategies.

Ken's reading list:

“Daemon” - Daniel Suarez

“Cryptonomicon” - Neal Stephenson

“The Myth of Normal” - Gabor Maté

“Threats: What Every Engineer Should Learn From Star Wars” - Adam Shostack

“The Mitrokhin Archive” Christopher Andrew & Vasili Mitrokhin

“The Road” - Cormac McCarthy

The song at the end of the podcast:

Decrypted Savant - Mercator Misconceptions

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.
• The Black Lotus Labs team at Lumen Technologies have uncovered a group of hackers linked to the Chinese government which have exploited a previously unknown software vulnerability to target U.S. internet service providers.
• Earlier in August, a North Korean hacking group exploited a previously unknown bug in Chrome-based browsers, aiming to steal cryptocurrency, which was reported by Microsoft in a recent update.
• The Dutch Data Protection Authority, or Dutch DPA, has hit Clearview AI with a €30.5 million fine—about $33.7 million—for illegally collecting data using facial recognition, including photos of Dutch citizens.
• Energy giant Halliburton has confirmed that its systems were hacked, and intruders were able to steal information following a cyberattack last week.

On this episode of The Cybersecurity Defenders Podcast, we speak with George Gerchow, Head of Trust at MongoDB, about the current narrative surrounding AI in cybersecurity. George challenges the dominant focus on AI as a threat and instead highlights its potential as a powerful ally in defending against sophisticated cyberattacks. We explore how AI-driven defense strategies are reshaping the landscape of proactive threat detection and automated response mechanisms, offering a fresh perspective on balancing security innovation with risk management.

George is an experienced executive who has played a key role in guiding highly regulated organizations as they establish and develop agile security, privacy, and compliance programs in fast-paced environments. George’s strong focus on relationships and customer engagement shines through in every interaction, both within his teams and with external clients. He is adept at implementing risk-based security programs that align with overall business objectives, effectively balancing risk reduction with cost management. During his six years at Sumo Logic, George was integral to the team's success in taking the company public and achieving FedRAMP Authorization. Currently, he serves as the Head of Trust at MongoDB, where he continues to drive excellence in security and compliance.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Starting in October, all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts.
• Documents from a lawsuit revealed that over 2.9 billion records are vulnerable after a massive hack of the Florida-based National Public Data network.
• Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote Code Execution - or RCE - vulnerability within the Windows TCP/IP stack.
• Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

On this episode of The Cybersecurity Defenders Podcast we speak with Jacob Salassi, Co-Founder at stealth startup, about product security.

Jacob brings over 10 years of experience in software engineering and cybersecurity to the table. Until four months ago, Jacob was a Security Architect at Snowflake, where he ensured every developer was wildly successful in owning security. Since then, he’s been diving into something new and exciting, working on a stealth startup. Before Snowflake, Jacob was busy bootstrapping application security programs in healthcare and engineering secure distributed systems for a hybrid-cloud security platform. He’s passionate about creating a development security experience that not only measurably reduces risk but also earns the love of engineers. In his own words, Jacob solves problems.

Books mentioned in the podcast:

Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time

Security Engineering: A Guide to Building Dependable Distributed Systems

Measuring and Managing Information Risk: A FAIR Approach

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A heated dispute at DEF CON over the custom electronic badges this year turned physical, leading to an altercation between two attendees.
• The U.S. Department of Justice has charged Matthew Isaac Knoot, a 38-year-old Nashville resident, with multiple crimes for aiding North Korean IT workers in securing jobs with U.S. and U.K. companies.
• The FBI has dismantled the infrastructure of the Dispossessor ransomware group, also known as Radar, which had rapidly gained prominence since its inception in August 2023.
• A critical flaw in Proofpoint’s email filtering service was recently discovered, allowing cybercriminals to impersonate major brands and send phishing emails that bypassed Proofpoint’s security.
• A newly discovered security flaw affects AMD processors dating back to 2006. The vulnerability, which impacts CPUs from the Athlon 64 to the Ryzen 7000 series, allows attackers to exploit speculative execution to access sensitive data.

On this episode of The Cybersecurity Defenders Podcast we talk about cybersecurity product development with Vijay Pitchuman, Director of Product for Identity Management at Okta.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• The Chinese hacker group GhostEmperor has re-emerged after a two-year hiatus, displaying new advanced capabilities and sophisticated evasion techniques.
• The Chinese company, Jiangsu Bangning Science & Technology Co., in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains.
• Following a report by the cybersecurity firm Sekoia.io, the Paris Public Prosecutor’s Office launched a preliminary investigation into a botnet involving millions of global victims, including thousands of machines in France.
• Microsoft has initiated significant changes to its Windows operating system following a critical incident involving CrowdStrike's kernel driver.

On this episode of the Cybersecurity Defenders podcast, we explore threat intelligence with Jamie Williams, Threat Intelligence Researcher at Palo Alto Networks' Unit 42.

Jamie is a seasoned professional in the field of cybersecurity. Before joining Unit 42, he made significant contributions at the MITRE Corporation as a Senior Principal Cyber Operations Engineer. During his tenure at MITRE, Jamie led the development of MITRE ATT&CK® for Enterprise, focusing on adversary emulation and behavior-based detections.

In addition to his full-time role, Jamie is also a member of the IANS Faculty, where he shares his extensive knowledge and experience with the cybersecurity community. With a rich background that includes time at the National Security Agency, Jamie brings a wealth of expertise to the podcast.

Katie Nickels blog can be found here.

Google Mandiant's article on requirement-driven intelligence can be found here.

On this episode of The Cybersecurity Defenders Podcast we sit down with Lee Sult, Chief Investigator at Binalyze, and talk about incident response (IR).

Lee is a seasoned cybersecurity expert and investigator with extensive experience in digital forensics and incident response. He is the Chief Investigator at Binalyze and has a strong track record at prestigious organizations like Trustwave-SpiderLabs and Palantir. Lee has supported the US Secret Service and managed complex cybersecurity incidents for Fortune 50 companies.

As the co-founder and former CTO of Horangi Cyber Security, Singapore's first cybersecurity startup, Lee's leadership and collaboration skills have significantly impacted the region's cybersecurity landscape. Passionate about mentoring, Lee actively contributes to cybersecurity communities and supports up-and-coming entrepreneurs.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Blast-RADIUS is a vulnerability in the RADIUS protocol that allows a man-in-the-middle attacker to forge valid protocol accept messages in response to failed authentication requests.
• The blog post on Syntax-Err0r details a technique for silently installing a Chrome extension to maintain persistence, bypassing typical detection methods.
• American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators using AT&T's wireless network.
• The U.S. Department of Commerce added Kaspersky to its Entity List, barring U.S. businesses from engaging with the company due to national security concerns related to the Russian government's influence over Kaspersky's operations.
• On July 19th Crowdstrike distributed a faulty update to its Falcon sensors that caused widespread problems with computers running Microsoft Windows. As a result, roughly 8.5 million systems crashed, bringing up the feared blue screen of death, in what is being called the largest IT outage in history (+outage 1-month ago, +outage 3-months ago).

On this episode of The Cybersecurity Defenders Podcast we talk threat detection & research with Zack Allen, Security Detection & Research Leader at Datadog.

Zack is a seasoned security research, engineering, and product leader with over a decade of experience in building organizations that create impactful security for customers. Zack specializes in threat research and intelligence, cloud security, software engineering, and DevOps. His expertise has significantly contributed to advancing the field of cybersecurity. He is also the visionary behind Detection Engineering Weekly, a platform that provides insights and updates on the latest in detection engineering.

You can subscribe to Zack's newsletter here.

On this episode of The Cybersecurity Defenders Podcast we speak with Gene Yu, Founder & CEO of Blackpanda.

Gene has a diverse background, with early roles at Palantir's Asia office and Credit Suisse on Wall Street. He also served as a team leader in the US Army Special Forces, completing four combat tours in Iraq and the Southern Philippines. Gene is an active angel investor, renowned for leading the successful rescue of Evelyn Chang from Abu Sayyaf terrorists in 2013. He graduated with top honors in computer science from West Point and has attended Johns Hopkins University and Stanford's Executive Program.

Gene’s book, about the incredible rescue of Evelyn Chang, can be purchased here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Likely the biggest password leak ever: nearly 10 billion credentials exposed.
• Eldorado is a newly discovered ransomware-as-a-service operation targeting both Windows and Linux systems.
• OVHcloud has reported mitigating a record-breaking distributed denial-of-service attack that peaked at 840 million packets per second.
• Cisco has issued a warning about a critical remote code execution vulnerability named "regreSSHion," tracked as CVE-2024-6387, affecting OpenSSH on glibc-based Linux systems.
• In the first half of 2024, cryptocurrency thefts amounted to $1.4 billion, significantly driven by rising crypto prices and a few large-scale attacks.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A high-severity security vulnerability in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's been spotted being actively exploited in the wild just hours after it was made public.
• A new version of the P2P worm, P2PInfect, that targets Redis servers running on both Linux and Windows systems, which is aimed at deploying both ransomware and cryptocurrency mining payloads, is out in the wild.
• The polyfill.io domain, used for providing backward compatibility for older browsers, has been shut down amid accusations of malicious activity after recently being acquired by Chinese firm Funnull, and was allegedly redirecting users to malicious sites and employing evasion techniques.
• The Germany-based company behind the world-famous remote desktop software TeamViewer has confirmed that in 2016 TeamViewer software was compromised.

On this episode of The Cybersecurity Defenders Podcast, we talk about automating security detection engineering with Dennis Chow, Security Engineer at EY.

Dennis is a multi-industry and seasoned cybersecurity operations leader. Using his experience, he helps organizations achieve their maximum security potential through hybrid training, sec ops management, engineering, and cross-disciplinary integration. He is also a published author, and a veteran of the armed forces.

Dennis Chow's book on Automating Security Detection Engineering can be purchased here.

Megan Rodie's book on Practical Threat Detection Engineering can be purchased here.

On this episode of The Cybersecurity Defenders Podcast, we talk AI-powered cybersecurity with Rodrigo Loureiro, CEO of Cyber Connective Corporation.

Rodrigo's extensive experience includes roles as a global Chief Information Officer where he managed a $215M IT budget and oversaw a team of 1800 people, ensuring world-class infrastructure services around the clock.

In addition to his executive roles, Rodrigo is a bestselling author of 'Game On - Leaders Who Last', where he explores the necessity of adaptability and open-mindedness in leadership, particularly within the technology sector. He is also an Operational Partner at the Executive Enterprise Venture Fund, focusing on innovative cybersecurity and AI investments. A recognized keynote speaker and expert in aligning technology with business strategy, Rodrigo’s insights are invaluable to anyone interested in the future of tech and leadership.

On this episode of The Cybersecurity Defenders Podcast, we speak MIke Pedrick and Adriano Carvalho about the ongoing CDK Global cybersecurity incident.

Mike Pedrick is an experienced cybersecurity practitioner with too many certs to list off. He makes his way through the world as a vCISO and happens to have a deep interest in the automobile sector.

Adriano Carvalho is consulting partner with the Reynolds and Reynolds company, who has spent over 10 years immersed in the automotive industry.

