The Cybersecurity Defenders Podcast

Matt Bromley, a cybersecurity expert, dives into the latest threats and tools shaping the landscape. He explains how the MFA Sweep PowerShell script could enhance security by checking for multi-factor authentication. The CVE2CAPEC tool helps map vulnerabilities, aiding researchers in defending against attacks. Bromley discusses the unsettling trend of North Korean IT workers infiltrating Western companies and highlights targeted malware campaigns, like GootLoader targeting Bengal cat lovers, stressing the urgency for user education and collaboration in cybersecurity.

Matt Bromley, a cybersecurity expert, dives into the latest threats and vulnerabilities. He discusses the evolution of Latrodectus malware, noting its sophisticated evasion techniques. The conversation highlights a critical zero-day vulnerability in FortiManager, underlining urgent security implications. Bromley also examines the EU's updated product liability framework, aiming to better protect consumers in the digital age. Lastly, he touches upon the controversial expulsion of Russian maintainers from Linux, raising questions about geopolitics and open source governance.

On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel.My guest today is Joshua Sitta, the co-founder and CTO of Sittadel, a cybersecurity company specializing in 24/7/365 Managed Detection and Response services. With a focus on enterprise-grade EDR solutions, Sittadel provides comprehensive cybersecurity monitoring and incident response. Before founding Sittadel, Joshua served as the Director of Enterprise Security Architecture at SouthState Bank, where he built a robust in-house cybersecurity program that safeguarded billions in assets. He brings a deep expertise in protecting organizations from modern cyber threats.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil’s Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.

On this episode of The Cybersecurity Defenders Podcast we examine how AI is revolutionizing compliance with Dr. Gaurav Banga, CEO of Balbix.Gaurav Banga, the CEO and Founder of Balbix, an AI-powered cybersecurity risk management startup. Gaurav is an accomplished inventor with over 50 patents to his name, and he has a deep background in founding and leading multiple successful tech ventures. His journey into entrepreneurship is unique—it began over a decade ago when he was inspired by a book that eventually led him to leave academia and pursue his passion for deep tech.Gaurav regularly speaks with CISOs, gaining firsthand insights into their biggest challenges as they navigate an increasingly complex cybersecurity landscape. As regulatory scrutiny around security disclosures intensifies, Gaurav offers a unique perspective on how AI can reshape the future of risk management, helping organizations strike the right balance between innovation and security.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK’s decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations. Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.

Rich Heimann, an AI researcher and committed advocate for ethical practices in technology, joins to share his insights on AI in cybersecurity. He discusses the evolution of AI perceptions and the limitations of generative models, like 'hallucinations.' Heimann emphasizes the importance of prompt engineering and collaboration between data science and legal teams. He also covers practical strategies for businesses adopting AI, particularly through existing SaaS models, and highlights the significance of Retrieval Augmented Generation for managing data effectively.

In this discussion, cybersecurity expert Matt Bromley shares his insights on emerging threats. He reveals how the FIN7 group is using AI-driven deepfakes in phishing scams, manipulating victims through familiar applications. The conversation also highlights the dismantling of COLDRIVER's cyber operations by Microsoft's Digital Crimes Unit. Additionally, Bromley discusses Aqua Security's research into stealthy Linux-targeting malware and the implications of a significant data breach at Comcast. The vulnerabilities within Active Directory Certificate Services are examined, stressing the need for proactive security measures.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.The Andariel hacking group, a subgroup of North Korea’s Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.

On this episode of The Cybersecurity Defenders Podcast, we dive into cryptocurrency and it’s role in money laundering with BBC journalist and author Geoff White.Geoff is an accomplished author, speaker, investigative journalist, and podcast creator with over 20 years of experience, focusing on organized crime and technology. He has worked with major outlets including the BBC, Audible, Penguin, Sky News, and The Sunday Times, covering topics such as financial crime, money laundering, cryptocurrency, and cybercrime. His recently released book, Rinsed, dives into how technology is transforming the money laundering industry, and was published by Penguin back in June of 2024.His previous book, The Lazarus Heist, followed the success of the hit BBC podcast series he co-hosted, which investigated North Korea’s cyber operations. He’s also the author of Crime Dot Com, which explores the global rise of hacking, and has created multiple podcast series for Audible, including The Dark Web and Artificial Intelligence: Friend or Foe?In addition to writing, he is a sought-after public speaker who has given keynote talks for brands like Microsoft, MasterCard, and HSBC. He has also won numerous awards for his reporting, including his work on the Snowden leaks and his investigations into internet fraud.Rinsed: From Cartels to Crypto How the Tech Industry Washes Money for the World's Deadliest Crooks