The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Bambenek, tell the story of one of the largest and most complicated supply chain attacks in history: SolarWinds On December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds's Orion software.Victims of this attack include the cybersecurity firm FireEye, the US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration, as well as the US Department of Homeland Security.Prominent international SolarWinds customers investigating whether they were impacted include the North Atlantic Treaty Organization (NATO), the European Parliament, UK Government Communications Headquarters, the UK Ministry of Defence, the UK National Health Service (NHS), the UK Home Office, and AstraZeneca. FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020". FireEye named the malware SUNBURST. Microsoft called it Solorigate.The attack used a backdoor in a SolarWinds library; when an update to SolarWinds occurred, the malicious attack would go unnoticed due to the trusted certificate.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VulnCheck comes across a malicious GitHub repository that is claimed to be a Signal 0-day.CheckMarx are reporting that Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking a S3 bucket.Team CYMRU has released a detailed publication on Vidar infrastructure which encompasses both the primary administrative aspects and the underlying backend. Bit Defender Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. Researchers have found an unofficial package called 'https' that exists on NPM with over 1600 other packages that depend on it.An attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers.Cl0p rewards of up to $10 million are being offered by the U.S. State Department's Rewards for Justice program.SentinelOne is reporting on the Terminator EDR killer - Spyboy. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about AI in cybersecurity with Jon Bagg, Founder & CEO of Salem Cyber.Jon Bagg is the creator of Salem Cyber, an innovative cyber analysis technology that helps scale their alert investigation capacity so they can find threats in the noise. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. $35 million has reportedly been stolen from users of Atomic Wallet.On June 9th the Microsoft Azure Portal was down on the web as a result of suspected DDOS.The US Department of Justice has indicted 6 people for their involvement in a $6 million dollar business email compromise scam.CVE-2023-27997 was reported by Fortinet on June 13th (Fortinet hardening guide).Trend Micro recently discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine.And a really cool PDF - the Cy-Xplorer 2023 report put out by Orange Cyberdefense.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders Podcast, we have a conversation about edge computing with Theresa Lanowitz, Head of Evangelism and Portfolio Marketing at AT&T Cybersecurity.Theresa Lanowitz is a proven global influencer and speaks on trends and emerging technology poised to help today’s enterprise organizations flourish. Theresa is currently the head of evangelism at AT&T Business - Cybersecurity.Prior to joining AT&T, Theresa was an industry analyst with boutique analyst firm voke and Gartner. While at Gartner, Theresa spearheaded the application quality ecosystem, championed application security technology, and created the successful Application Development conference.As a product manager at Borland International Software, Theresa launched the iconic Java integrated development environment, JBuilder. While at Sun Microsystems, Theresa led strategic marketing for the Jini project – a precursor to IoT (Internet of Things).Theresa’s professional career began with McDonnell Douglas where she was a software developer on the C-17 military transport plane and held a US Department of Defense Top Secret security clearance.Theresa holds a Bachelor of Science in Computer Science from the University of Pittsburgh, Pittsburgh, PA.The report referenced in the podcast can be acquired here: 2023 AT&T Cybersecurity Insight Report: Edge Ecosystem The open-source Genie Framework referenced in the podcast can be viewed here: Genie FrameworkThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.BlackCat makes some changes geared towards improving its tradecraft and increasing the likelihood of data theft and encryption. A new hacking forum called Exposed has publicly leaked a substantial database from the infamous RaidForums.A critical vulnerability in the MOVEit Transfer software.Camaro Dragon targets European foreign affairs entities linked to Southeast and East Asia.Kaspersky is reporting on some unknown malware targeting iOS devices.The Hacker News is reporting a surge in TrueBot activity that was observed starting in May 2023.Uptycs is reporting on the threat group behind the Cyclops ransomware and stealer combo. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined Devon Ackerman, Global Service Line Leader for Digital Forensics and Incident Response (DFIR) services at Kroll Cyber.Prior to Kroll, Devon served as a Supervisory Special Agent at the FBI's Operational Technology Division in the CART Field Operations Unit. He navigated digital forensic issues, managed 56 FBI Division executive management relationships, organized team deployments during mass incident response events such as the San Bernardino Domestic Terrorism shooting (Apple iPhones), and served as a senior certified Forensic Examiner (CART) for on-scene collections and forensic analysis.As mentioned in the show, an excellent resource for all things DFIR: aboutDFIR.comThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer’s personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub RunnersThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Malware Bytes researchers reporting on the Red Stinger group which has targeted entities in Ukraine.Apple is reporting three new zero days affecting iPhones, iPads, Macs and even Apple watches and TVs. The folks over at CISCO Talos have recently identified a new RA group that has been operating since at least April 22, 2023.Check Point researchers have uncovered the GuLoader that has been used in a large number of attacks.Trend Micro is reporting on a new capability seen in a BlackCat ransomware incident.Kaspersky is introducing the world to a new APT group they are calling GoldenJackal.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.