The incident: CDK Global experienced a significant cyberattack starting on June 18, 2024, which led to the shutdown of its systems affecting approximately 15,000 automotive dealerships across the United States. The company, which provides crucial software solutions for dealership management, had to proactively shut down most of its IT systems to prevent the spread of the attack. This resulted in a major disruption of dealership operations, forcing employees to revert to manual processes such as writing work orders by hand.

CDK Global has been working with third-party experts to investigate the incident and has started to restore some of its services, including the core dealer management system. However, the full resolution of the issue is expected to take several days, and the company is continuously updating its customers on the progress. The company has emphasized that its priority is the security of its customers and is taking extensive measures to ensure systems are safe before bringing them back online.

The impact of the cyberattack has left many dealerships unable to conduct regular business activities, significantly affecting their operations. CDK Global has not yet disclosed who was behind the attack or if any sensitive data was compromised, but further updates are expected as the investigation continues​.

Mike can be found on LinkedIn here.

Adriano can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• SigmaHQ has introduced Sigma Correlations to enhance its rule-based detection capabilities, allowing for more sophisticated event correlation across multiple Sigma rules.
• Tyler Buchanan, a 22-year-old from the UK and alleged leader of the Scattered Spider hacking group, was arrested in Spain.
• Microsoft has issued an urgent update for all supported versions of Windows to address a critical Wi-Fi vulnerability, CVE-2024-30078.
• Three individuals— Yousef Selassie, Ugochukwu Emmanuel Nwosu, and David Gil—have been charged with operating Empire Market, a dark web marketplace that facilitated over $430 million in illegal transactions.
• In September 2022, Mandiant began investigating several intrusions conducted by UNC3886, a China-linked cyber espionage group, after discovering malware in ESXi hypervisors.

On this episode of The Cybersecurity Defenders Podcast, we speak with Gerard Johansen, Principal Security Solutions Specialist at Red Canary.

Gerard is a seasoned expert in the field of cybersecurity. Gerard holds the prestigious Certified Information System Security Professional - or CISSP. His extensive career includes serving as a Special Deputy United States Marshal for the FBI's Connecticut Computer Crimes Task Force and working as a Certification and Accreditation Analyst for a federal inter-agency unit. Gerard has conducted numerous technical and non-technical vulnerability assessments for both financial and government organizations, demonstrating his deep expertise in digital forensics and incident response.

With a wealth of experience in risk assessment, cyber threat intelligence, and penetration testing, Gerard is frequently sought after for his knowledge in corporate counterintelligence, threat emulation, and cloud security challenges. He has developed and maintained crucial industry relationships through ongoing professional development and is a trusted resource for information security seminars and training programs.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Mandiant has linked a series of data breaches affecting hundreds of Snowflake instances to the use of infostealer malware, primarily targeting non-Snowflake systems to harvest credentials.
• Authorities have ramped up something they are calling Operation Endgame which is an effort to capture a fellow that goes by the handle "Odd," the alleged mastermind behind the Emotet botnet.
• McAfee has identified a fake Bahrain government Android app masquerading as the Labour Market Regulatory Authority app, and is designed to steal personal data for financial fraud.
• A technical deep-dive on Operation Crimson Palace performed by Sophos X-ops: the operation exposes a sophisticated cyberespionage campaign targeting a Southeast Asian government, attributed to Chinese state interests.

On this episode of The Cybersecurity Defenders Podcast, we talk API security with Jeremy Snyder, Founder and CEO at FireTail.io.

FireTail.io is a pioneering company specializing in end-to-end API security. With APIs being the number one attack surface and a significant threat to data privacy and security, Jeremy and his team are at the forefront of protecting sensitive information in an increasingly interconnected world.

Jeremy brings a wealth of experience in cloud, cybersecurity, and data domains, coupled with a strong background in M&A, international business, business development, strategy, and operations. Fluent in five languages and having lived in five different countries, he offers a unique global perspective on cybersecurity challenges and innovations.

FireTail.io's data breach tracker.

vacuum - The world's fastest OpenAPI & Swagger linter.

Nuclei - Fast and customisable vulnerability scanner based on simple YAML based DSL.

On this episode of The Cybersecurity Defenders Podcast, we talk network threat hunting with Chris Brenton, COO at Active Countermeasures.

Chris is a dedicated professional with a passion for simplifying the process of threat hunting. Chris is deeply committed to enhancing cybersecurity knowledge through delivering both free and affordable security training. Alongside this, he plays a crucial role in the development of both open-source and commercially accessible threat hunting tools. Whether you’re aiming to sharpen your threat hunting skills or are looking to establish a robust threat hunting program within your organization, Chris is the go-to expert. Stay tuned as we dive deeper into his journey, and feel free to reach out to him directly to learn more or get involved.

You can find Chris on LinkedIn here.

And you can find Chris in Twitter here.

On this episode of The Cybersecurity Defenders Podcast, we speak with Alexander Byrne, Director of Corporate IT Compliance at Thrive.

Alexander is a seasoned expert in crafting dynamic information security and IT compliance strategies tailored to meet the needs of businesses ranging from SMBs to large enterprises. With a solid decade of experience, Alexander has delivered solutions across various industries including information technology, fintech, real estate, e-commerce, energy, and healthcare. His approach not only solves business challenges but also ensures alignment with industry best practices and compliance with regulatory requirements, ultimately enabling sustainable value through the technology and cybersecurity investment cycle.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Researchers have identified a new malware, called"GhostEngine," which targets vulnerable drivers to disable endpoint detection and response solutions.
• MITRE has released some more details on how Chinese state-sponsored hackers recently exploited VMware systems within MITRE's NERVE environment for persistence and evasion.
• The FBI has once again seized control of BreachForums, a notorious site known for trading stolen data, marking the second such action within a year.

Information on MSSN CTRL, the security automation and engineering conference, can be found here.

On this episode of The Cybersecurity Defenders Podcast, we speak with Andrew Katz, Senior Information Security Engineer at Jamf.

Andrew is a seasoned security engineer with a sharp focus on security automation. Over the past nine years, Andrew has honed his expertise in Python, API development, AWS, and Docker to craft sophisticated automated security solutions. His journey includes leading the development of SOAR platforms at Jamf, which enhanced distributed alerting systems to help SOC analysts combat alert fatigue. At Tevora, he offered his skills as a consultant, conducting enterprise-level cybersecurity risk assessments. Andrew's earlier roles as a Systems Engineer at Falck and an Information Technologist at GHD laid the groundwork for his profound understanding of IT, which feeds into his current security prowess. A holder of a CISSP and a Bachelor of Science in Geographic Science and Community Planning, Andrew brings a unique blend of technical skill and strategic insight to the field of cybersecurity.

The Security Engineering Newsletter can be found here: SecEng Newsletter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Some of the findings that were revealed by this leak about the inner workings of the Russian company Albatross and its Albatross-M5 UAVs, now being used in the war against Ukraine.
• The U.S. Department of Justice has charged Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, as the leader of the LockBit ransomware group.
• ESET reveals the persistent threat posed by the Ebury malware, which has compromised approximately 400,000 Linux servers since 2009, which was initially documented in 2014.
• Zoom has announced the global rollout of post-quantum end-to-end encryption for its video meetings, a significant step forward in securing communications against future quantum computing threats.
• Dropbox recently disclosed a security breach impacting its Dropbox Sign eSignature service.

On this episode of The Cybersecurity Defenders Podcast, we speak with Kane Narraway, Head of Enterprise Security at Canva, about Zero Trust architecture.

Kane brings over a decade of experience to the table, specializing in enterprise security, cloud security, and risk management. He's known for his groundbreaking work in building zero trust architectures at some of the world’s largest tech companies, often from scratch during the early days of zero trust when solutions were not readily available.

Kane's career is marked by notable achievements, including integrating multi-billion dollar acquisitions and establishing robust security frameworks for regulations like SOC2, PCI-DSS, and HIPAA. He’s not only a director who has scaled technology companies from startup to enterprise level but also a passionate leader who has nurtured diverse teams, promoting autonomy and inclusivity. Outside of his direct work, Kane is dedicated to giving back to the community—whether it’s sharing cybersecurity insights, mentoring at boot camps, or volunteering at conferences. Join us as we gain insights from his extensive experience and innovative approaches to tackling some of the most complex challenges in cybersecurity today.

Kane's blog can be found here.

On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report.

The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted​​.

The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures​.

You can download the full report here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the intersection of CTI & Detection Engineering with Wade Wells, Lead Cybersecurity Threat Detection Engineer.

Wade Wells, a seasoned cyber security expert whose passion for technology was sparked at an early age. Growing up with a computer built from parts his dad found dumpster diving, Wade learned how to navigate MS-DOS before he could even spell 'windows'. His lifelong fascination with technology and rule-bending led him naturally into the world of cybersecurity. Today, Wade hunts for evil within networks, reveling in the continuous pursuit of knowledge and the thrill of uncovering deeper insights. Join us as we dive into his journey, explore the challenges of threat hunting, and discuss how his work contributes to a greater cause in cybersecurity.

Sublime Security: Email security that's not a black box

Salem Cyber: Find the alerts that actually matter

Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities

Psychology of Intelligence Analysis

And the TV show Devs.

On this episode of The Cybersecurity Defenders Podcast we take a closer look at the RSA Conference: past, present and future.

The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

On this episode of The Cyebrsecurity Defenders Podcast, we talk platformization and the SecOps Cloud Platform with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie.

In a world where digital transformation has become the norm, cybersecurity professionals face unprecedented challenges. The traditional approach of managing dozens of disparate point solutions and siloed security tools, while attempting to control costs, is no longer sufficient.

It's time to embrace a new era of cybersecurity in the SecOps Cloud Platform – one that treats cybersecurity as a set of capabilities much like how cloud providers did for IT. We challenge you to question the status quo and to open your mind a new way of thinking about security operations.

You can get started for free at limacharlie.io

• In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.
• Ukrainian hackers claim to have breached the Russian drone developer Albatross, leaking 100 gigabytes of data, including internal documentation, technical data and drawings of various types of unmanned aerial vehicles.
• A critical vulnerability in Atlassian Confluence Data Center and Server was used to deploy a Linux variant of Cerber ransomware.
• Cisco Talos are actively monitoring a global increase in brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services since at least March 18, 2024.
• An emerging threat campaign named ArcaneDoor, orchestrated by a previously unknown actor identified as UAT4356, now also known as STORM-1849 by Microsoft.
• The MITRE Corporation reported a significant security breach within one of its specialized networks, the Networked Experimentation, Research, and Virtualization Environment - or NERVE.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Open Source Intelligence with Mishaal Khan, Cybersecurity Practice Lead at Mindsight.

Misshal is a jack of all trades and master of some! With a profound knack for thinking like the bad guys, Misshal harnesses his extensive knowledge—from the nitty-gritty of bits and bytes to intricate business processes. As a techie, Ethical Hacker, OSINT enthusiast, and Social Engineer, he leverages his diverse skillset to help organizations fortify their defenses and tackle real-world security challenges.

You can find out more about his book, The Phantom CISO, on his website, here.

And you can learn more about Operation Privacy here.

In this episode of The Cybersecurity Defenders Podcast, we discuss the GRU-backed cyber unit Sandworm which was recently promoted to APT44 by Mandiant.

