The Cybersecurity Defenders Podcast

Rich Heimann, an AI researcher and committed advocate for ethical practices in technology, joins to share his insights on AI in cybersecurity. He discusses the evolution of AI perceptions and the limitations of generative models, like 'hallucinations.' Heimann emphasizes the importance of prompt engineering and collaboration between data science and legal teams. He also covers practical strategies for businesses adopting AI, particularly through existing SaaS models, and highlights the significance of Retrieval Augmented Generation for managing data effectively.

In this discussion, cybersecurity expert Matt Bromley shares his insights on emerging threats. He reveals how the FIN7 group is using AI-driven deepfakes in phishing scams, manipulating victims through familiar applications. The conversation also highlights the dismantling of COLDRIVER's cyber operations by Microsoft's Digital Crimes Unit. Additionally, Bromley discusses Aqua Security's research into stealthy Linux-targeting malware and the implications of a significant data breach at Comcast. The vulnerabilities within Active Directory Certificate Services are examined, stressing the need for proactive security measures.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.The Andariel hacking group, a subgroup of North Korea’s Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.

On this episode of The Cybersecurity Defenders Podcast, we dive into cryptocurrency and it’s role in money laundering with BBC journalist and author Geoff White.Geoff is an accomplished author, speaker, investigative journalist, and podcast creator with over 20 years of experience, focusing on organized crime and technology. He has worked with major outlets including the BBC, Audible, Penguin, Sky News, and The Sunday Times, covering topics such as financial crime, money laundering, cryptocurrency, and cybercrime. His recently released book, Rinsed, dives into how technology is transforming the money laundering industry, and was published by Penguin back in June of 2024.His previous book, The Lazarus Heist, followed the success of the hit BBC podcast series he co-hosted, which investigated North Korea’s cyber operations. He’s also the author of Crime Dot Com, which explores the global rise of hacking, and has created multiple podcast series for Audible, including The Dark Web and Artificial Intelligence: Friend or Foe?In addition to writing, he is a sought-after public speaker who has given keynote talks for brands like Microsoft, MasterCard, and HSBC. He has also won numerous awards for his reporting, including his work on the Snowden leaks and his investigations into internet fraud.Rinsed: From Cartels to Crypto How the Tech Industry Washes Money for the World's Deadliest Crooks

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Apple’s release of macOS 15, or Sequoia, has caused significant disruptions for several security tools and software vendors, including CrowdStrike, SentinelOne, Microsoft, and others.Attackers are exploiting GitHub notifications for phishing by sending legitimate-looking alerts with malicious URLs.Truffle Security's research exposes a significant issue in GitHub’s handling of deleted and private repository data via Cross Fork Object Reference (CFOR).AhnLab’s report details Supershell, a malware targeting Linux SSH servers via brute-force attacks.Since 2022, Mandiant has tracked DPRK IT workers infiltrating global organizations by posing as non-North Koreans to fund the regime's weapons programs and evade sanctions.In August 2024, Telegram CEO Pavel Durov was arrested in France, facing charges for allowing criminal activities to proliferate on the platform, including the distribution of illegal content such as child sexual abuse material.

On this episode of The Cybersecurity Defenders Podcast we talk about some of the common pitfalls faced by founders with Andrew Plato, Founder & CEO of Zenaciti.Andrew is an experienced CEO, founder, author, and cybersecurity expert. In 1995, Andrew founded Anitian, one of the earliest cybersecurity companies on record, where he pioneered innovations in intrusion detection, endpoint security, and cloud security. He led the development of a revolutionary automated platform for secure cloud environments, and under his leadership, Anitian formed strategic partnerships with major tech companies like AWS, Microsoft, and Trend Micro before he exited the company in 2022. Andrew also leads Zenaciti, providing business and security intelligence, and recently founded Screenopolis, focusing on media analysis. He is also the author of The Founder’s User Manual: Practical Strategies for the Startup Leader.

Joshua Neil, a cybersecurity veteran with over 20 years of expertise, dives into the realm of low noise threat detection. He emphasizes that traditional perimeter defenses are inadequate against sophisticated attacks. The discussion revolves around the evolution of machine learning in threat detection, the balance between true and false positives, and the innovative use of graph theory to analyze network security. Neil also highlights the growing role of automation and the looming risks of autonomous threats to essential infrastructure.

Fortibitch, a cybersecurity participant, discusses the latest threats in the field, including a new Linux malware named Hadooken targeting Oracle WebLogic servers. The malware not only deploys cryptominers but also facilitates DDoS attacks. The Void Banshee threat group is highlighted in relation to a zero-day vulnerability reclassified by Microsoft, raising concerns over security practices. Additionally, CloudImposer addresses the risks of cloud-based data breaches, leaving listeners with important insights on staying ahead of evolving cyber threats.

On this episode of The Cybersecurity Defenders Podcast we take a look at quantum cryptography with David Carvalho, CEO & Chief Scientist at Naoris Protocol.David is the founder, CEO, and Chief Scientist of Naoris Protocol, a decentralized cybersecurity mesh. David is an accomplished leader and innovator who advises nation-states and highly regulated sectors on critical issues such as cyber espionage, cyber warfare, and cyber terrorism. He is deeply involved in blockchain-based projects, digital currencies, and cybersecurity innovations. With over 20 years of experience in the field, David has worked as a Chief Information Security Officer in multi-billion-dollar companies and brings a forward-thinking approach to risk mitigation, automation, AI, and next-gen cybersecurity. He continues to advise a wide range of organizations, from startups to national-level projects, on transformative strategies for the future.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Specula C2 framework represents a sophisticated attack method that transforms Microsoft Outlook into a command-and-control system by exploiting its Home Page feature. Attackers exploit browser notifications in Chromium-based browsers by tricking users through CAPTCHA-like prompts to enable notifications.The Biden administration has launched an initiative aimed at addressing the growing cybersecurity talent shortage, which has reached critical levels. Mustang Panda, a Chinese state-backed cyber-espionage group, has adapted its tactics by launching a USB-based attack campaign that leverages a worm for self-propagation across air-gapped networks.