The Cybersecurity Defenders Podcast

This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel: CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule) CVE-2023-24880: An unpatched security bypass in Microsoft’s SmartScreen security feature.Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.And an interview with Heidi and Bruce Potter, ShmooCon organizers. ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software, and hardware solutions, and open discussions of critical infosec issues.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:A new Microsoft Word Vulnerability: CVE-2023-21716. The Emotet botnet is back spamming again.A previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities.A SpaceX vendor has been compromised by a LockBit affiliate.Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group.And an interview with Joe Schreiber, Co-founder and CEO of appNovi.Joe has been doing IT security since dial-up. He utilizes his knowledge and experience as a practitioner, software developer, and business developer to build highly functional, scalable, usable and quality software.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:Menlo Labs has uncovered an unknown threat actor that’s running an evasive threat campaign which is being distributed via Discord and is targeting government entities.TA569 is a prolific threat actor who has been deploying website injections that run a Javascript payload known as SocGholish.The risk to business from burned-out analysts.The emerging post-explotation framework, EXFILTRATOR-22 or EX-22.And an interview with Rich Heimann, Chief AI Officer at SilverSky, where we talk about Machine Learning and Artificial Intelligence as they relate to cybersecurity.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel. After that, an interview with Nick Gipson, Director of Cyber Operations at Pareto Cyber.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack.The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This week on the Simply Cyber Report:Scores of Redis servers infested by sophisticated custom-built malware.Oktapus hackers are back and targeting tech and gaming companies.Russian hackers using new Graphiron information stealer in Ukraine.New QakNote attacks push QBot malware via Microsoft OneNote files.Fresh, buggy Clop ransomware variant targets Linux systems.We also sit down with Ira Winkler, Field CISO and Vice President of CYE. Ira shares a wide range of thoughts and experiences garnered from an exceptional career. You can find the various books that Ira has written, which are mentioned in the podcast, at the  following links:You CAN Stop StupidAdvanced Persistent SecuritySecurity Awareness for DummiesCybersecurity All-in-one For DummiesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about BITS jobs.We also sit down with Tyler Shields: a cybersecurity veteran, entrepreneur, and angel investor. In our conversation, we talk about the economic conditions driving the tech sector layoffs we are seeing, what zombie companies are, and speculate on the future of AI.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Microsoft has started blocking the execution of XLL add-ins downloaded from the Internet. The hacking group DragonSpark is leveraging Golang source code interpretation to evade detection. Threat actors are turning to Sliver to replace more popular frameworks Cobalt Strike and Metasploit. Over 4,500 WordPress sites have been hacked and Emote malware makes a comeback. Emotet is back with new evasion techniques in MS Excel.We also sit down with Michael Argast, Co-founder and CEO of Kobalt.io. We learn about Kobalt's approach to scaling cybersecurity services for small and medium-sized businesses, and also some great advice on what it takes to build services for this part of the market. A great conversation that is full of tidbits of wisdom for anybody looking to start a security services company.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.Russian president Vladimir Putin's press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia. Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants. McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the power grid, bus stations, gas stations, the airport, and banks".This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.