The Cybersecurity Defenders Podcast

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack. The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack.  Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware.Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Datadog Security Labs has introduced the Supply-Chain Firewall, a new open-source tool designed to protect developers from malicious and vulnerable packages sourced from PyPI and npm repositories.U.S. authorities have arrested 19-year-old Remington Goy Ogletree, known online as "remi," for allegedly breaching a U.S. financial institution and two unnamed telecommunications firms. A recent study titled "A Study of Malware Prevention in Linux Distributions" examines the challenges of preventing and detecting malware within Linux distribution package repositories. A recently identified zero-day vulnerability affects all modern versions of Windows Workstation and Server operating systems, from Windows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022. And you can subscribe to Detection Engineering Weekly here.

On this episode of The Cybersecurity Defenders Podcast we explore the reality of modern browser threats with John Tuckner, Founder at Secure Annex.John, the founder of Secure Annex, an innovative platform focused on helping organizations manage and secure browser extensions. With over a decade of experience in cybersecurity and technical program management, they have held key leadership roles at companies like Tines, Cyderes, and Optiv. At Tines, they spearheaded multiple initiatives, including the creation of Tines Labs, the development of a natural language AI workflow tool, and the expansion of the Tines Library of automation workflows.John’s career also includes building customer success engineering teams, driving security automation research, and implementing cutting-edge network and security solutions. They bring a wealth of expertise in creating scalable frameworks, strategic tools, and impactful automation technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment.The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore.Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider. Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2024, and bring together all of the predictions for the future of cybersecurity.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia’s APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."