Sandworm is a notorious hacking group, believed to be linked to Russia's military intelligence agency, the GRU. Known for its destructive cyberattacks, Sandworm has targeted various sectors worldwide, including energy, media, and election systems. Their activities are marked by the use of sophisticated malware and tactics that not only seek to steal information but also to disrupt critical infrastructure. The group gained international prominence with attacks like NotPetya in 2017, which caused billions of dollars in damage across multiple countries, emphasizing their capability to impact global cyber stability.

The name "Sandworm" is inspired by the monstrous creatures from Frank Herbert's science fiction novel "Dune," reflecting the group's elusive and destructive nature. Over the years, Sandworm's operations have evolved, showcasing their adaptability and the increasing complexity of their attacks. This evolution highlights the growing challenges in cybersecurity, making the understanding of such threat actors crucial for developing robust defense strategies against state-sponsored cyber warfare.

YouTube video showing Sandworm attacking a Ukrainian power plant here.

Episode #56 - When the lights went out in Ukraine (Part 1)

Episode #74 - When the lights went out in Ukraine (Part 2)

Episode #16 - NotPetya

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• eSentire's Threat Response Unit has observed FakeBat loader being distributed via FakeUpdates, ultimately leading to a LummaC2 infection via a custom-written PaykRunPE provided by the FakeBat Threat Actors.
• CISA is investigating a breach at business intelligence company Sisense and urged all Sisense customers to reset any credentials and secrets that may have been shared with the company.
• CISA has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.
• Volexity identified a zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring customers.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Digital Forensics with Carlos Cajigas, CTO of Covert Bit.

Carlos is a seasoned Incident Response professional hailing from San Juan, Puerto Rico. Carlos's journey in the field began after dedicating over a decade to law enforcement, specializing as a Digital Forensics Detective and Examiner in West Palm Beach, Florida. His extensive experience spans conducting detailed examinations on numerous digital devices, backed by hundreds of hours in specialized training from reputable institutions like EnCase, NW3C, Access Data, and SANS, to name a few. Carlos is not just an expert in the field; he's also a dedicated educator, holding instructor roles with both the Florida Department of Law Enforcement and SANS, where he teaches courses on Windows Forensic Analysis and Advanced Incident Response. With a solid academic foundation, Carlos brings a wealth of knowledge and insight into today's digital forensics and incident response landscape.

You can find Carlos on Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

On March 29, 2024 defenders became aware that a backdoor was intentionally planted inside of XZ Utils an open source data compression utility available on many installations of Linux and other Unix-like operating systems. The threat actors behind this implant likely spent years on this operation and were very close to getting the backdoor merged into Debian and Redhat before it was discovered.

The original disclosure email can be found here.

A technical break down of the compromise can be found here.

A Wired article covering the compromise in-depth can be found here.

In this episode of The Cybersecurity Defenders Podcast we have an in-depth talk about the cyber threat from China, with Adam Kozy and Daniel Velasquez.

Daniel started his career as a defender in the United States Marine Corps as an intelligence analyst where he served in Afghanistan - from there he went on to work with the Defense Intelligence Agency, Joint Special Operations Command and the CIA. After his service, he was a director at Mandiant and is now the Executive Vice President of OP[4] - a company providing security for critical devices and embedded systems.

Adam began his career as an intelligence analyst working with the Federal Bureau of Investigation where he provided all-source analysis of Asia-Pacifc related cybersecurity issues. After the FBI, Adam was the principal intelligence analyst for the Asia cyber team at CrowdStrike.

Currently, he is the founder of SinaCyber which is a boutique consulting firm combining native Chinese language research and cyber intelligence expertise to create bespoke reports for government officials, technology firms, and financial institutions under threat from China's rampant cyber espionage campaigns.

The history of China and its people goes back to ancient times. It is a rich and beautiful culture that has given much to the world in the form of art, ideas and technology. When we talk about China or the Chinese in this podcast episode we are specifically talking about the Chinese Communist Party - or CCP - which are a group of elites offering an increasingly authoritarian world view and alternative model to Western ideals of democracy and freedom.

The Chinese people themselves are not your enemy. Current laws in China make it easy for the CCP to co-opt its citizenry for use in intelligence operations, wittingly and unwittingly.

Unnecessarily making this into a racial divide alienates the folks that can help us the most in the coming years and provides more ammunition for Beijing.

It was an incredible honor to speak with these two, and I hope you enjoy this conversation full of valuable information.

Adam's testimony before the U.S.-China Economic and Security Review Commission Hearing on, “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States” here.

The Mandiant report on APT1 can be found here.

In this episode of The Cybersecurity Defenders Podcast we speak with Salvador Mendoza, Director of Research and Development at Metabase Q, about the tokenization of payment systems.

Salvador is a prominent figure in the cybersecurity industry and holds the position of Director of Research and Development at Metabase Q. He is also an integral member of the Ocelot Offensive Security Team. His area of expertise lies in the intricate world of the tokenization process, payment systems, and the development of embedded prototypes. With a commendable history of presenting at high-profile security conferences including Black Hat, DEF CON, Hack in the Box, and Troopers, Salvador brings a wealth of knowledge and insight to our discussion. Furthermore, he is the author of the insightful book, "Show me the e-money. Hacking digital payment systems: NFC, RFID, MST and EMV Chips," where he delves into the vulnerabilities and security measures of digital payment technologies.

You can find his book for purchase here.

And you can find the PCI spec here.

You can follow Salvaador on Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Unit 42 have recently identified a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and U.S.
• Researchers at Mandiant on Friday raised an alarm after discovering Russia’s APT29 hacking group targeting political parties in Germany, indicating a possible new operational focus beyond typical attacks on diplomatic figures.
• The newly discovered vulnerability baked into Apple’s M-series of chips that allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations.
• The Department of Justice this week charged seven Chinese nationals, who are affiliates of threat group APT31, with widespread cyber espionage against US businesses and politicians.

In this episode of The Cybersecurity Defenders Podcast we speak with Grace Chi, CoFounder & COO of Pulsedive Cyber Threat Intelligence about a report she published on cyber threat intelligence networking.

Cyber Threat Intelligence (CTI) is an evolving field, with an industry-wide consensus that teams cannot effectively operate in an intelligence silo. This sentiment is shared across all stakeholder segments – public, private, vendor, and academic. In support of improved CTI sharing, stakeholders have invested in efforts around cross-boundary collaboration, technical standardization, managing trust, and reporting best practices. However, understanding the time and effort spent in CTI networking (i.e. connecting human-to-human for improved business outcomes) is often overlooked.

The report can be found here: Sharing, Compared: A Study on the Changing Landscape of CTI Networking

The Op Ed mentioned in the show: Op-Ed: How tro Make STIX Stickie

And the subreddit mention on the show (possibly NSFW): LinkedIn Lunatics

Pulsedive can be found on Twitter here.

Grace can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

Threat actors have been actively targeting vulnerable Connect Secure VPN appliances after the disclosure of CVE-2023-46805 and CVE-2023-21887.

Threat researchers recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code.

In the last week of January 2024, a patch was released to address a directory traversal vulnerability in the package that allows unauthenticated, remote attackers to access sensitive information from arbitrary files on the server if exploited.

On March 8th, Microsoft said that it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• North Korean threat actors known as the Lazarus Group exploited a zero-day in the Windows AppLocker driver to gain kernel-level access and turn off security tools, allowing them to bypass noisy Bring Your Own Vulnerable Driver techniques.
• Researchers observed threat actors run the Angry IP Scanner, followed by some Mimikatz functions, and then the kicker, the open-source QEMU hardware emulator and virtualizer.
• Threat actors have been observed installing RMM tools as a means of maintaining persistence within a compromised organization.
• Hackers breached some of the systems belonging to CISA in February through some known vulnerabilities in Ivanti products.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Hammond, Principal Security Researcher at Huntress, tell the story of the MOVEit cyberattack: the biggest data theft of 2023.

The MOVEit cyberbreach, was a far-reaching cyber attack that unfolded with significant implications worldwide. The breach initially came to light on June 3, when the Government of Nova Scotia disclosed that approximately 100,000 of its current and former employees had been affected, signaling the severity of the breach's impact.

The scope of the breach widened on June 5, as it became apparent that numerous organizations in the United Kingdom had also fallen victim. Among those affected were prominent entities such as the BBC, British Airways, Boots, Aer Lingus, and the payroll service provider Zellis. This phase of the breach underscored its indiscriminate nature, with targets spanning across various sectors.

Further developments were reported on June 12, with major organizations like Ernst & Young, Transport for London, and Ofcom announcing their entanglement in the breach. Of particular concern was Ofcom's revelation that personal and confidential information had been compromised, highlighting the breach's capacity to infiltrate and extract sensitive data.

The United States felt the breach's ramifications by June 15, with reports confirming that the Department of Energy, among other federal entities, was impacted by the MOVEit vulnerability. The breach's reach extended further on June 16, affecting state-level organizations such as the Louisiana Office of Motor Vehicles and Oregon Driver and Motor Vehicle Services, thereby impacting millions of American residents.

By October 25, 2023, a report from the cybersecurity firm Emsisoft indicated that the MOVEit cyberbreach had affected over 2,500 organizations globally, with a significant 80% of these being based in the United States. This breach highlights the critical vulnerabilities within digital infrastructures and underscores the urgent need for enhanced security measures to protect against such widespread cyber threats.

This story was written by the talented Nathaniel Nelson and produced by the team at LimaCharlie.

And a special thank you to John Hammond, Principal Security researcher at Huntress, for sharing his expertise and experience

If you have any feedback or ideas for future topics or guests, please send an email to defenders@limacharlie.io.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• AhnLab Security Intelligence Center published an article exploring Nood RAT. Nood RAT is a variant of Gh0st RAT that works in Linux.
• GTPDOOR is the name of Linux-based malware that is intended to be deployed on systems in telco networks adjacent to the GRPS eXchange Network with the novel feature of communicating C2 traffic over GTP-C Control Plane signaling messages.
• Researchers reporting on Pikabot evasion techniques for Endpoint Detection and Response systems by employing an advanced technique to hide its malicious activities known as “indirect system calls”.
• Nit 42 at Palo Alto Networks, they are reporting on a new Linux variant of Bifrost that is showcasing an innovative technique to evade detection.
• President Biden issued an Executive Order to protect Americans’ sensitive personal data from exploitation by countries of concern.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at weaponizing ASCII escape sequences with Fredrik (STÖK) Alexandersson from Truesec.

Fredrik (STÖK) Alexandersson is a dynamic individual driven by a boundless curiosity and a passion for sharing knowledge. With over three decades of professional experience, he's hacked his way through realms ranging from computers and technology to marketing, fashion, communication, and even the human psyche. Renowned for his lightning-fast presentations and his knack for making complex technical subjects entertaining, STÖK is a prominent figure in the cybersecurity community. His meticulous attention to detail, insatiable curiosity, and "Good Vibes Only" attitude have inspired millions worldwide and earned him recognition from industry giants like Salesforce, Microsoft, and Verizon Media, among many others. Currently, he working as a Hacker and Creative Director at TRUESEC.

You can follow him on Twitter/X here.

