The Cybersecurity Defenders Podcast

The Cybersecurity Defender's host, Christopher Luft, along with special guest Eric Capuano, walk through the available details of the most recent Okta security breach that affected 1Password, BeyondTrust, and CloudFlare.On Friday, October 20th, Okta announced that it suffered an intrusion in its customer support system. The company confirmed that 'certain Okta customers' were affected and stated that it notified 'around 1 percent' of its 18,400 customers that they were impacted.

On this episode of The Cybersecurity Defenders Podcast, we share the second part of 'When the Lights Went Out in Ukraine.'If you haven’t already, I recommend going back now and listening to “When the Lights Went Out in Ukraine, Part 1.”Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sentinel One talking about emerging trends and evolving techniques for macOS malware in 2023BlackCat operators recently announced new updates to their tooling, including a utility called MunchkinOn October 16, Cisco released an advisory regarding a critical zero-day privilege escalation vulnerability in their IOS XE Web UI software.WithSecure Labs is reporting that Vietnamese cybercrime groups are using multiple different Malware as a Service infostealers and Remote Access Trojans to target the digital marketing sector.The FBI in Phoenix is warning the public of a new scam dubbed “The Phantom Hacker.”Google’s Threat Analysis Group has recently observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831.

Nas Bencherchali, Detection Engineer & Threat Researcher at Nextron Systems, talks about the LOLDrivers project collecting vulnerable and malicious drivers. They also discuss the Sigma community project for creating and sharing threat detection rules, and the future of cybersecurity and the importance of detection.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A joint advisory that was published by the NSA, the FBI and CISA, along with, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity.ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain.Unit 42 at Palo Alto are reporting that the CL0P ransomware group recently began using torrents to distribute victim data after a rather notorious campaign stealing data from thousands of companies.Checkmarx is reporting on a persistent open-source supply chain attacker targeting the Python ecosystem who has been active and evolving since April 2023.Arstechnica is reporting the discovery of thousands of Androids devices infected with malware right out of the box.Github Security Lab, in coordination with Ilya Lipnitskiy, has disclosed a 0-day memory corruption vulnerability in libcue, noted as CVE-2023-43641. Checkmarx reporting on a targeted campaign that unfolded via Pypi, targeting developers utilizing Alibaba cloud services, AWS, and Telegram.

In this episode of The Cybersecurity Defenders Podcast, we speak with Sean Higgins, consultant, educator, and co-founder of the Herjavec Group.Sean Higgins is a coach, speaker, author, and consultant with a specialization in cybersecurity program evaluation. With over 35 years of experience in information technology, he has dedicated nearly three decades to the field of cybersecurity. From 2003 to 2022, Sean served as the CTO and Co-founder of Herjavec Group. In his Canadian Best Selling book, "Driven," Robert Herjavec described Sean as "the smartest guy I ever met," a recognition that deeply touched him.Today, organizations seek out Sean's expertise when they require guidance on resolving technical issues, evaluating technological solutions, or need assistance in shaping the direction of their company's security program. One of his notable strengths lies in helping Chief Information Security Officers (CISO) and senior management confidently evaluate and refine their security programs.Sean is astounded by the rapid evolution of technology over the years. His career commenced in 1986 when he was writing programs to count light bulbs at General Electric. A few years later, he was instrumental in establishing the first computer network for the North York Public Library in Ontario, an endeavor that predates the widespread internet we know today. During those early days of the ARPANET, Sean used it to send emails to friends still at Purdue University. He also holds the distinction of being the first expert witness in a Canadian court regarding a cybersecurity incident.Passionate about mentoring millennials in the tech industry to find balance between their professional and personal lives, Sean collaborates with various universities, including the University of York's Career Mentorship Program. Additionally, he is a member of the Case Alumni Association Scholarship Committee, where he has the honor of awarding millions of dollars in scholarships to junior and senior STEM students.Sean's coaching approach combines elements of traditional life coaching, entrepreneurial business experience, and his ability to read energy. He has received training from the Quantum Success Coaching Academy, Enwaken Coaching, and Enwaken Apprentice programs.Notably, Sean has self-published his first book on Amazon titled "Living Your Purposeful Life" and is currently working on his second book, "Balancing: How tech managers can avoid burnout, balance priorities, and come back to life," slated for release in January 2023.Residing on picturesque Vancouver Island, Sean enjoys exploring the island's beauty with his faithful Golden Retriever, Rosie. He is an avid mountain biker and has recently discovered a passion for pickleball. His love for college athletics, particularly college basketball, is evident, and he especially cherishes watching his alma mater, Purdue University, during March Madness. So, reaching him during that time might prove a challenge, as he's likely to be glued to the games.

On this episode of the Cybersecurity Defenders Podcast, a hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for Managed Security Service Providers.The panel is moderated by LimaCharlie Co-founder, Christopher Luft. The panel participants are:Co-founder at Soteria, Paul IhmeCo-founder/CTO at Horangi Security, Lee SultWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Intel471 are reporting on a campaign utilizing Bumblebee, a type of a loader that has increasingly been used by threat actors affiliated with ransomware.ESentire are reporting on several attacks conducted by the Russia-linked LockBit Gang.Permiso reporting on LUC-3 who overlaps with Scattered Spider.Cisco Talos has discovered a new malware family they have dubbed HTTPSnoop being deployed against telecommunication providers in the Middle East.  WeLiveSecurity have stumbled upon a previously unknown backdoor being deployed in the Middle East that they have named DeadGlyph. Unit42 have started investigating a series of espionage attacks targeting a government in Southeast Asia.LimaCharlie's Office Hours, where we break down some TTPs in-depth, take place every Friday at 9.00 AM PT / 12.00 PM ET. You can find more information here: limacharlie.io/office-hoursThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On the special episode of The Cybersecurity Defenders Podcast we take a close look at the MGM cyberattack that took place in September 2023. On September 11 numerous MGM Resorts International properties in Las Vegas and throughout the United States were attacked by ransomware which shut down many aspects of its IT. Checking in and out, reservations, digital room keys, tickets, credit card systems, some slot machines, and even elevators at several MGM casino hotels became inoperative, forcing their staffs to use manual methods to serve their clientele, i.e. analog pen and paper. MGM filed a Form 8-K report with the SEC the next day. The relatively recent criminal hacking group Scattered Spider is believed to have used social engineering to bypass multi-factor authentication. The published statement by Scattered Spider can be found here. A list of APT groups/names can be found here.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we speak with Chad Loeven, VP Business Development at OPSWAT. Chad Loeven is an experienced cybersecurity professional who leads OPSWAT's OEM technology licensing business and technology partners. OPSWAT technology helps secure over 150M endpoints by working with many of the world's largest technology vendors. They provide threat intelligence, malware analysis, vulnerability assessment, patch management, device compliance, and more.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.