The Cybersecurity Defenders Podcast

Explore the evolution of malware with insights on Nood RAT and its implications for Linux users. Delve into the dark side of cyber warfare and its potential to disrupt physical systems. Investigate the advanced evasion techniques employed by Pikabot and the resurgence of Bifrost malware. Learn about the Biden administration's Executive Order aimed at protecting sensitive American data from foreign exploitation, while addressing the vagueness and implementation challenges it faces. The discussion also touches on new cybersecurity laws enhancing protections for cloud providers.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at weaponizing ASCII escape sequences with Fredrik (STÖK) Alexandersson from Truesec.Fredrik (STÖK) Alexandersson is a dynamic individual driven by a boundless curiosity and a passion for sharing knowledge. With over three decades of professional experience, he's hacked his way through realms ranging from computers and technology to marketing, fashion, communication, and even the human psyche. Renowned for his lightning-fast presentations and his knack for making complex technical subjects entertaining, STÖK is a prominent figure in the cybersecurity community. His meticulous attention to detail, insatiable curiosity, and "Good Vibes Only" attitude have inspired millions worldwide and earned him recognition from industry giants like Salesforce, Microsoft, and Verizon Media, among many others. Currently, he working as a Hacker and Creative Director at TRUESEC.You can follow him on Twitter/X here.And you can watch his talk on Weaponizing ASCII escape sequences here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Law enforcement from 10 countries - in a joint operation called ‘Operation Cronos’ - have disrupted the criminal operation of the LockBit ransomware group.FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads through 2023 they are calling the TicTacToe dropper.Cisco Talos researchers have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. A massive leak from a Chinese Ministry of Public Security contractor called I-Soon shows that Bejing’s intelligence and military groups are attempting large-scale, systemic cyber intrusions against foreign governments, companies, and infrastructure.

Delve into cybersecurity in space systems with Tim Fowler from Black Hills Information Security. Explore the evolving relationship between technology and space exploration. Trace the history of space exploration from Sputnik to SpaceX. Uncover cybersecurity challenges in space projects and vulnerabilities in space systems. Learn about cube satellites, orbital networks, and cybersecurity mitigation strategies. Gain insights on the future of cybersecurity integration with business objectives.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ZScaler ThreatLabz are reporting on some recent campaigns, which started in February 2024, where they observed Pikabot reemerging with significant changes in its code base and structure.OpenAi is claiming that they have terminated accounts associated with state-affiliated threat actors.A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that were used to commit crimes by the GRU Military Unit 26165.SecurityWeek is reporting on the fine folks at CISA who are urging the patching of a Cisco ASA flaw that is being used in ransomware.A document naming APT groups and operations can be found here.

In this episode of The Cybersecurity Defenders Podcast, we delve into an innovative, engineering-centered perspective on cybersecurity with Maxime Lamothe-Brassard, the Founder & CEO of LimaCharlie.As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from development of cyber defence technologies, Counter Computer Network Exploitation, and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defence and worked for Crowdstrike, Google and Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The spectacular headline announcing a DDOS attack that involved 3-million electric toothbrushes.A hardware attack to bypass TPM-based encryption which is used on most Microsoft Windows devices.CrowdStrike researchers have identified a HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at WiFi attack methods, and the defenses to them, with Lennart Koopmann, Founder of the Nzyme Network Defense System.Lennart Koopman, a tech enthusiast originally from Germany, now calling Houston, TX home. He began coding at a young age and chose to forgo formal education, diving straight into the world of computers after high school.Lennart's career path led him through various roles, from assisting in a hospital's IT helpdesk to web development and eventually joining a startup. In 2009, he launched the Graylog log management system as a side project, marking his entry into the tech scene.Currently, Lennart is focused on his latest endeavor: The nzyme Network Defense System, demonstrating his ongoing commitment to technological advancement.The WiFiPhisher Github account can be found here. Lennart’s talk at MSS CTRL (LINK) can be found here.The Nzyme Network Defense System website can be found here. Lennart can be found in Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the AnyDesk and Cloudflare breaches that were both disclosed on February 2, 2024.AnyDesk, a prominent remote desktop software provider, disclosed a cyberattack late on February 2nd, causing the company to enforce strict security measures for nearly a week. Adversaries breached AnyDesk's systems, compromising vital assets such as source code and private code signing keys, and gaining unauthorized access to production systems.For more on AnyDesk's breach, see the following references:https://techcrunch.com/2024/02/05/remote-access-giant-anydesk-resets-passwords-and-revokes-certificates-after-hack/https://anydesk.com/en/public-statementhttps://www.infosecurity-magazine.com/news/anydesk-hit-cyberattack-customer/https://www.helpnetsecurity.com/2024/02/05/anydesk-hacked/https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.htmlOn the other front, Cloudflare disclosed that a nation-state actor infiltrated their self-hosted Atlassian server on November 14, 2023, utilizing stolen access tokens and service account credentials from the Okta breach. The threat actor conducted reconnaissance activities from November 14th to 17th, gaining access to Cloudflare's internal wiki and bug database. Additional access attempts on November 20th and 21st indicated the actor's persistence, culminating in establishing continuous access through ScriptRunner for Jira on November 22nd. Finally, they tried, unsuccessfully, to access a console server that had access to a data center that Cloudflare had not yet put into production in São Paulo, Brazil.For more details on Cloudflare's breach, consult the following sources:https://www.csoonline.com/article/1303785/nation-state-actor-used-recent-okta-compromises-to-hack-into-cloudflare-systems.htmlhttps://www.techtarget.com/searchsecurity/news/366568694/Cloudflare-discloses-breach-related-to-stolen-Okta-datahttps://www.computing.co.uk/news/4170126/cloudflare-server-breached-suspected-sponsored-threat-actors

In this episode of The Cybersecurity Defenders Podcast, we delve into the ground truth realities of cybersecurity with Yochai Greenberg, a frontline cyber defender.Yochai Greenberg's expertise in cybersecurity is grounded in a lifetime of hands-on experience and military service. From an early age, he immersed himself in computer technology, gaining comprehensive knowledge of hardware and software through practical experimentation. Serving in the IDF further cultivated his understanding of protection and security protocols.Transitioning into the security industry, Yochai applied his diverse skill set as an executive protection professional, bridging the gap between physical and digital security domains. His career is defined by a relentless pursuit of knowledge and innovation, driven by a commitment to integrating and enhancing security measures across various fronts.