And you can watch his talk on Weaponizing ASCII escape sequences here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Law enforcement from 10 countries - in a joint operation called ‘Operation Cronos’ - have disrupted the criminal operation of the LockBit ransomware group.
• FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads through 2023 they are calling the TicTacToe dropper.
• Cisco Talos researchers have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.
• A massive leak from a Chinese Ministry of Public Security contractor called I-Soon shows that Bejing’s intelligence and military groups are attempting large-scale, systemic cyber intrusions against foreign governments, companies, and infrastructure.

In this episode of The Cybersecurity Defenders Podcast, we talk about cybersecurity issues as they relate to the space industry with Tim Fowler, Offensive Security Analyst at Black Hills Information Security.

Tim's unique blend of curiosity, determination, and passion for problem-solving make him stand out in the cybersecurity world. As a frequent speaker on topics ranging from Information Security to Open Source software, Tim's mission is clear: to empower others to take control of their journey and make a positive impact in the world of cybersecurity.

Currently Tim is working as an offensive security analyst for Black Hills Information Security - and he is here today to talk to use about the research he has been doing around cybersecurity in space…. and yes, it is as awesome as it sounds.

Tim’s upcoming training: Introduction to Cybersecurity in Space Systems

Resources mentioned in the show:

• TREKS Cybersecurity Framework
• Space Attack Research & Tactic Analysis (SPARTA)
• SPACE-SHIELD
• OpenSatKit
• NASA Core Flight System
• Tiny GS
• OpenC3
• NASA Operational Simulator for Small Satellites

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• ZScaler ThreatLabz are reporting on some recent campaigns, which started in February 2024, where they observed Pikabot reemerging with significant changes in its code base and structure.
• OpenAi is claiming that they have terminated accounts associated with state-affiliated threat actors.
• A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that were used to commit crimes by the GRU Military Unit 26165.
• SecurityWeek is reporting on the fine folks at CISA who are urging the patching of a Cisco ASA flaw that is being used in ransomware.

A document naming APT groups and operations can be found here.

In this episode of The Cybersecurity Defenders Podcast, we delve into an innovative, engineering-centered perspective on cybersecurity with Maxime Lamothe-Brassard, the Founder & CEO of LimaCharlie.

As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from development of cyber defence technologies, Counter Computer Network Exploitation, and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service.

After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defence and worked for Crowdstrike, Google and Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• The spectacular headline announcing a DDOS attack that involved 3-million electric toothbrushes.
• A hardware attack to bypass TPM-based encryption which is used on most Microsoft Windows devices.
• CrowdStrike researchers have identified a HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at WiFi attack methods, and the defenses to them, with Lennart Koopmann, Founder of the Nzyme Network Defense System.

Lennart Koopman, a tech enthusiast originally from Germany, now calling Houston, TX home. He began coding at a young age and chose to forgo formal education, diving straight into the world of computers after high school.

Lennart's career path led him through various roles, from assisting in a hospital's IT helpdesk to web development and eventually joining a startup. In 2009, he launched the Graylog log management system as a side project, marking his entry into the tech scene.

Currently, Lennart is focused on his latest endeavor: The nzyme Network Defense System, demonstrating his ongoing commitment to technological advancement.

The WiFiPhisher Github account can be found here.

Lennart’s talk at MSS CTRL (LINK) can be found here.

The Nzyme Network Defense System website can be found here.

Lennart can be found in Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the AnyDesk and Cloudflare breaches that were both disclosed on February 2, 2024.

AnyDesk, a prominent remote desktop software provider, disclosed a cyberattack late on February 2nd, causing the company to enforce strict security measures for nearly a week. Adversaries breached AnyDesk's systems, compromising vital assets such as source code and private code signing keys, and gaining unauthorized access to production systems.

For more on AnyDesk's breach, see the following references:

https://techcrunch.com/2024/02/05/remote-access-giant-anydesk-resets-passwords-and-revokes-certificates-after-hack/

https://anydesk.com/en/public-statement

https://www.infosecurity-magazine.com/news/anydesk-hit-cyberattack-customer/

https://www.helpnetsecurity.com/2024/02/05/anydesk-hacked/

https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html

On the other front, Cloudflare disclosed that a nation-state actor infiltrated their self-hosted Atlassian server on November 14, 2023, utilizing stolen access tokens and service account credentials from the Okta breach. The threat actor conducted reconnaissance activities from November 14th to 17th, gaining access to Cloudflare's internal wiki and bug database. Additional access attempts on November 20th and 21st indicated the actor's persistence, culminating in establishing continuous access through ScriptRunner for Jira on November 22nd. Finally, they tried, unsuccessfully, to access a console server that had access to a data center that Cloudflare had not yet put into production in São Paulo, Brazil.

For more details on Cloudflare's breach, consult the following sources:

https://www.csoonline.com/article/1303785/nation-state-actor-used-recent-okta-compromises-to-hack-into-cloudflare-systems.html

https://www.techtarget.com/searchsecurity/news/366568694/Cloudflare-discloses-breach-related-to-stolen-Okta-data

https://www.computing.co.uk/news/4170126/cloudflare-server-breached-suspected-sponsored-threat-actors

In this episode of The Cybersecurity Defenders Podcast, we delve into the ground truth realities of cybersecurity with Yochai Greenberg, a frontline cyber defender.

Yochai Greenberg's expertise in cybersecurity is grounded in a lifetime of hands-on experience and military service. From an early age, he immersed himself in computer technology, gaining comprehensive knowledge of hardware and software through practical experimentation. Serving in the IDF further cultivated his understanding of protection and security protocols.

Transitioning into the security industry, Yochai applied his diverse skill set as an executive protection professional, bridging the gap between physical and digital security domains. His career is defined by a relentless pursuit of knowledge and innovation, driven by a commitment to integrating and enhancing security measures across various fronts.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Microsoft updated the public on their findings - apparently, the threat actors were able to gain persistent access to the privileged email accounts by abusing the OAuth authorization protocol.
• Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine that could be potentially exploited by threat actors to take control of a Kubernetes cluster.
• A new campaign is using phishing emails to distribute malware and legitimate services to bypass email protection systems to install NetSupport RAT.
• On January 20th the Cactus ransomware group attacked a number of victims across varying industries.

On this episode of The Cybersecurity Defenders Podcast, we discuss some of the cybersecurity threats to electric vehicles with Mike Pedrick, VP of Cybersecurity Consulting at Nuspire.

Mike is currently serving as the Vice President of Cybersecurity Consulting at Nuspire. In his role over the past two years, Mike has focused on providing advisory services to mid-market clients in the areas of cybersecurity, governance, risk, and compliance with data security and privacy standards. His specialization lies in implementing mature cybersecurity programs tailored for small and medium-sized businesses. Mike is also actively involved with ISACA, where he currently serves as the Certification Coordinator for the Denver Chapter Board, managing certification-related activities.

Before joining Nuspire, Mike held positions such as Vice President of Consulting at Stealth - ISS Group Inc. and Director of Security Consulting at Synoptek. In these roles, he provided leadership and advisory services in the cybersecurity domain. With over a decade of self-employment as a Security, Compliance, and Risk Management Consultant, Mike has served as a trusted advisor to SMB/Midmarket organizations, offering guidance in cybersecurity, compliance, and risk management.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• SecureList researchers from Kaspersky have come up with a lightweight method to detect iOS malware.
• Nearly 71 million unique credentials that were leaked from websites such as Facebook, Roblox, eBay, Yahoo, and Coinbase have been circulating on the Internet.
• Russian threat group COLDRIVER has expanded its targeting of Western officials to include the use of malware.
• The Microsoft security team is reporting that it detected a nation-state attack on its corporate systems on January 12, 2024.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation about the SaaS Cyber Kill Chain with Luke Jennings, VP of Research & Development at Push Security.

In this interview, we explore the evolution of cyber attacks and the impact of the remote working and SaaS revolution on the cyber kill chain.

The SaaS Attack Matrix can be found here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A new Bandook variant has been distributed via a PDF since this past October.
• Akami researchers have uncovered a new crypto-mining campaign that has been active since the start of 2023.
• The Centres for Medicare and Medicaid Services will reportedly set out the proposed requirements that include two-factor authentication and maintaining a vulnerability-fixing program.
• Two vulnerabilities were uncovered that impact the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites.

On this episode of The Cybersecurity Defenders Podcast we speak with Adnan Khan, Lead Security Engineer at Praetorian, about a supply chain attack that was successful in poisoning Gihub’s runner images.

Adnan is an Offensive Security Engineer and Security Researcher with a strong development background and passion for CI/CD and supply chain security.

Adnan’s research can be found here.

The Github Attack TOolkit can be found here.

And Adnan can be found on LinkedIn here.

On today's episode of The Cybersecurity Defenders Podcast, we chat with Gerald Auger, Chief Content Creator at Simply Cyber.

Dr. Gerald Auger is deeply passionate about information security, holding a steadfast belief that there exists a bespoke information security program for every organization. This tailored approach, he contends, not only mitigates cybersecurity risks but also amplifies overall value, aligning harmoniously with the business mission. Through Coastal Information Security Group, Dr. Auger extends his consulting and advisory cybersecurity services to both large and small organizations. With a focus on guiding the implementation of robust information security programs, he strives to meet the unique needs of each client.

Gerald Auger's, 'Build an Elastic SIEM lab' video

Eric Capuano's, 'So you want to be a SOC Analyst?' Part 1 & Part 2

You can find Gerald on the various social media platforms as linked below.

YouTube

Twitter

LinkedIn

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• An international group of law enforcement agencies has seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat.
• IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections with a possible connection to DanaBot.
• Kaspersky published some new research in which they have identified a vulnerability in Apple System on a chip - or SOC - that has played a critical role in the attacks they saw in Operation Triangulation.
• NPM package “everything” downloads millions of packages and prevents all authors on npmjs.com from removing their packages.
• Russian hackers were inside the Ukrainian telecom giant Kyivstar's system from at least May last year and recently caused a destructive outage.

And the Hacker History episodes, When the Lights Went Out in Ukraine Part 1 & Part 2.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation with James McMurry, Founder and CEO of ThreatHunter.ai.

James is a cybersecurity veteran (and a veteran) with a career that spans over 30 years.

He's the problem-solver who sees complexity as a puzzle to unravel.

His approach goes beyond buzzwords; James transforms innovation into reality by blending AI, machine learning, and a team of human threat hunters into an effective cybersecurity strategy.

Beyond the office, James is a discerning whisk(e)y enthusiast, showcasing a refined taste that matches his coding finesse. He is also a philanthropist and the Founder of VETCON.

James can be found on Twitter here.

And on Instagram here.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation with JP Bourget, Founder and President of Blue Cycle, who shares some hard-won lessons from his entrepreneurial journey.

JP Bourget specializes in empowering Blue Teams and Security Operations Centers (SOCs) by implementing cutting-edge methodologies to enhance Cyber Maturity. His expertise spans automation, data engineering, API integration, and advocating security-as-code principles. Additionally, he holds the role of Entrepreneur in Residence (EIR) at Lytical Ventures.

Previously, JP was the Founder and Chief Security Officer (CSO) of Syncurity, a company acquired by Swimlane and an early pioneer in the Security Orchestration, Automation, and Response (SOAR) landscape. Syncurity's flagship product, IR-Flow, revolutionized alert triage, allowing organizations to optimize their security efforts efficiently.

