The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that brings together critical cybersecurity capabilities and eliminates integration challenges and security gaps for more effective protection against today’s threats.Watch the SecOps Cloud Platform panel discussions here: Introducing the SecOps Cloud PlatformThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we sit down with LimaCharlie Founder & CEO, Maxime Lamothe-Brassard, and talk about the history and vision of the SecOps Cloud Platform.About the SecOps Cloud Platform:The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.About Maxime:After graduating from the University of Victoria with a degree in Computer Science Maxime began his career in cybersecurity working for the Canadian Government as part of the Communications Security Establishment (CSE). CSE is Canada's national cryptologic agency, providing the Government of Canada with information technology security and foreign signals intelligence. As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from the development of cyber defense technologies, Counter Computer Network Exploitation and Counter Intelligence.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defense. He was an early employee at Crowdstrike, then worked for Google where he eventually landed in Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The RustBucket malware allows operators to download and execute various payloads. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.Charming Kitten sends a lure masquerading as a senior fellow with the Royal United Services Institute to a public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. New Truebot malware variants deployed on networks compromised using a critical remote code execution vulnerability in the Netwrix Auditor software.TrendMicro is reporting a new ransomware family and its variant named Big Head.Zscaler ThreatLabz has recently uncovered a new targeted attack campaign striking businesses in the Latin American region.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation around best practices for submitting papers to conferences with Huxley Barbee, Security Evangelist at runZero & organizer of BSidesNYC.Throughout Huxley's career, he has held key positions at Cisco, Datadog and now runZero. He is passionate about cybersecurity and supporting the community in order to create a better security posture for all. Huxley encourages our listeners to connect with him on various platforms as linked below.LinktreeLinkedInMastadonTwitterSome resources for finding conferences to submit papers to are linked below.Infosec ConferencesCFP TimeSecurity BSidesPulesdive's list of threat intel conferencesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. ASEC discovered that RedEyes is distributing and using an infostealer with wiretapping features. Symantex is reporting that The Flea has continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023. Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID Rapid7 researchers recently undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered. Members across the military have reported receiving smartwatches unsolicited in the mail. And you can register here to attend the LinkedIn Live Event, An Invitation to Change: Introducing the SecOps Cloud Platform The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Bambenek, tell the story of one of the largest and most complicated supply chain attacks in history: SolarWinds On December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds's Orion software.Victims of this attack include the cybersecurity firm FireEye, the US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration, as well as the US Department of Homeland Security.Prominent international SolarWinds customers investigating whether they were impacted include the North Atlantic Treaty Organization (NATO), the European Parliament, UK Government Communications Headquarters, the UK Ministry of Defence, the UK National Health Service (NHS), the UK Home Office, and AstraZeneca. FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020". FireEye named the malware SUNBURST. Microsoft called it Solorigate.The attack used a backdoor in a SolarWinds library; when an update to SolarWinds occurred, the malicious attack would go unnoticed due to the trusted certificate.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VulnCheck comes across a malicious GitHub repository that is claimed to be a Signal 0-day.CheckMarx are reporting that Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking a S3 bucket.Team CYMRU has released a detailed publication on Vidar infrastructure which encompasses both the primary administrative aspects and the underlying backend. Bit Defender Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. Researchers have found an unofficial package called 'https' that exists on NPM with over 1600 other packages that depend on it.An attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers.Cl0p rewards of up to $10 million are being offered by the U.S. State Department's Rewards for Justice program.SentinelOne is reporting on the Terminator EDR killer - Spyboy. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about AI in cybersecurity with Jon Bagg, Founder & CEO of Salem Cyber.Jon Bagg is the creator of Salem Cyber, an innovative cyber analysis technology that helps scale their alert investigation capacity so they can find threats in the noise. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. $35 million has reportedly been stolen from users of Atomic Wallet.On June 9th the Microsoft Azure Portal was down on the web as a result of suspected DDOS.The US Department of Justice has indicted 6 people for their involvement in a $6 million dollar business email compromise scam.CVE-2023-27997 was reported by Fortinet on June 13th (Fortinet hardening guide).Trend Micro recently discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine.And a really cool PDF - the Cy-Xplorer 2023 report put out by Orange Cyberdefense.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about edge computing with Theresa Lanowitz, Head of Evangelism and Portfolio Marketing at AT&T Cybersecurity.Theresa Lanowitz is a proven global influencer and speaks on trends and emerging technology poised to help today’s enterprise organizations flourish. Theresa is currently the head of evangelism at AT&T Business - Cybersecurity.Prior to joining AT&T, Theresa was an industry analyst with boutique analyst firm voke and Gartner. While at Gartner, Theresa spearheaded the application quality ecosystem, championed application security technology, and created the successful Application Development conference.As a product manager at Borland International Software, Theresa launched the iconic Java integrated development environment, JBuilder. While at Sun Microsystems, Theresa led strategic marketing for the Jini project – a precursor to IoT (Internet of Things).Theresa’s professional career began with McDonnell Douglas where she was a software developer on the C-17 military transport plane and held a US Department of Defense Top Secret security clearance.Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.The report referenced in the podcast can be acquired here: 2023 AT&T Cybersecurity Insight Report: Edge Ecosystem The open-source Genie Framework referenced in the podcast can be viewed here: Genie FrameworkThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.