The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.BlackCat makes some changes geared towards improving its tradecraft and increasing the likelihood of data theft and encryption. A new hacking forum called Exposed has publicly leaked a substantial database from the infamous RaidForums.A critical vulnerability in the MOVEit Transfer software.Camaro Dragon targets European foreign affairs entities linked to Southeast and East Asia.Kaspersky is reporting on some unknown malware targeting iOS devices.The Hacker News is reporting a surge in TrueBot activity that was observed starting in May 2023.Uptycs is reporting on the threat group behind the Cyclops ransomware and stealer combo. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined Devon Ackerman, Global Service Line Leader for Digital Forensics and Incident Response (DFIR) services at Kroll Cyber.Prior to Kroll, Devon served as a Supervisory Special Agent at the FBI's Operational Technology Division in the CART Field Operations Unit. He navigated digital forensic issues, managed 56 FBI Division executive management relationships, organized team deployments during mass incident response events such as the San Bernardino Domestic Terrorism shooting (Apple iPhones), and served as a senior certified Forensic Examiner (CART) for on-scene collections and forensic analysis.As mentioned in the show, an excellent resource for all things DFIR: aboutDFIR.comThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer’s personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub RunnersThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Malware Bytes researchers reporting on the Red Stinger group which has targeted entities in Ukraine.Apple is reporting three new zero days affecting iPhones, iPads, Macs and even Apple watches and TVs. The folks over at CISCO Talos have recently identified a new RA group that has been operating since at least April 22, 2023.Check Point researchers have uncovered the GuLoader that has been used in a large number of attacks.Trend Micro is reporting on a new capability seen in a BlackCat ransomware incident.Kaspersky is introducing the world to a new APT group they are calling GoldenJackal.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about mental health in cybersecurity with Amanda Berlin, CEO of Mental Health Hackers.Mental Health Hackers' stated mission is to educate tech professionals about the unique mental health risks faced by those in our field – and often by the people who we share our lives with – and provide guidance on reducing their effects and better manage the triggering causes.They also aim at providing support services to those who may be susceptible to related mental health issues such as anxiety, depression, social isolation, eating disorders, etc.If you are struggling please know that there are a lot of people in your community that care, as well as resources that you can access. Mental Health First AidWorkplace Mental HealthA list of resources from Mental Health HackersMental Health: Know the Warning Signs Mental Health: How to find help  Mental Health: Maintaining a Healthy LifestyleThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this special episode of the Cybersecurity Defenders Podcast, we have a longer-form discussion about the recent FBI takedown of the Russian malware known as Snake. The FBI dismantled the global peer-to-peer network of Snake-infected computers with Operation MEDUSA in coordination with multiple cybersecurity agencies.Resources referenced in this show:Press release from the Department of JusticeCISA's cybersecurity advisoryCISA breakdown of the Snake malwareThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This episode of the Cybersecurity Defenders podcast is the second part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet.Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.If you have not heard the first episode it is recommended that you do so before listening to this one. You can listen to the first episode here: Stuxnet (Part 1)Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threatmmon have uncovered a targeted PowerShell backdoor malware attack that bypasses normal detection methodology.Researchers have uncovered an attack that is based on a classic sideloading technique with a twist in which a first-stage clean application sideloads a second clean application and auto-executes it.US authorities have announced the seizure of 13 internet domains.The Blackberry Threat Research and Intelligence team has discovered a new campaign from the Sidewinder APT group against Pakistani government organizations.CISA has issued an advisory letting the public know that the FBI has used a court order to take down a Russian government-controlled malware network.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The initial  attack vector of 3CX’s network was via malicious software downloaded from Trading Technologies websiteQuaDream has allegedly fired all of its staff and is shutting down its operations in the coming daysState-sponsored campaigns targeting global infrastructure: looks like obvious targeting to support future destructive attacksA new information-stealing malware called Atomic macOS Stealer (AMOS)Attackers have been observed attempting to disable EDR clients with a new defensive evasion tool we’ve dubbed AuKillA new report put out by the National Cyber Security Centre is meant to help defenders understand selected malware threats in more technical depth, and provide indicators and TTPs to support threat hunting or modeling: View the ReportThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.