Before co-founding Syncurity, JP honed his skills as the Network Security Manager at Arnold Magnetic Technologies, a prominent global manufacturing enterprise valued at $250 million.

JP can be found on LinkedIn here.

Welcome to the Cybersecurity Defenders Podcast. My name is Christopher Luft, one of the founders of LimaCharlie and I am your host.

This podcast is set up as a series of segments in and around cybersecurity - with a focus on the defensive side.

• Tune in for weekly intelligence reports and discussions, as well as deep-dives into major incidents like the MGM ransomware attack or the recent Okta breach with expert guests who can break down the events.
• I also get the privilege of interviewing many information security experts to share their unique stories. Hear from security analysts, detection engineers, CISOs, and other high-profile public figures.
• And my personal favourite, is a special segment called Hacker History where we narrate the true stories of infamous cybersecurity incidents with the help from those that were directly involved.

The show is a constant work in progress and we would love for you to join us. We are always happy to hear from our listeners and encourage you to engage with us so that we can make this show the best it can be. So subscribe and follow along as we learn and grow together in this ever-evolving realm of cybersecurity.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2023, and bring together all of the predictions for the future of cybersecurity.

It is a fun episode, and we hope you enjoy listening to it.

And a Happy New Year to all our listeners! Wishing you security and success in 2024.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial Pipeline

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.

This episode was written by the talented Nathaniel Nelson.

Casey Ellis can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Sonar Source are reporting on a few vulnerabilities they have found in pfSense.
• eSentire’s Threat Response Unit launched a multi-pronged offensive against the Gootloader Initial Access-as-a-Service Operation.
• ESET researchers documented a series of new OilRig downloaders, all relying on legitimate cloud service providers for command and control communications.
• The Black Lotus Labs team at Lumen Technologies is tracking a small or home office router botnet that forms a covert data transfer network for advanced threat actors.

You can make a donation in support of ending domestic violence through Cybersecurity Cares.

On this episode of The Cybersecurity Defenders Podcast, we have a detailed conversation with James Potter, founder of DSE, about Active Directory.

James boasts over two decades of expertise in Active Directory security, serving as a trusted consultant for major companies. His focus is on fortifying security measures and devising strategies to strengthen critical systems. He's collaborated with diverse teams, identifying vulnerabilities and implementing robust security measures while balancing cost, usability, and security for each client's specific needs.

Beyond consultancy, James proudly leads a team at DSE, providing cutting-edge security solutions to global corporations. Actively engaging in the security community, he shares insights through conferences, publications, and forums, emphasizing continuous learning and innovation to counter evolving threats.

His passion lies in aiding organizations to navigate the dynamic threat landscape, ensuring resilient security frameworks and efficient business objectives. Whether crafting secure Active Directory environments, conducting assessments, or delivering tailored training, James's dedication ensures exceptional results surpassing client expectations.

James can be found on LinkedIn here: James Potter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Unidentified governments are surveilling smartphone users via their apps' push notifications, as reported by a US senator on December 6th.
• Cyber.wtf reporting on an interesting piece of malware that turned out to be a RAT written in C#.
• Israel’s critical infrastructure is under threat from an Iranian proxy hacking group operating out of Lebanon.
• Hacker News is reporting on a critical Bluetooth security flaw that could be exploited by threat actors to take control of Android, Linux, MacOS and iOS devices.
• A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

The Cybersecurity Cares Holiday Telethon is taking place on December 15th. More information can be found at cybersecurity-cares.com

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• MalwareBytes is reporting on Atomic Stealer, a popular information stealer for MacOS.
• Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system.
• Huntress is reporting that threat actors of varying types continue to target managed file transfer applications for exploitation.
• Microsoft has detected Danabot infections leading to hands-on-keyboard activity by ransomware operator Twisted Spider, culminating in the deployment of Cactus ransomware.

On this episode of The Cybersecurity Defenders Podcast, we speak with Jack Rhysider, the creator of Darknet Diaries.

Darknet Diaries is a captivating podcast that delves into the intriguing and often clandestine world of cybersecurity and hacking. Hosted by Jack Rhysider, each episode features gripping narratives that explore real-life cybercrime incidents, hacking escapades, security breaches, and the individuals involved. Rhysider skillfully combines storytelling with in-depth interviews, providing a unique and engaging perspective on the complex landscape of cybersecurity. The podcast not only highlights the darker aspects of the internet but also sheds light on the efforts of cybersecurity professionals, their challenges, and the measures taken to defend against cyber threats. With its compelling storytelling and insightful discussions, Darknet Diaries offers a fascinating glimpse into the ever-evolving world of digital security.

Learn more about the show, purchase swag, and listen to episodes at https://darknetdiaries.com/

You can find Jack Rhysider on Twitter/X here: @JackRhysider

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• NSFOCUS Research Labs about how the DarkCasino APT group has leveraged a recently disclosed WinRAR zero-day vulnerability.
• G DATA CyberDefense is reporting on a threat actor using the ZPAQ archive and .wav file extension to infect systems with Agent Tesla.
• A technical analysis of DarkGate Malware-as-a-Service which is widely available on various cybercrime forums by the RastaFarEye persona.
• The Micrososft Threat Intelligence team has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.
• The Chinese hacker group “Chimera” broke into NXP - a Dutch chip maker - at the end of 2017 and had access to the manufacturer’s systems until the spring of 2020.

To learn more about the community initiative to help end domestic violence please visit cybersecurity-cares.com

On this episode of The Cybersecurity Defenders Podcast we take a look into the cybercriminal underworld with Jon DiMaggio, Chief Security Strategist at Analyst1.

Jon DiMaggio is the chief security strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-state intrusions, such as”Ransom Mafia:Analysis of the World’s first Ransomware Cartel”,“Nation State Ransomware” and a “History of REvil”. He has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks, and discussed his work with The New York Times, Bloomberg, Fox, CNN, Reuters, and Wired. You can find Jon speaking about his research at conferences such as RSA. Additionally, in 2022, Jon authored the book “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” published by No Starch Press.

You can buy “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” here.

The Ransomware Diaries: Volume1 & Volume2

Jon DiMaggio on LinkedIn

Jon DiMaggio on Twitter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A look at a versatile piece of malware that gets categorised as proxy malware, a bot, a backdoor, and even as a RAT, known as SystemBC.
• The AhnLab Security Emergency response Center’s analysis team has published an article outlining their recent discovery that the Ddostf DDoS bot is being installed on vulnerable MySQL servers.
• The notorious ALPHV ransomware group has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
• A new Anti-Sandbox technique LummaC2 v4.0 stealer is using to avoid detonation if no human mouse activity is detected, along with some other techniques being employed such as Control Flow Flattening.

And you can sign up to participate in the Defender Fridays series here. Join us as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

On this episode of The Cybersecurity Defenders Podcast, we talk with Chris Cochran, VP & Head of Marketing at AKA Identity, about brand and marketing for cybersecurity startups.

Chris Cochran is an entrepreneur who combines a wealth of experience in technology and innate creativity that has proven to be invaluable to both brands and individuals who work with him. As the Co-Founder and CEO of Hacker Valley Media, Chris has a unique perspective on how to craft compelling narratives that engage, inform, and entertain technical audiences. His experience in technology allows him to bring a rare depth of knowledge to any creative project, and his ability to communicate complex ideas equally clearly and entertainingly makes for a powerful combination for reaching everyone, from students to entrepreneurs.

As a US Marine veteran and former cybersecurity professional, Chris has been an intelligence analyst, incident responder, SOC analyst, threat intelligence leader, and security operations leader. On the creative side, Chris has been an award-winning podcaster, TV series showrunner, short film director, keynote speaker, event host, and writer. He is passionate about inspiring and empowering people to live out their personal and professional legend.

With his unique combination of industry knowledge and creative skills, Chris can connect with audiences in an authentic and relatable way, inspiring trust and loyalty, which are crucial elements to building a successful brand, whether personal or corporate. He has created many award-winning shows, including Hacker Valley Studio and Technically Divided, alongside his co-founder Ron Eddings; he is a highly sought-after keynote speaker in technology and helps technology brands stand out from the rest through impactful storytelling.

If you have a story to tell, an experience to create, or a community to reach, Chris can help.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Arstechnica is reporting that identity and authentication management provider Okta has been hit by another breach.
• Deep Instinct’s Threat Research team has identified a new campaign from the “MuddyWater” group.
• Google is warning of multiple threat actors sharing a public proof-of-concept exploit that leverages its Calendar service to host command-and-control infrastructure.
• BlackBerry Research and Intelligence Team has found a wiper variant that targets Windows systems being deployed by hacktivists in support of Hamas.

On this episode of The Cybersecurity Defenders Podcast, we talk with David Burkett, founder of Signalblur, about reimagining the cyber kill chain from a defenders perspective.

David is a dedicated and highly experienced Cloud Detection Engineer and Security Architect, with a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers. His expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. David is proud to have been part of a security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. David is constantly seeking opportunities to grow and learn and is eager to connect with like-minded professionals in the cybersecurity domain.

The Cybersecurity Defender's host, Christopher Luft, along with special guest Eric Capuano, walk through the available details of the most recent Okta security breach that affected 1Password, BeyondTrust, and CloudFlare.

On Friday, October 20th, Okta announced that it suffered an intrusion in its customer support system. The company confirmed that 'certain Okta customers' were affected and stated that it notified 'around 1 percent' of its 18,400 customers that they were impacted.

On this episode of The Cybersecurity Defenders Podcast, we share the second part of 'When the Lights Went Out in Ukraine.'

If you haven’t already, I recommend going back now and listening to “When the Lights Went Out in Ukraine, Part 1.”

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”

This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Sentinel One talking about emerging trends and evolving techniques for macOS malware in 2023
• BlackCat operators recently announced new updates to their tooling, including a utility called Munchkin
• On October 16, Cisco released an advisory regarding a critical zero-day privilege escalation vulnerability in their IOS XE Web UI software.
• WithSecure Labs is reporting that Vietnamese cybercrime groups are using multiple different Malware as a Service infostealers and Remote Access Trojans to target the digital marketing sector.
• The FBI in Phoenix is warning the public of a new scam dubbed “The Phantom Hacker.”
• Google’s Threat Analysis Group has recently observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831.

On today’s episode, we going to be speaking with Nas Bencherchall, one of the community members behind the scenes of LOLDrivers and Sigma.

Nas is an avid learner who is passionate about all things detection, malware, DFIR, threat hunting, and Windows Internals.

Nas is one of the community members behind LOLDrivers and one of the maintainers of the SIGMA Rule Repository.

The newly re-imagined Sigma project website can be found here: SigmaHQ

The LoLDrivers website can be found here: LOLDrivers

The VS Code extension we talked about on the show can be found here: VSCOde Ext

Nas on Twitter: nas_bench

Nas’ Blog: nasbench

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• A joint advisory that was published by the NSA, the FBI and CISA, along with, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity.
• ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain.
• Unit 42 at Palo Alto are reporting that the CL0P ransomware group recently began using torrents to distribute victim data after a rather notorious campaign stealing data from thousands of companies.
• Checkmarx is reporting on a persistent open-source supply chain attacker targeting the Python ecosystem who has been active and evolving since April 2023.
• Arstechnica is reporting the discovery of thousands of Androids devices infected with malware right out of the box.
• Github Security Lab, in coordination with Ilya Lipnitskiy, has disclosed a 0-day memory corruption vulnerability in libcue, noted as CVE-2023-43641.
• Checkmarx reporting on a targeted campaign that unfolded via Pypi, targeting developers utilizing Alibaba cloud services, AWS, and Telegram.

