The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Lumma Stealer, an information-stealing malware, has been observed using new evasion techniques to avoid detection.Researchers at CloudSEK have uncovered a trojanized version of the xWorm Remote Access Trojan (RAT) builder that is being secretly distributed among cybercriminals. A recent disclosure by security researcher Zach Latta highlights how the Washington State Department of Transportation (WSDOT) inadvertently exposed sensitive server credentials on its public website.A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet’s FortiOS has been actively exploited in the wild, allowing attackers to execute arbitrary code or gain unauthorized access to affected systems.

On this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP.Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and E*Trade, as well as public sector organizations including the U.S. Navy and the EPA.Garret began his career as a security programmer at Texas Instruments, IBM, and Tandem Computers, later advancing to key roles at RSA, Netegrity, and Cisco. He is also the founder and creator of SecureAuth IdP, a two-factor authentication and SSO platform. Known for his expertise in security architecture, product development, and leadership, Garret is a thought leader in modern IT architecture, including mobile deployments, cloud, hybrid environments, and advanced authentication technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats. SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C).A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access. Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she’s helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market. You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark

On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light. David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes.David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community.Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada. In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers. SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.

In this engaging discussion, Nick Gipson, founder and CEO of Gipson Cyber, shares his journey from digital forensics at the Department of Defense to launching a subscription-based cybersecurity service for small businesses. He highlights the critical gap in affordable protection for these enterprises and the unique challenges of starting an MSSP. Nick also examines the rising demand for cybersecurity in various industries and shares insights on future innovations like automation and the role of AI in enhancing security measures.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial PipelineOn May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.This episode was written by the talented Nathaniel Nelson.Casey Ellis can be found on LinkedIn here.

On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.'Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.