The Cybersecurity Defenders Podcast

In this discussion, Matt Bromley, an expert cybersecurity analyst, shares enlightening insights on the latest cyber threats. He highlights a significant 35% drop in ransomware payments in 2024 and the arrest of a key member from the 8Base ransomware group. The XE Group is now employing advanced supply chain attacks, potentially surpassing the SolarWinds incident. Additionally, Bromley uncovers a concerning cyber-espionage campaign targeting governmental sectors in South Asia, showcasing the ever-evolving landscape of cyber threats.

On this episode of The Cybersecurity Defenders Podcast we talk about talent acquisition, training, and retention in the MSSP space with Paul Ihme, Cofounder & Managing Principle at Soteria.Paul is a cybersecurity professional with extensive experience in both federal and private sectors. He is the co-founder and managing principal of Soteria, a firm that provides tailored cybersecurity solutions and strategic advisory services to help businesses defend against cyber threats 24/7. Soteria specializes in managed detection and response, domain monitoring, and risk management for Microsoft 365 environments among other things. Prior to founding Soteria, Paul held key roles in cybersecurity, including Vice President of Active Network Defense at JPMorgan Chase and as a Cyber Warfare Operator in the U.S. Air Force. Today, we are going to be discussing what it takes to Build a Skilled Team and exploring his experience with Talent acquisition, training, and retention in the MSSP space.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Lumma Stealer, an information-stealing malware, has been observed using new evasion techniques to avoid detection.Researchers at CloudSEK have uncovered a trojanized version of the xWorm Remote Access Trojan (RAT) builder that is being secretly distributed among cybercriminals. A recent disclosure by security researcher Zach Latta highlights how the Washington State Department of Transportation (WSDOT) inadvertently exposed sensitive server credentials on its public website.A critical authentication bypass vulnerability (CVE-2024-21762) in Fortinet’s FortiOS has been actively exploited in the wild, allowing attackers to execute arbitrary code or gain unauthorized access to affected systems.

On this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP.Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and E*Trade, as well as public sector organizations including the U.S. Navy and the EPA.Garret began his career as a security programmer at Texas Instruments, IBM, and Tandem Computers, later advancing to key roles at RSA, Netegrity, and Cisco. He is also the founder and creator of SecureAuth IdP, a two-factor authentication and SSO platform. Known for his expertise in security architecture, product development, and leadership, Garret is a thought leader in modern IT architecture, including mobile deployments, cloud, hybrid environments, and advanced authentication technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats. SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C).A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access. Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she’s helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market. You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark

On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light. David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes.David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community.Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada. In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers. SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.

In this engaging discussion, Nick Gipson, founder and CEO of Gipson Cyber, shares his journey from digital forensics at the Department of Defense to launching a subscription-based cybersecurity service for small businesses. He highlights the critical gap in affordable protection for these enterprises and the unique challenges of starting an MSSP. Nick also examines the rising demand for cybersecurity in various industries and shares insights on future innovations like automation and the role of AI in enhancing security measures.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial PipelineOn May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.This episode was written by the talented Nathaniel Nelson.Casey Ellis can be found on LinkedIn here.