In this episode of The Cybersecurity Defenders Podcast, we speak with Sean Higgins, consultant, educator, and co-founder of the Herjavec Group.

Sean Higgins is a coach, speaker, author, and consultant with a specialization in cybersecurity program evaluation. With over 35 years of experience in information technology, he has dedicated nearly three decades to the field of cybersecurity. From 2003 to 2022, Sean served as the CTO and Co-founder of Herjavec Group. In his Canadian Best Selling book, "Driven," Robert Herjavec described Sean as "the smartest guy I ever met," a recognition that deeply touched him.

Today, organizations seek out Sean's expertise when they require guidance on resolving technical issues, evaluating technological solutions, or need assistance in shaping the direction of their company's security program. One of his notable strengths lies in helping Chief Information Security Officers (CISO) and senior management confidently evaluate and refine their security programs.

Sean is astounded by the rapid evolution of technology over the years. His career commenced in 1986 when he was writing programs to count light bulbs at General Electric. A few years later, he was instrumental in establishing the first computer network for the North York Public Library in Ontario, an endeavor that predates the widespread internet we know today. During those early days of the ARPANET, Sean used it to send emails to friends still at Purdue University. He also holds the distinction of being the first expert witness in a Canadian court regarding a cybersecurity incident.

Passionate about mentoring millennials in the tech industry to find balance between their professional and personal lives, Sean collaborates with various universities, including the University of York's Career Mentorship Program. Additionally, he is a member of the Case Alumni Association Scholarship Committee, where he has the honor of awarding millions of dollars in scholarships to junior and senior STEM students.

Sean's coaching approach combines elements of traditional life coaching, entrepreneurial business experience, and his ability to read energy. He has received training from the Quantum Success Coaching Academy, Enwaken Coaching, and Enwaken Apprentice programs.

Notably, Sean has self-published his first book on Amazon titled "Living Your Purposeful Life" and is currently working on his second book, "Balancing: How tech managers can avoid burnout, balance priorities, and come back to life," slated for release in January 2023.

Residing on picturesque Vancouver Island, Sean enjoys exploring the island's beauty with his faithful Golden Retriever, Rosie. He is an avid mountain biker and has recently discovered a passion for pickleball. His love for college athletics, particularly college basketball, is evident, and he especially cherishes watching his alma mater, Purdue University, during March Madness. So, reaching him during that time might prove a challenge, as he's likely to be glued to the games.

On this episode of the Cybersecurity Defenders Podcast, a hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for Managed Security Service Providers.

The panel is moderated by LimaCharlie Co-founder, Christopher Luft. The panel participants are:

Co-founder at Soteria, Paul Ihme

Co-founder/CTO at Horangi Security, Lee Sult

What is the SecOps Cloud Platform?

The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.

The SecOps Cloud Platform is:

An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.

An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• Intel471 are reporting on a campaign utilizing Bumblebee, a type of a loader that has increasingly been used by threat actors affiliated with ransomware.
• ESentire are reporting on several attacks conducted by the Russia-linked LockBit Gang.
• Permiso reporting on LUC-3 who overlaps with Scattered Spider.
• Cisco Talos has discovered a new malware family they have dubbed HTTPSnoop being deployed against telecommunication providers in the Middle East.  
• WeLiveSecurity have stumbled upon a previously unknown backdoor being deployed in the Middle East that they have named DeadGlyph. 
• Unit42 have started investigating a series of espionage attacks targeting a government in Southeast Asia.

LimaCharlie's Office Hours, where we break down some TTPs in-depth, take place every Friday at 9.00 AM PT / 12.00 PM ET. You can find more information here: limacharlie.io/office-hours

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On the special episode of The Cybersecurity Defenders Podcast we take a close look at the MGM cyberattack that took place in September 2023. On September 11 numerous MGM Resorts International properties in Las Vegas and throughout the United States were attacked by ransomware which shut down many aspects of its IT. Checking in and out, reservations, digital room keys, tickets, credit card systems, some slot machines, and even elevators at several MGM casino hotels became inoperative, forcing their staffs to use manual methods to serve their clientele, i.e. analog pen and paper. MGM filed a Form 8-K report with the SEC the next day. The relatively recent criminal hacking group Scattered Spider is believed to have used social engineering to bypass multi-factor authentication. The published statement by Scattered Spider can be found here. A list of APT groups/names can be found here.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we speak with Chad Loeven, VP Business Development at OPSWAT. Chad Loeven is an experienced cybersecurity professional who leads OPSWAT's OEM technology licensing business and technology partners. OPSWAT technology helps secure over 150M endpoints by working with many of the world's largest technology vendors. They provide threat intelligence, malware analysis, vulnerability assessment, patch management, device compliance, and more.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• Securonix Threat Labs are reporting that threat actors working as part of the DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks.
•  AhnLab’s Security Emergency Response Center are reporting on threat actors using phishing emails to distribute some fileless malware.
• The researchers over at Group-IB have uncovered a covert business email compromise phishing campaign targeting Microsoft 365.
• NSFOCUS Security Labs captured a new APT34 phishing attack against enterprise targets that released a variant of the SideTwist Trojan to achieve long-term control of the victim host.
• Threat Analysis Group publicly disclosed a campaign from government-backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we speak with Matthew Fulmer, Director of Cyber Threat Intelligence at BLOKWORX.

With over 9 years of experience in the cyber security field, Matthew is a passionate and driven leader who strives to protect organizations from evolving and emerging threats. He has a strong background in threat intelligence, malware analysis, offensive security, and customer success, and he holds a Six Sigma Green Belt certification. As the Director of Cyber Threat Intelligence at BLOKWORX, Matthew integrates with internal teams to provide them with the latest knowledge and insights on the threat landscape and the best practices to prevent and deflect attacks.

In his previous role as the Manager of Cyber Intelligence Engineering at Deep Instinct, Matthew managed a growing team of cyber intelligence engineers who operated within the customer success organization. He was responsible for creating a new service offering, developing the professional skills of his team, analyzing threat vectors in various environments, communicating proactively with customers, creating technical articles and content, and assisting with security education. He also contributed to the malware analysis, the pre-load product, and the administrator certification course. Some of the skills that Matthew applied and enhanced in this role include network administration, information security, and technical support.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

A hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.

The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:

Senior Security Researcher at Thinkst, Casey Smith
Security Evangelist at RunZero, Huxley Barbee
Head of Tines Labs, John Tuckner

What is the SecOps Cloud Platform?

The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.

The SecOps Cloud Platform is:

An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.
An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Ross Haleliuk, Co-Lead of the Venture in Security Angel Syndicate, and Head of Product at LimaCharlie.

Ross is a head of product at LimaCharlie - a startup that enables organisations to detect & respond to threats, automate processes, and future-proof their security operations. His areas of expertise include go-to-market and product strategy, B2B product-led growth, strategic positioning, product-market fit expansion, and growth. Outside of work, Ross is a startup advisor, angel investor, frequent contributor to TechCrunch, Forbes, and VentureBeat, and author of VentureinSecurity.net

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• Cisco Talos reporting on both QuiteRAT and CollectionRAT from the Lazarus Group.
• JPCERT/CC has confirmed a new technique used in an attack that bypasses detection by embedding a malicious Word file into a PDF file. 
• Telekom Security was recently made aware via trust groups about a new malware campaign involving DarkGate .
• The FBI and the Justice Department announced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

A hosted panel discussion with industry leaders to explore the advantages of the SecOps Cloud Platform for product builders.


The panel is moderated by LimaCharlie's Head of Product, Ross Haleliuk. The panel participants are:


Founder & CTO of Recon InfoSec, Eric Capuano
Lead Incident Detection Engineer at Blumira, Amanda Berlin


What is the SecOps Cloud Platform?


The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.


The SecOps Cloud Platform is:


An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.
An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.


The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• The return of the Racoon Stealer after temporarily being disrupted.
• EclecticIQ, analysts have assessed with high-confidence two observed PDF documents that are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.
• MalwareBytes is following up on a tech support scam campaign dubbed WoofLocker.
• The threat research team at BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.
• SentinelOne are reporting a new iteration of the XLoader malware-as-a-service infostealer and botnet .

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie, about the SecOps Cloud Platform.

The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.

The SecOps Cloud Platform is:

• An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.
• An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with John Hammond, Principal Security Researcher at Huntress, about security research.

John Hammond is a cybersecurity researcher, educator and content creator. As part of the Threat Operations team at Huntress, John spends his days making hackers earn their access and helping tell the story. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs and other cyber security content. John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• A new injector written in Rust is used to inject shellcode and introduce XWorm into a victim’s environment.
• Multiple cases where the SugarCRM was the initial attack vector and allowed threat actors to gain access to AWS accounts.
• Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems and steals sensitive information.
• Patrick Wardle's research says that macOS's Background Task Manager can be easily bypassed and that Apple failed to act on his recommendations to fix it.
• CISA are reporting on the Seaspy and Whirlpool backdoors after obtaining malware samples from a compromised device.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Burkett, Founder of Signalblur, about the growing threat of Linux ransomware.

David is a dedicated and highly experienced Cloud Detection Engineer and Security Architect, with a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.

His expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. David is proud to have been part of a security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency.

David is constantly seeking opportunities to grow and learn and is eager to connect with like-minded professionals in the cybersecurity domain.

The article on Linux ransomware referenced in the podcast can be found here: A Deep Dive into Linux Ransomware Research

And David's previous appearance on the show can be found here: Episode #6

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast we host a panel discussion with industry leaders and explore the advantages of the SecOps Cloud Platform for securing enterprise organizations.

The panel is moderated by LimaCharlie's Chief Revenue Officer, Jessica Crytzer. The panel participants are:

Founder & CEO of LimaCharlie, Maxime Lamothe-Brassard
Founder & CEO of Turngate, Bruce Potter
Head of Product, Interpres Security, Fred Wilmot
Principal Consultant at Higgins Cybersecurity Consulting, Sean Higgins

What is the SecOps Cloud Platform?

The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.

The SecOps Cloud Platform is:

• An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.
• An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• Decoy Dog is a malware toolkit that cleverly uses DNS to perform command and control.
• Breaking down the infection chain for Casbaneiro, another banking trojan targeting Latin America.
• An initial-access malware campaign that leverages malicious advertising - or malvertising - to impersonate legitimate software and compromise business networks.
• The VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques.
• Trellix Advanced Research Center who have identified a novel method for exploiting the ‘search-ms” protocol handler.
• The source code of the BlackLotus Unified Extensible Firmware Interface - or UEFI - rootkit was leaked on GitHub.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Seidman, Head of Detection & Response at Robinhood, about building high-performance teams.

David manages the Detection & Response team at Robinhood,  and is responsible for detection, incident response, and D&R infrastructure. Robinhood's Platform team develops the "pipes and engines": log ETL, transport, data lake, Splunk, SIEM, SOAR, experimental tech, etc. Robinhood emphasizes engineering excellence and agility - they are moving fast and getting a lot done. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.
• FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.
• Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.
• CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.

