The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we delve into an innovative, engineering-centered perspective on cybersecurity with Maxime Lamothe-Brassard, the Founder & CEO of LimaCharlie.As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from development of cyber defence technologies, Counter Computer Network Exploitation, and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defence and worked for Crowdstrike, Google and Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The spectacular headline announcing a DDOS attack that involved 3-million electric toothbrushes.A hardware attack to bypass TPM-based encryption which is used on most Microsoft Windows devices.CrowdStrike researchers have identified a HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at WiFi attack methods, and the defenses to them, with Lennart Koopmann, Founder of the Nzyme Network Defense System.Lennart Koopman, a tech enthusiast originally from Germany, now calling Houston, TX home. He began coding at a young age and chose to forgo formal education, diving straight into the world of computers after high school.Lennart's career path led him through various roles, from assisting in a hospital's IT helpdesk to web development and eventually joining a startup. In 2009, he launched the Graylog log management system as a side project, marking his entry into the tech scene.Currently, Lennart is focused on his latest endeavor: The nzyme Network Defense System, demonstrating his ongoing commitment to technological advancement.The WiFiPhisher Github account can be found here. Lennart’s talk at MSS CTRL (LINK) can be found here.The Nzyme Network Defense System website can be found here. Lennart can be found in Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the AnyDesk and Cloudflare breaches that were both disclosed on February 2, 2024.AnyDesk, a prominent remote desktop software provider, disclosed a cyberattack late on February 2nd, causing the company to enforce strict security measures for nearly a week. Adversaries breached AnyDesk's systems, compromising vital assets such as source code and private code signing keys, and gaining unauthorized access to production systems.For more on AnyDesk's breach, see the following references:https://techcrunch.com/2024/02/05/remote-access-giant-anydesk-resets-passwords-and-revokes-certificates-after-hack/https://anydesk.com/en/public-statementhttps://www.infosecurity-magazine.com/news/anydesk-hit-cyberattack-customer/https://www.helpnetsecurity.com/2024/02/05/anydesk-hacked/https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.htmlOn the other front, Cloudflare disclosed that a nation-state actor infiltrated their self-hosted Atlassian server on November 14, 2023, utilizing stolen access tokens and service account credentials from the Okta breach. The threat actor conducted reconnaissance activities from November 14th to 17th, gaining access to Cloudflare's internal wiki and bug database. Additional access attempts on November 20th and 21st indicated the actor's persistence, culminating in establishing continuous access through ScriptRunner for Jira on November 22nd. Finally, they tried, unsuccessfully, to access a console server that had access to a data center that Cloudflare had not yet put into production in São Paulo, Brazil.For more details on Cloudflare's breach, consult the following sources:https://www.csoonline.com/article/1303785/nation-state-actor-used-recent-okta-compromises-to-hack-into-cloudflare-systems.htmlhttps://www.techtarget.com/searchsecurity/news/366568694/Cloudflare-discloses-breach-related-to-stolen-Okta-datahttps://www.computing.co.uk/news/4170126/cloudflare-server-breached-suspected-sponsored-threat-actors

In this episode of The Cybersecurity Defenders Podcast, we delve into the ground truth realities of cybersecurity with Yochai Greenberg, a frontline cyber defender.Yochai Greenberg's expertise in cybersecurity is grounded in a lifetime of hands-on experience and military service. From an early age, he immersed himself in computer technology, gaining comprehensive knowledge of hardware and software through practical experimentation. Serving in the IDF further cultivated his understanding of protection and security protocols.Transitioning into the security industry, Yochai applied his diverse skill set as an executive protection professional, bridging the gap between physical and digital security domains. His career is defined by a relentless pursuit of knowledge and innovation, driven by a commitment to integrating and enhancing security measures across various fronts.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft updated the public on their findings - apparently, the threat actors were able to gain persistent access to the privileged email accounts by abusing the OAuth authorization protocol.Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine that could be potentially exploited by threat actors to take control of a Kubernetes cluster.A new campaign is using phishing emails to distribute malware and legitimate services to bypass email protection systems to install NetSupport RAT.On January 20th the Cactus ransomware group attacked a number of victims across varying industries.

On this episode of The Cybersecurity Defenders Podcast, we discuss some of the cybersecurity threats to electric vehicles with Mike Pedrick, VP of Cybersecurity Consulting at Nuspire.Mike is currently serving as the Vice President of Cybersecurity Consulting at Nuspire. In his role over the past two years, Mike has focused on providing advisory services to mid-market clients in the areas of cybersecurity, governance, risk, and compliance with data security and privacy standards. His specialization lies in implementing mature cybersecurity programs tailored for small and medium-sized businesses. Mike is also actively involved with ISACA, where he currently serves as the Certification Coordinator for the Denver Chapter Board, managing certification-related activities.Before joining Nuspire, Mike held positions such as Vice President of Consulting at Stealth - ISS Group Inc. and Director of Security Consulting at Synoptek. In these roles, he provided leadership and advisory services in the cybersecurity domain. With over a decade of self-employment as a Security, Compliance, and Risk Management Consultant, Mike has served as a trusted advisor to SMB/Midmarket organizations, offering guidance in cybersecurity, compliance, and risk management.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SecureList researchers from Kaspersky have come up with a lightweight method to detect iOS malware.Nearly 71 million unique credentials that were leaked from websites such as Facebook, Roblox, eBay, Yahoo, and Coinbase have been circulating on the Internet.Russian threat group COLDRIVER has expanded its targeting of Western officials to include the use of malware.The Microsoft security team is reporting that it detected a nation-state attack on its corporate systems on January 12, 2024.

On this episode of The Cybersecurity Defenders Podcast, we have a conversation about the SaaS Cyber Kill Chain with Luke Jennings, VP of Research & Development at Push Security.In this interview, we explore the evolution of cyber attacks and the impact of the remote working and SaaS revolution on the cyber kill chain.The SaaS Attack Matrix can be found here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A new Bandook variant has been distributed via a PDF since this past October.Akami researchers have uncovered a new crypto-mining campaign that has been active since the start of 2023. The Centres for Medicare and Medicaid Services will reportedly set out the proposed requirements that include two-factor authentication and maintaining a vulnerability-fixing program.Two vulnerabilities were uncovered that impact the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites.