The Cybersecurity Defenders Podcast

Welcome to the Cybersecurity Defenders Podcast. My name is Christopher Luft, one of the founders of LimaCharlie and I am your host.This podcast is set up as a series of segments in and around cybersecurity - with a focus on the defensive side.Tune in for weekly intelligence reports and discussions, as well as deep-dives into major incidents like the MGM ransomware attack or the recent Okta breach with expert guests who can break down the events.I also get the privilege of interviewing many information security experts to share their unique stories. Hear from security analysts, detection engineers, CISOs, and other high-profile public figures. And my personal favourite, is a special segment called Hacker History where we narrate the true stories of infamous cybersecurity incidents with the help from those that were directly involved.The show is a constant work in progress and we would love for you to join us. We are always happy to hear from our listeners and encourage you to engage with us so that we can make this show the best it can be. So subscribe and follow along as we learn and grow together in this ever-evolving realm of cybersecurity.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2023, and bring together all of the predictions for the future of cybersecurity.It is a fun episode, and we hope you enjoy listening to it. And a Happy New Year to all our listeners! Wishing you security and success in 2024.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial PipelineOn May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.This episode was written by the talented Nathaniel Nelson.Casey Ellis can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sonar Source are reporting on a few vulnerabilities they have found in pfSense.eSentire’s Threat Response Unit launched a multi-pronged offensive against the Gootloader Initial Access-as-a-Service Operation. ESET researchers documented a series of new OilRig downloaders, all relying on legitimate cloud service providers for command and control communications.The Black Lotus Labs team at Lumen Technologies is tracking a small or home office router botnet that forms a covert data transfer network for advanced threat actors. You can make a donation in support of ending domestic violence through Cybersecurity Cares.

On this episode of The Cybersecurity Defenders Podcast, we have a detailed conversation with James Potter, founder of DSE, about Active Directory.James boasts over two decades of expertise in Active Directory security, serving as a trusted consultant for major companies. His focus is on fortifying security measures and devising strategies to strengthen critical systems. He's collaborated with diverse teams, identifying vulnerabilities and implementing robust security measures while balancing cost, usability, and security for each client's specific needs.Beyond consultancy, James proudly leads a team at DSE, providing cutting-edge security solutions to global corporations. Actively engaging in the security community, he shares insights through conferences, publications, and forums, emphasizing continuous learning and innovation to counter evolving threats.His passion lies in aiding organizations to navigate the dynamic threat landscape, ensuring resilient security frameworks and efficient business objectives. Whether crafting secure Active Directory environments, conducting assessments, or delivering tailored training, James's dedication ensures exceptional results surpassing client expectations.James can be found on LinkedIn here: James Potter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Unidentified governments are surveilling smartphone users via their apps' push notifications, as reported by a US senator on December 6th.Cyber.wtf reporting on an interesting piece of malware that turned out to be a RAT written in C#.Israel’s critical infrastructure is under threat from an Iranian proxy hacking group operating out of Lebanon.Hacker News is reporting on a critical Bluetooth security flaw that could be exploited by threat actors to take control of Android, Linux, MacOS and iOS devices.A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.The Cybersecurity Cares Holiday Telethon is taking place on December 15th. More information can be found at cybersecurity-cares.com

Atomic Stealer, popular information stealer for MacOS, discussed along with the importance of educating Mac users about the threat. Okta's disclosure of threat actor activity related to the breach of its support case management system questioned. Targeting of managed file transfer applications by threat actors highlighted, emphasizing the importance of careful integration and securing access. Evolution of threat actors explored, discussing the use of Danabot to deploy Cactus ransomware and the importance of threat intelligence in tracking evolving threats.

On this episode of The Cybersecurity Defenders Podcast, we speak with Jack Rhysider, the creator of Darknet Diaries.Darknet Diaries is a captivating podcast that delves into the intriguing and often clandestine world of cybersecurity and hacking. Hosted by Jack Rhysider, each episode features gripping narratives that explore real-life cybercrime incidents, hacking escapades, security breaches, and the individuals involved. Rhysider skillfully combines storytelling with in-depth interviews, providing a unique and engaging perspective on the complex landscape of cybersecurity. The podcast not only highlights the darker aspects of the internet but also sheds light on the efforts of cybersecurity professionals, their challenges, and the measures taken to defend against cyber threats. With its compelling storytelling and insightful discussions, Darknet Diaries offers a fascinating glimpse into the ever-evolving world of digital security.Learn more about the show, purchase swag, and listen to episodes at https://darknetdiaries.com/You can find Jack Rhysider on Twitter/X here: @JackRhysider

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.NSFOCUS Research Labs about how the DarkCasino APT group has leveraged a recently disclosed WinRAR zero-day vulnerability.G DATA CyberDefense is reporting on a threat actor using the ZPAQ archive and .wav file extension to infect systems with Agent Tesla.A technical analysis of DarkGate Malware-as-a-Service which is widely available on various cybercrime forums by the RastaFarEye persona.The Micrososft Threat Intelligence team has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet involving a malicious variant of an application developed by CyberLink Corp.The Chinese hacker group “Chimera” broke into NXP - a Dutch chip maker - at the end of 2017 and had access to the manufacturer’s systems until the spring of 2020.To learn more about the community initiative to help end domestic violence please visit cybersecurity-cares.com

On this episode of The Cybersecurity Defenders Podcast we take a look into the cybercriminal underworld with Jon DiMaggio, Chief Security Strategist at Analyst1.Jon DiMaggio is the chief security strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-state intrusions, such as”Ransom Mafia:Analysis of the World’s first Ransomware Cartel”,“Nation State Ransomware” and a “History of REvil”. He has exposed the criminal cartels behind major ransomware attacks, aided law enforcement agencies in federal indictments of nation-state attacks, and discussed his work with The New York Times, Bloomberg, Fox, CNN, Reuters, and Wired. You can find Jon speaking about his research at conferences such as RSA. Additionally, in 2022, Jon authored the book “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” published by No Starch Press.You can buy “The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime” here.The Ransomware Diaries: Volume1 & Volume2Jon DiMaggio on LinkedInJon DiMaggio on Twitter