The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that brings together critical cybersecurity capabilities and eliminates integration challenges and security gaps for more effective protection against today’s threats.

Watch the SecOps Cloud Platform panel discussions here: Introducing the SecOps Cloud Platform

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we sit down with LimaCharlie Founder & CEO, Maxime Lamothe-Brassard, and talk about the history and vision of the SecOps Cloud Platform.

About the SecOps Cloud Platform:

The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.

The SecOps Cloud Platform is:

• An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.
• An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.

About Maxime:

After graduating from the University of Victoria with a degree in Computer Science Maxime began his career in cybersecurity working for the Canadian Government as part of the Communications Security Establishment (CSE). CSE is Canada's national cryptologic agency, providing the Government of Canada with information technology security and foreign signals intelligence. As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from the development of cyber defense technologies, Counter Computer Network Exploitation and Counter Intelligence.

After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defense. He was an early employee at Crowdstrike, then worked for Google where he eventually landed in Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• The RustBucket malware allows operators to download and execute various payloads. 
• Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.
• Charming Kitten sends a lure masquerading as a senior fellow with the Royal United Services Institute to a public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. 
• New Truebot malware variants deployed on networks compromised using a critical remote code execution vulnerability in the Netwrix Auditor software.
• TrendMicro is reporting a new ransomware family and its variant named Big Head.
• Zscaler ThreatLabz has recently uncovered a new targeted attack campaign striking businesses in the Latin American region.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation around best practices for submitting papers to conferences with Huxley Barbee, Security Evangelist at runZero & organizer of BSidesNYC.

Throughout Huxley's career, he has held key positions at Cisco, Datadog and now runZero. He is passionate about cybersecurity and supporting the community in order to create a better security posture for all. 

Huxley encourages our listeners to connect with him on various platforms as linked below.

• Linktree
• LinkedIn
• Mastadon
• Twitter

Some resources for finding conferences to submit papers to are linked below.

Infosec Conferences
CFP Time
Security BSides
Pulesdive's list of threat intel conferences

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. 

• ASEC discovered that RedEyes is distributing and using an infostealer with wiretapping features. 
• Symantex is reporting that The Flea has continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023. 
• Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID 
• Rapid7 researchers recently undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered.
•  Members across the military have reported receiving smartwatches unsolicited in the mail. 

And you can register here to attend the LinkedIn Live Event, An Invitation to Change: Introducing the SecOps Cloud Platform 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Bambenek, tell the story of one of the largest and most complicated supply chain attacks in history: SolarWinds

On December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds's Orion software.

Victims of this attack include the cybersecurity firm FireEye, the US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration, as well as the US Department of Homeland Security.Prominent international SolarWinds customers investigating whether they were impacted include the North Atlantic Treaty Organization (NATO), the European Parliament, UK Government Communications Headquarters, the UK Ministry of Defence, the UK National Health Service (NHS), the UK Home Office, and AstraZeneca. FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020". FireEye named the malware SUNBURST. Microsoft called it Solorigate.

The attack used a backdoor in a SolarWinds library; when an update to SolarWinds occurred, the malicious attack would go unnoticed due to the trusted certificate.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• VulnCheck comes across a malicious GitHub repository that is claimed to be a Signal 0-day.
• CheckMarx are reporting that Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking a S3 bucket.
• Team CYMRU has released a detailed publication on Vidar infrastructure which encompasses both the primary administrative aspects and the underlying backend. 
• Bit Defender Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. 
• Researchers have found an unofficial package called 'https' that exists on NPM with over 1600 other packages that depend on it.
• An attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers.
• Cl0p rewards of up to $10 million are being offered by the U.S. State Department's Rewards for Justice program.
• SentinelOne is reporting on the Terminator EDR killer - Spyboy. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about AI in cybersecurity with Jon Bagg, Founder & CEO of Salem Cyber.

Jon Bagg is the creator of Salem Cyber, an innovative cyber analysis technology that helps scale their alert investigation capacity so they can find threats in the noise. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

•  $35 million has reportedly been stolen from users of Atomic Wallet.
• On June 9th the Microsoft Azure Portal was down on the web as a result of suspected DDOS.
• The US Department of Justice has indicted 6 people for their involvement in a $6 million dollar business email compromise scam.
• CVE-2023-27997 was reported by Fortinet on June 13th (Fortinet hardening guide).
• Trend Micro recently discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine.
• And a really cool PDF - the Cy-Xplorer 2023 report put out by Orange Cyberdefense.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about edge computing with Theresa Lanowitz, Head of Evangelism and Portfolio Marketing at AT&T Cybersecurity.

Theresa Lanowitz is a proven global influencer and speaks on trends and emerging technology poised to help today’s enterprise organizations flourish. Theresa is currently the head of evangelism at AT&T Business - Cybersecurity.

Prior to joining AT&T, Theresa was an industry analyst with boutique analyst firm voke and Gartner. While at Gartner, Theresa spearheaded the application quality ecosystem, championed application security technology, and created the successful Application Development conference.

As a product manager at Borland International Software, Theresa launched the iconic Java integrated development environment, JBuilder. While at Sun Microsystems, Theresa led strategic marketing for the Jini project – a precursor to IoT (Internet of Things).

Theresa’s professional career began with McDonnell Douglas where she was a software developer on the C-17 military transport plane and held a US Department of Defense Top Secret security clearance.

Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.

The report referenced in the podcast can be acquired here: 2023 AT&T Cybersecurity Insight Report: Edge Ecosystem

The open-source Genie Framework referenced in the podcast can be viewed here: Genie Framework

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• BlackCat makes some changes geared towards improving its tradecraft and increasing the likelihood of data theft and encryption. 
• A new hacking forum called Exposed has publicly leaked a substantial database from the infamous RaidForums.
• A critical vulnerability in the MOVEit Transfer software.
• Camaro Dragon targets European foreign affairs entities linked to Southeast and East Asia.
• Kaspersky is reporting on some unknown malware targeting iOS devices.
• The Hacker News is reporting a surge in TrueBot activity that was observed starting in May 2023.
• Uptycs is reporting on the threat group behind the Cyclops ransomware and stealer combo. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined Devon Ackerman, Global Service Line Leader for Digital Forensics and Incident Response (DFIR) services at Kroll Cyber.

Prior to Kroll, Devon served as a Supervisory Special Agent at the FBI's Operational Technology Division in the CART Field Operations Unit. He navigated digital forensic issues, managed 56 FBI Division executive management relationships, organized team deployments during mass incident response events such as the San Bernardino Domestic Terrorism shooting (Apple iPhones), and served as a senior certified Forensic Examiner (CART) for on-scene collections and forensic analysis.

As mentioned in the show, an excellent resource for all things DFIR: aboutDFIR.com

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.
• Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.
• SentielOne notes changes in the ongoing campaign by Kimsuky.
• Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.
• ZScaler Threatlabz reporting on Pikabot, a new malware trojan.
• Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.
• eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.

Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer’s personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.

Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub Runners

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Malware Bytes researchers reporting on the Red Stinger group which has targeted entities in Ukraine.
• Apple is reporting three new zero days affecting iPhones, iPads, Macs and even Apple watches and TVs. 
• The folks over at CISCO Talos have recently identified a new RA group that has been operating since at least April 22, 2023.
• Check Point researchers have uncovered the GuLoader that has been used in a large number of attacks.
• Trend Micro is reporting on a new capability seen in a BlackCat ransomware incident.
• Kaspersky is introducing the world to a new APT group they are calling GoldenJackal.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about mental health in cybersecurity with Amanda Berlin, CEO of Mental Health Hackers.

Mental Health Hackers' stated mission is to educate tech professionals about the unique mental health risks faced by those in our field – and often by the people who we share our lives with – and provide guidance on reducing their effects and better manage the triggering causes.

They also aim at providing support services to those who may be susceptible to related mental health issues such as anxiety, depression, social isolation, eating disorders, etc.

If you are struggling please know that there are a lot of people in your community that care, as well as resources that you can access. 

• Mental Health First Aid
• Workplace Mental Health
• A list of resources from Mental Health Hackers
• Mental Health: Know the Warning Signs
•  Mental Health: How to find help 
•  Mental Health: Maintaining a Healthy Lifestyle

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this special episode of the Cybersecurity Defenders Podcast, we have a longer-form discussion about the recent FBI takedown of the Russian malware known as Snake. The FBI dismantled the global peer-to-peer network of Snake-infected computers with Operation MEDUSA in coordination with multiple cybersecurity agencies.

Resources referenced in this show:

• Press release from the Department of Justice
• CISA's cybersecurity advisory
• CISA breakdown of the Snake malware

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This episode of the Cybersecurity Defenders podcast is the second part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet.

Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.

If you have not heard the first episode it is recommended that you do so before listening to this one. You can listen to the first episode here: Stuxnet (Part 1)

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Threatmmon have uncovered a targeted PowerShell backdoor malware attack that bypasses normal detection methodology.
• Researchers have uncovered an attack that is based on a classic sideloading technique with a twist in which a first-stage clean application sideloads a second clean application and auto-executes it.
• US authorities have announced the seizure of 13 internet domains.
• The Blackberry Threat Research and Intelligence team has discovered a new campaign from the Sidewinder APT group against Pakistani government organizations.
• CISA has issued an advisory letting the public know that the FBI has used a court order to take down a Russian government-controlled malware network.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• The initial  attack vector of 3CX’s network was via malicious software downloaded from Trading Technologies website
• QuaDream has allegedly fired all of its staff and is shutting down its operations in the coming days
• State-sponsored campaigns targeting global infrastructure: looks like obvious targeting to support future destructive attacks
• A new information-stealing malware called Atomic macOS Stealer (AMOS)
• Attackers have been observed attempting to disable EDR clients with a new defensive evasion tool we’ve dubbed AuKill

A new report put out by the National Cyber Security Centre is meant to help defenders understand selected malware threats in more technical depth, and provide indicators and TTPs to support threat hunting or modeling: View the Report

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders podcast we have a conversation around the history of security tooling with Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud.

Dr. Anton Chuvakin is currently involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast http://www.twitter.com/CloudSecPodcast

Until June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." 

He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry. 

In addition, Anton taught classes (including his own SANS SEC434 class on log management) and presented at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on the advisory boards of several security start-ups.

Before joining Gartner in 2011, Anton was running his own security consulting practice www.securitywarriorconsulting.com, focusing on SIEM, logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Anton earned his Ph.D. degree from Stony Brook University.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders podcast we have a focused discussion on ransomware with Paul Ihme, Co-Founder and Managing Principle at Soteria Security Solutions and Advisory.

Paul is a cybersecurity professional with experience in federal and private environments. Wide array of expertise in multiple information technology domains, specializing in penetration testing, vulnerability assessments, and security incident response.

