The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. A new injector written in Rust is used to inject shellcode and introduce XWorm into a victim’s environment.Multiple cases where the SugarCRM was the initial attack vector and allowed threat actors to gain access to AWS accounts.Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems and steals sensitive information.Patrick Wardle's research says that macOS's Background Task Manager can be easily bypassed and that Apple failed to act on his recommendations to fix it.CISA are reporting on the Seaspy and Whirlpool backdoors after obtaining malware samples from a compromised device.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Burkett, Founder of Signalblur, about the growing threat of Linux ransomware.David is a dedicated and highly experienced Cloud Detection Engineer and Security Architect, with a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.His expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. David is proud to have been part of a security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. David is constantly seeking opportunities to grow and learn and is eager to connect with like-minded professionals in the cybersecurity domain. The article on Linux ransomware referenced in the podcast can be found here: A Deep Dive into Linux Ransomware ResearchAnd David's previous appearance on the show can be found here: Episode #6The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast we host a panel discussion with industry leaders and explore the advantages of the SecOps Cloud Platform for securing enterprise organizations.The panel is moderated by LimaCharlie's Chief Revenue Officer, Jessica Crytzer. The panel participants are:Founder & CEO of LimaCharlie, Maxime Lamothe-BrassardFounder & CEO of Turngate, Bruce Potter Head of Product, Interpres Security, Fred WilmotPrincipal Consultant at Higgins Cybersecurity Consulting, Sean HigginsWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Decoy Dog is a malware toolkit that cleverly uses DNS to perform command and control.Breaking down the infection chain for Casbaneiro, another banking trojan targeting Latin America.An initial-access malware campaign that leverages malicious advertising - or malvertising - to impersonate legitimate software and compromise business networks.The VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques.Trellix Advanced Research Center who have identified a novel method for exploiting the ‘search-ms” protocol handler.The source code of the BlackLotus Unified Extensible Firmware Interface - or UEFI - rootkit was leaked on GitHub.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we chat with David Seidman, Head of Detection & Response at Robinhood, about building high-performance teams.David manages the Detection & Response team at Robinhood,  and is responsible for detection, incident response, and D&R infrastructure. Robinhood's Platform team develops the "pipes and engines": log ETL, transport, data lake, Splunk, SIEM, SOAR, experimental tech, etc. Robinhood emphasizes engineering excellence and agility - they are moving fast and getting a lot done. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that brings together critical cybersecurity capabilities and eliminates integration challenges and security gaps for more effective protection against today’s threats.Watch the SecOps Cloud Platform panel discussions here: Introducing the SecOps Cloud PlatformThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of The Cybersecurity Defenders Podcast, we sit down with LimaCharlie Founder & CEO, Maxime Lamothe-Brassard, and talk about the history and vision of the SecOps Cloud Platform.About the SecOps Cloud Platform:The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a series of cybersecurity solutions designed to interoperate in an un-opinionated way, from the ground up; where powerful systems can be put in place at incredible speeds.An environment fundamentally open through APIs, documentation, integrability, affordability; making it a neutral space for all cybersecurity professionals, whether they’re in enterprise, services or vendors to build appropriate solutions.The SecOps Cloud Platform is not where data goes to die—it’s a fabric, a sandbox ready for you to use, but also ready to disseminate data and insights to other systems as needed in cost-effective ways.About Maxime:After graduating from the University of Victoria with a degree in Computer Science Maxime began his career in cybersecurity working for the Canadian Government as part of the Communications Security Establishment (CSE). CSE is Canada's national cryptologic agency, providing the Government of Canada with information technology security and foreign signals intelligence. As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from the development of cyber defense technologies, Counter Computer Network Exploitation and Counter Intelligence.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defense. He was an early employee at Crowdstrike, then worked for Google where he eventually landed in Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The RustBucket malware allows operators to download and execute various payloads. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.Charming Kitten sends a lure masquerading as a senior fellow with the Royal United Services Institute to a public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. New Truebot malware variants deployed on networks compromised using a critical remote code execution vulnerability in the Netwrix Auditor software.TrendMicro is reporting a new ransomware family and its variant named Big Head.Zscaler ThreatLabz has recently uncovered a new targeted attack campaign striking businesses in the Latin American region.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation around best practices for submitting papers to conferences with Huxley Barbee, Security Evangelist at runZero & organizer of BSidesNYC.Throughout Huxley's career, he has held key positions at Cisco, Datadog and now runZero. He is passionate about cybersecurity and supporting the community in order to create a better security posture for all. Huxley encourages our listeners to connect with him on various platforms as linked below.LinktreeLinkedInMastadonTwitterSome resources for finding conferences to submit papers to are linked below.Infosec ConferencesCFP TimeSecurity BSidesPulesdive's list of threat intel conferencesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. ASEC discovered that RedEyes is distributing and using an infostealer with wiretapping features. Symantex is reporting that The Flea has continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023. Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID Rapid7 researchers recently undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered. Members across the military have reported receiving smartwatches unsolicited in the mail. And you can register here to attend the LinkedIn Live Event, An Invitation to Change: Introducing the SecOps Cloud Platform The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.