The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Mandiant has linked a series of data breaches affecting hundreds of Snowflake instances to the use of infostealer malware, primarily targeting non-Snowflake systems to harvest credentials.Authorities have ramped up something they are calling Operation Endgame which is an effort to capture a fellow that goes by the handle "Odd," the alleged mastermind behind the Emotet botnet.McAfee has identified a fake Bahrain government Android app masquerading as the Labour Market Regulatory Authority app, and is designed to steal personal data for financial fraud.A technical deep-dive on Operation Crimson Palace performed by Sophos X-ops: the operation exposes a sophisticated cyberespionage campaign targeting a Southeast Asian government, attributed to Chinese state interests.

Jeremy Snyder, Founder and CEO at FireTail.io, discusses API security and the importance of safeguarding data privacy. Topics include the risks of API attacks, common vulnerabilities, tools like Vac and Nuclei, innovative security approaches, integrating security measures in development, and the impact of AI on API security.

Chris Brenton, COO at Active Countermeasures, discusses network threat hunting, behavior analytics, indicators of compromise, and the evolution of technology in cybersecurity. He emphasizes the importance of training and enhancing knowledge within the cybersecurity community.

Alexander Byrne, Director of Corporate IT Compliance at Thrive, shares his vast experience in creating information security strategies for diverse industries. He discusses the evolving landscape of cybersecurity compliance, particularly in finance and healthcare, and the impact of new data privacy laws like the California Consumer Privacy Act. Byrne emphasizes the need for mature security programs and a balanced, risk-based approach to compliance. He also predicts a transformative future for cybersecurity driven by AI and the challenges posed by quantum computing.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Researchers have identified a new malware, called"GhostEngine," which targets vulnerable drivers to disable endpoint detection and response solutions. MITRE has released some more details on how Chinese state-sponsored hackers recently exploited VMware systems within MITRE's NERVE environment for persistence and evasion.The FBI has once again seized control of BreachForums, a notorious site known for trading stolen data, marking the second such action within a year.Information on MSSN CTRL, the security automation and engineering conference, can be found here.

On this episode of The Cybersecurity Defenders Podcast, we speak with Andrew Katz, Senior Information Security Engineer at Jamf.Andrew is a seasoned security engineer with a sharp focus on security automation. Over the past nine years, Andrew has honed his expertise in Python, API development, AWS, and Docker to craft sophisticated automated security solutions. His journey includes leading the development of SOAR platforms at Jamf, which enhanced distributed alerting systems to help SOC analysts combat alert fatigue. At Tevora, he offered his skills as a consultant, conducting enterprise-level cybersecurity risk assessments. Andrew's earlier roles as a Systems Engineer at Falck and an Information Technologist at GHD laid the groundwork for his profound understanding of IT, which feeds into his current security prowess. A holder of a CISSP and a Bachelor of Science in Geographic Science and Community Planning, Andrew brings a unique blend of technical skill and strategic insight to the field of cybersecurity.The Security Engineering Newsletter can be found here: SecEng Newsletter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Some of the findings that were revealed by this leak about the inner workings of the Russian company Albatross and its Albatross-M5 UAVs, now being used in the war against Ukraine. The U.S. Department of Justice has charged Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, as the leader of the LockBit ransomware group.ESET reveals the persistent threat posed by the Ebury malware, which has compromised approximately 400,000 Linux servers since 2009, which was initially documented in 2014.Zoom has announced the global rollout of post-quantum end-to-end encryption for its video meetings, a significant step forward in securing communications against future quantum computing threats.Dropbox recently disclosed a security breach impacting its Dropbox Sign eSignature service.

On this episode of The Cybersecurity Defenders Podcast, we speak with Kane Narraway, Head of Enterprise Security at Canva, about Zero Trust architecture.Kane brings over a decade of experience to the table, specializing in enterprise security, cloud security, and risk management. He's known for his groundbreaking work in building zero trust architectures at some of the world’s largest tech companies, often from scratch during the early days of zero trust when solutions were not readily available.Kane's career is marked by notable achievements, including integrating multi-billion dollar acquisitions and establishing robust security frameworks for regulations like SOC2, PCI-DSS, and HIPAA. He’s not only a director who has scaled technology companies from startup to enterprise level but also a passionate leader who has nurtured diverse teams, promoting autonomy and inclusivity. Outside of his direct work, Kane is dedicated to giving back to the community—whether it’s sharing cybersecurity insights, mentoring at boot camps, or volunteering at conferences. Join us as we gain insights from his extensive experience and innovative approaches to tackling some of the most complex challenges in cybersecurity today.Kane's blog can be found here.

On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report.The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted​​.The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures​.You can download the full report here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the intersection of CTI & Detection Engineering with Wade Wells, Lead Cybersecurity Threat Detection Engineer.Wade Wells, a seasoned cyber security expert whose passion for technology was sparked at an early age. Growing up with a computer built from parts his dad found dumpster diving, Wade learned how to navigate MS-DOS before he could even spell 'windows'. His lifelong fascination with technology and rule-bending led him naturally into the world of cybersecurity. Today, Wade hunts for evil within networks, reveling in the continuous pursuit of knowledge and the thrill of uncovering deeper insights. Join us as we dive into his journey, explore the challenges of threat hunting, and discuss how his work contributes to a greater cause in cybersecurity.Sublime Security: Email security that's not a black boxSalem Cyber: Find the alerts that actually matterPractical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilitiesPsychology of Intelligence AnalysisAnd the TV show Devs.