The Cybersecurity Defenders Podcast

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel. After that, an interview with Nick Gipson, Director of Cyber Operations at Pareto Cyber.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack.The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This week on the Simply Cyber Report:Scores of Redis servers infested by sophisticated custom-built malware.Oktapus hackers are back and targeting tech and gaming companies.Russian hackers using new Graphiron information stealer in Ukraine.New QakNote attacks push QBot malware via Microsoft OneNote files.Fresh, buggy Clop ransomware variant targets Linux systems.We also sit down with Ira Winkler, Field CISO and Vice President of CYE. Ira shares a wide range of thoughts and experiences garnered from an exceptional career. You can find the various books that Ira has written, which are mentioned in the podcast, at the  following links:You CAN Stop StupidAdvanced Persistent SecuritySecurity Awareness for DummiesCybersecurity All-in-one For DummiesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about BITS jobs.We also sit down with Tyler Shields: a cybersecurity veteran, entrepreneur, and angel investor. In our conversation, we talk about the economic conditions driving the tech sector layoffs we are seeing, what zombie companies are, and speculate on the future of AI.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Microsoft has started blocking the execution of XLL add-ins downloaded from the Internet. The hacking group DragonSpark is leveraging Golang source code interpretation to evade detection. Threat actors are turning to Sliver to replace more popular frameworks Cobalt Strike and Metasploit. Over 4,500 WordPress sites have been hacked and Emote malware makes a comeback. Emotet is back with new evasion techniques in MS Excel.We also sit down with Michael Argast, Co-founder and CEO of Kobalt.io. We learn about Kobalt's approach to scaling cybersecurity services for small and medium-sized businesses, and also some great advice on what it takes to build services for this part of the market. A great conversation that is full of tidbits of wisdom for anybody looking to start a security services company.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.Russian president Vladimir Putin's press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia. Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants. McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the power grid, bus stations, gas stations, the airport, and banks".This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about RDP.We also sit down with Michael Laudenslager, VP of Cybersecurity at Churchill Mortgage and talk about security in the cloud.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Unknown threat actors have been observed hiding malware execution behind a legitimate Windows support binary. S3 buckets are now encrypted by default. A powerful Android malware has been tuned to target banking applications. And it is the end of life for Windows Server 2008.We also sit down with Walter Haydock, Founder and CEO of StackAware. We learn about StackAware and their approach to vulnerability management, and also how Walter got his company off of the ground using low-code tooling. A fascinating conversation for anyone looking to start their own cybersecurity company.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

New vulnerability found in WooCommerece Gift Cards Premium Wordpress plugin with CVSS score of 9.8.Fin7 has developed an AI-powered automated attacking tool called Checkmarks. Checkmarks is designed to auto-attack ms exchange systems, perform post exploitation actions, and grab enough data to allow FIN7 to understand their victim.Raspberry Robin has a new feature. This version of Raspberry Robin has two payloads, one designed to be discovered if the malware believes it's being analyzed in a sandbox. This fake payload look legit including looking at the registry on start up to check for infection, pulling down an adware named 'browserassist'. This payload has shellcode and a PE file with the MZ magic bytes removed to hide its not a PE file.Plus an interview with Jason Chan, former VP of Information Security at Netflix  about how he helped build their security program from the ground up.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.