The Cybersecurity Defenders Podcast

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware.Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms. A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories. A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022. And you can subscribe to Detection Engineering Weekly here.

On this episode of The Cybersecurity Defenders Podcast we explore the reality of modern browser threats with John Tuckner, Founder at Secure Annex.John, the founder of Secure Annex, an innovative platform focused on helping organizations manage and secure browser extensions. With over a decade of experience in cybersecurity and technical program management, they have held key leadership roles at companies like Tines, Cyderes, and Optiv. At Tines, they spearheaded multiple initiatives, including the creation of Tines Labs, the development of a natural language AI workflow tool, and the expansion of the Tines Library of automation workflows.John’s career also includes building customer success engineering teams, driving security automation research, and implementing cutting-edge network and security solutions. They bring a wealth of expertise in creating scalable frameworks, strategic tools, and impactful automation technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment.The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore.Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider. Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2024, and bring together all of the predictions for the future of cybersecurity.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia’s APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."

On today's episode of The Cybersecurity Defenders Podcast we talk about cybercrime cottage industries with Reed McGinley-Stempel, the Co-Founder and CEO of StytchStytch is a platform designed to streamline authentication, authorization, and fraud prevention in a way that enhances security while minimizing user friction. Stytch serves both consumer and B2B applications, offering a variety of authentication solutions, including features like Google One-Tap and Biometrics for consumer-facing applications, as well as SSO, Role-Based Access Control, and SCIM integrations for enterprise SaaS. Reed founded Stytch after witnessing the challenges teams face when building secure and user-friendly authentication solutions, a problem he first encountered while working at Plaid. He is also a proud duke alumni and was the recipient of the prestigious Fullbright Scholarship

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby’s story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.