The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Securonix Threat Labs are reporting that threat actors working as part of the DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks. AhnLab’s Security Emergency Response Center are reporting on threat actors using phishing emails to distribute some fileless malware.The researchers over at Group-IB have uncovered a covert business email compromise phishing campaign targeting Microsoft 365.NSFOCUS Security Labs captured a new APT34 phishing attack against enterprise targets that released a variant of the SideTwist Trojan to achieve long-term control of the victim host.Threat Analysis Group publicly disclosed a campaign from government-backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we speak with Matthew Fulmer, Director of Cyber Threat Intelligence at BLOKWORX.With over 9 years of experience in the cyber security field, Matthew is a passionate and driven leader who strives to protect organizations from evolving and emerging threats. He has a strong background in threat intelligence, malware analysis, offensive security, and customer success, and he holds a Six Sigma Green Belt certification. As the Director of Cyber Threat Intelligence at BLOKWORX, Matthew integrates with internal teams to provide them with the latest knowledge and insights on the threat landscape and the best practices to prevent and deflect attacks.In his previous role as the Manager of Cyber Intelligence Engineering at Deep Instinct, Matthew managed a growing team of cyber intelligence engineers who operated within the customer success organization. He was responsible for creating a new service offering, developing the professional skills of his team, analyzing threat vectors in various environments, communicating proactively with customers, creating technical articles and content, and assisting with security education. He also contributed to the malware analysis, the pre-load product, and the administrator certification course. Some of the skills that Matthew applied and enhanced in this role include network administration, information security, and technical support.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

A hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:Senior Security Researcher at Thinkst, Casey SmithSecurity Evangelist at RunZero, Huxley BarbeeHead of Tines Labs, John TucknerWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Ross Haleliuk, Co-Lead of the Venture in Security Angel Syndicate, and Head of Product at LimaCharlie.Ross is a head of product at LimaCharlie - a startup that enables organisations to detect & respond to threats, automate processes, and future-proof their security operations. His areas of expertise include go-to-market and product strategy, B2B product-led growth, strategic positioning, product-market fit expansion, and growth. Outside of work, Ross is a startup advisor, angel investor, frequent contributor to TechCrunch, Forbes, and VentureBeat, and author of VentureinSecurity.netThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos reporting on both QuiteRAT and CollectionRAT from the Lazarus Group.JPCERT/CC has confirmed a new technique used in an attack that bypasses detection by embedding a malicious Word file into a PDF file. Telekom Security was recently made aware via trust groups about a new malware campaign involving DarkGate .The FBI and the Justice Department announced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

A hosted panel discussion with industry leaders to explore the advantages of the SecOps Cloud Platform for product builders.The panel is moderated by LimaCharlie's Head of Product, Ross Haleliuk. The panel participants are:Founder & CTO of Recon InfoSec, Eric CapuanoLead Incident Detection Engineer at Blumira, Amanda BerlinWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The return of the Racoon Stealer after temporarily being disrupted.EclecticIQ, analysts have assessed with high-confidence two observed PDF documents that are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.MalwareBytes is following up on a tech support scam campaign dubbed WoofLocker.The threat research team at BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.SentinelOne are reporting a new iteration of the XLoader malware-as-a-service infostealer and botnet .The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie, about the SecOps Cloud Platform.The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with John Hammond, Principal Security Researcher at Huntress, about security research.John Hammond is a cybersecurity researcher, educator and content creator. As part of the Threat Operations team at Huntress, John spends his days making hackers earn their access and helping tell the story. Previously, as a Department of Defense Cyber Training Academy instructor, he taught the Cyber Threat Emulation course, educating both civilian and military members on offensive Python, PowerShell, other scripting languages and the adversarial mindset. He has developed training material and information security challenges for events such as PicoCTF and competitions at DEFCON US. John speaks at security conferences such as BsidesNoVA, to students at colleges such as the US Naval Academy, and other online events including the SANS Holiday Hack Challenge/KringleCon. He is an online YouTube personality showcasing programming tutorials, CTF video walkthroughs and other cyber security content. John currently holds the following certifications: Security+, CEH, LFS, eJPT, eCPPT, PNPT, PCAP, OSWP, OSCP, OSCE, OSWE, OSEP, and OSED (OSCE(3)).The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.