The blog article, "Ransomware Is Irrelevant (Wait WHAT?!)" written by Adrian Sanabria that is referenced in the podcast can be viewed here. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Over 1 million Wordpress sites have been infected by the Balada Injector malware
• Nokoyawa ransomware attacks are being seen in the wild exploiting a Windows zero-day
• An emerging Python-based credential harvester and hacktool, named Legion
• A recently discovered malware family being called “Domino”
•  Care increasingly using the Action1 remote access software for persistence on compromised networks
• A ransomware group has created encryptors targeting Macs for the first time
• And a Chrome type confusion issue in the V8 Javascript engine

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Emergency security updates issued by Apple: CVE-2023-28206 & CVE-2023-28205 .
• Check Point researchers have unveiled a new sophisticated and fast acting ransomware.
• eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.
• The CrowdStrike Falcon OverWatch team recently observed threat actors exploit WinRAR self-extracting archives.
• FBI, Europol and the Dutch Police have disrupted the infamous browser cookie market known as Genesis Market.
•  Microsoft’s Digital Crimes Unit along with a cybersecurity software company Fortra and Health Information Sharing and Analysis Center are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike.

And then we dive into OT security with Dave Cullen, Field CTO for OTORIO.

As mentioned in the podcast, here is a link to the “So you want to be a SOC Analyst?” by Eric Capuano.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• Crowdstrike reports the 3CX supply chain attack.
• Agents arrested Conor Brian Fitzpatrick on a charge of conspiracy to commit access device fraud.
• SentinelOne reporting on the CatB ransomware family which is sometimes referred to as CatB99 or Baxtoy.
• A new everything infostealer on the dark market called Radamanthys.
• Mandiant has assessed with high confidence they identified a new APT: APT43.

And then we deep dive the Capital One data breach discovered on July 19, 2019, with DataDog Cloud Threat Detection Engineer, Day Johnson.

As mentioned in the podcast, Day's cybersecurity education-focused YouTube channel can be found here: @daycyberwox

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet.

Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:

•  CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule)
•  CVE-2023-24880: An unpatched security bypass in Microsoft’s SmartScreen security feature.
• Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.
• Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.

And an interview with Heidi and Bruce Potter, ShmooCon organizers.

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software, and hardware solutions, and open discussions of critical infosec issues.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:

• A new Microsoft Word Vulnerability: CVE-2023-21716. 
• The Emotet botnet is back spamming again.
• A previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities.
• A SpaceX vendor has been compromised by a LockBit affiliate.
• Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group.

And an interview with Joe Schreiber, Co-founder and CEO of appNovi.

Joe has been doing IT security since dial-up. He utilizes his knowledge and experience as a practitioner, software developer, and business developer to build highly functional, scalable, usable and quality software.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:

• Menlo Labs has uncovered an unknown threat actor that’s running an evasive threat campaign which is being distributed via Discord and is targeting government entities.
• TA569 is a prolific threat actor who has been deploying website injections that run a Javascript payload known as SocGholish.
• The risk to business from burned-out analysts.
• The emerging post-explotation framework, EXFILTRATOR-22 or EX-22.

And an interview with Rich Heimann, Chief AI Officer at SilverSky, where we talk about Machine Learning and Artificial Intelligence as they relate to cybersecurity.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel. After that, an interview with Nick Gipson, Director of Cyber Operations at Pareto Cyber.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack.

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. 

Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This week on the Simply Cyber Report:

• Scores of Redis servers infested by sophisticated custom-built malware.
• Oktapus hackers are back and targeting tech and gaming companies.
• Russian hackers using new Graphiron information stealer in Ukraine.
• New QakNote attacks push QBot malware via Microsoft OneNote files.
• Fresh, buggy Clop ransomware variant targets Linux systems.

We also sit down with Ira Winkler, Field CISO and Vice President of CYE. Ira shares a wide range of thoughts and experiences garnered from an exceptional career.

You can find the various books that Ira has written, which are mentioned in the podcast, at the  following links:

You CAN Stop Stupid
Advanced Persistent Security
Security Awareness for Dummies
Cybersecurity All-in-one For Dummies

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about BITS jobs.

We also sit down with Tyler Shields: a cybersecurity veteran, entrepreneur, and angel investor. In our conversation, we talk about the economic conditions driving the tech sector layoffs we are seeing, what zombie companies are, and speculate on the future of AI.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Microsoft has started blocking the execution of XLL add-ins downloaded from the Internet. The hacking group DragonSpark is leveraging Golang source code interpretation to evade detection. Threat actors are turning to Sliver to replace more popular frameworks Cobalt Strike and Metasploit. Over 4,500 WordPress sites have been hacked and Emote malware makes a comeback. Emotet is back with new evasion techniques in MS Excel.

We also sit down with Michael Argast, Co-founder and CEO of Kobalt.io. We learn about Kobalt's approach to scaling cybersecurity services for small and medium-sized businesses, and also some great advice on what it takes to build services for this part of the market. A great conversation that is full of tidbits of wisdom for anybody looking to start a security services company.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.

On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.Russian president Vladimir Putin's press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia. Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.

Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants. McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the power grid, bus stations, gas stations, the airport, and banks".

This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about RDP.

We also sit down with Michael Laudenslager, VP of Cybersecurity at Churchill Mortgage and talk about security in the cloud.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Unknown threat actors have been observed hiding malware execution behind a legitimate Windows support binary. S3 buckets are now encrypted by default. A powerful Android malware has been tuned to target banking applications. And it is the end of life for Windows Server 2008.

We also sit down with Walter Haydock, Founder and CEO of StackAware. We learn about StackAware and their approach to vulnerability management, and also how Walter got his company off of the ground using low-code tooling. A fascinating conversation for anyone looking to start their own cybersecurity company.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have.

Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.

Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.

This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

New vulnerability found in WooCommerece Gift Cards Premium Wordpress plugin with CVSS score of 9.8.

Fin7 has developed an AI-powered automated attacking tool called Checkmarks. Checkmarks is designed to auto-attack ms exchange systems, perform post exploitation actions, and grab enough data to allow FIN7 to understand their victim.

Raspberry Robin has a new feature. This version of Raspberry Robin has two payloads, one designed to be discovered if the malware believes it's being analyzed in a sandbox. This fake payload look legit including looking at the registry on start up to check for infection, pulling down an adware named 'browserassist'. This payload has shellcode and a PE file with the MZ magic bytes removed to hide its not a PE file.

Plus an interview with Jason Chan, former VP of Information Security at Netflix  about how he helped build their security program from the ground up.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about WinRM + PowerShell Remoting.

We also sit down with Zack Allen, Director of Security Detection & Research at Datadog, about managing uncertainty, some of his favorite tools, and building quality detections.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

The Simply Cyber Report for December 14, 2022.

Go-based malware named Zerobot in the wild. Android malware dubbed "Zombinder" a Just-in-time Trojan style malware. Iranian based APT, has been pushing hard with remote administration tooling.

A roundtable conversation with several Open Source cybersecurity founders. During the conversation we discuss the complexities of open-source as it relates to cybersecurity, the effects it has on the industry, funding models, what inspired these projects, how they came to be, how they are trying to grow, and any lessons - good or bad - they have learned along the way.

The panelist include:

Zach Wasserman from osquery
Lennart Koopmann from Graylog, Inc.
Peter Manev from Suricata

And we acknowledge some heavy audio compression during the roundtable conversation. We will be employing some new recording technology for future group conversations.

As always, we would love to hear from you. Questions, feedback and ideas can be directed to defenders@limacharlie.io

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

As we get ready to say goodbye to 2022 the team at the Cybersecurity Defenders podcast thought it would be nice to review all the predictions for the future made by guests on this show so far.

It is a fun episode and will be interesting to circle back on next year at the same time.

In the show, we talk about Dr. Joseph Burt-Miller Jr's study hall group on Discord - here is the link for anybody interested in checking it out: https://discord.gg/Z8gaAvnS4m

As always, your feedback is always welcome. If you have any criticisms or ideas for the show, please don't hesitate to reach out to us at defenders@limacharlie.io

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber Report.

We also sit down with Daniel Velasquez, founder of Ground Truth Connections.

Daniel has had a very interesting career. He has been a drone pilot inside of a war zone, worked in signals intelligence, been a CIA Targeter and risen through the ranks at Mandiant. Daniel is now the CEO and Founder of Ground Truth Connections who are operating on the ground in Ukraine with a humanitarian mission.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions.

This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

Any questions or feedback can be directed to defenders@limacharlie.io

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber Report.

We also sit down with David Burkett, co-author of Detectors as Code.

David is an experienced Information Security Architect with a demonstrated history of working in the security industry in both Government and the Telecommunications / Service Provider Industries. He is skilled in Security Information and Event Management, Security Monitoring, Python, and Digital Forensics among other things.

IN our talk with David about UAPs he references this video: Navy pilot describes encounter with UFOs

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox and tells us all about PaExec.

We also sit down to chat with Eric Capuano, Founder and CEO of Recon Infosec.

During the conversation with Eric, we talk about many different things including the OpenSoc Network Defense Range and their new Thursday Defensive webcast.

If you have any suggestions or feedback please don't hesitate to reach out to us: defenders@limacharlie.io

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber Report

We also sit down with Paul Caiazzo: cybersecurity expert, entrepreneur and strategist, CISO and CPO.

Paul has dedicated his career to advancing the field of global cyber security. In his current role as Chief Growth Officer at SnapAttack, Paul focuses on product/market fit, strategic partnerships, and business development.

Paul continues to support Avertium as an Advisory Board Member, focused on brand ambassadorship, adversary intelligence, and security industry trends. Prior to Avertium, Paul was the Co-Founder and CEO of TruShield Security Solutions, which was acquired by Sunstone Partners as one of the founding companies of Avertium 

His foundation in the finance industry gave him first-hand experience in how crippling cybersecurity issues can be for individuals, businesses, and even the Federal Government. This sparked his interest in building a company where he could help clients not just understand the risks they face, but to combat them with effective mitigation strategies. 

Under Paul’s leadership, TruShield earned a distinguished reputation as one of the fastest growing companies in the cybersecurity industry. Paul also serves as the Cybersecurity Advisor to the Science and Technology Policy Center for Development, where he utilizes his expertise to help the nonprofit achieve their goal of advancing ICT in developing countries. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley introduces the Adversary Toolbox and discusses Microsoft Windows remote execution tool, PsExec.

We also sit down to chat with several cybersecurity startup founders about the lessons that they learned along the way and the things they wished they had known starting out.

The panelists for this informative discussion are:

Roselle Safran, Founder and CEO of KeyCaliber
Corey White, Founder and CEO of Cyvatar
Maxime Lamothe-Brassard, Founder and CEO of LimaCharlie

If you have any suggestions or feedback please don't hesitate to reach out to us: defenders@limacharlie.io

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we are going to be recounting the Story of Clifford Stoll, who made a pretty big discovery in 1986 while working as a sys admin for the Lawrence Berkeley National Laboratory. It is a story that involves a suspected murder, international espionage, and the type of relentless curiosity that makes a great defender.

This episode was written by Nathaniel Nelson, narrated and produced by Christopher Luft.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

The first episode of The Cybersecurity Defenders Podcast. A show about cybersecurity and the people that defend the internet. 

This weekly show is put together as a series of segments. This episode includes the following:

• A cybersecurity news update by Dr. Gerald Auger of Simply Cyber.
• An interview with the CISO of Synoptek, Chris Gebhardt.
• A product update from LimaCharlie founder Maxime Lamothe-Brassard.

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.