The Cybersecurity Defenders Podcast

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby’s story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.

Matt Bromley, a cybersecurity expert, dives into the latest threats and tools shaping the landscape. He explains how the MFA Sweep PowerShell script could enhance security by checking for multi-factor authentication. The CVE2CAPEC tool helps map vulnerabilities, aiding researchers in defending against attacks. Bromley discusses the unsettling trend of North Korean IT workers infiltrating Western companies and highlights targeted malware campaigns, like GootLoader targeting Bengal cat lovers, stressing the urgency for user education and collaboration in cybersecurity.

Matt Bromley, a cybersecurity expert, dives into the latest threats and vulnerabilities. He discusses the evolution of Latrodectus malware, noting its sophisticated evasion techniques. The conversation highlights a critical zero-day vulnerability in FortiManager, underlining urgent security implications. Bromley also examines the EU's updated product liability framework, aiming to better protect consumers in the digital age. Lastly, he touches upon the controversial expulsion of Russian maintainers from Linux, raising questions about geopolitics and open source governance.

On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel.My guest today is Joshua Sitta, the co-founder and CTO of Sittadel, a cybersecurity company specializing in 24/7/365 Managed Detection and Response services. With a focus on enterprise-grade EDR solutions, Sittadel provides comprehensive cybersecurity monitoring and incident response. Before founding Sittadel, Joshua served as the Director of Enterprise Security Architecture at SouthState Bank, where he built a robust in-house cybersecurity program that safeguarded billions in assets. He brings a deep expertise in protecting organizations from modern cyber threats.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil’s Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.

On this episode of The Cybersecurity Defenders Podcast we examine how AI is revolutionizing compliance with Dr. Gaurav Banga, CEO of Balbix.Gaurav Banga, the CEO and Founder of Balbix, an AI-powered cybersecurity risk management startup. Gaurav is an accomplished inventor with over 50 patents to his name, and he has a deep background in founding and leading multiple successful tech ventures. His journey into entrepreneurship is unique—it began over a decade ago when he was inspired by a book that eventually led him to leave academia and pursue his passion for deep tech.Gaurav regularly speaks with CISOs, gaining firsthand insights into their biggest challenges as they navigate an increasingly complex cybersecurity landscape. As regulatory scrutiny around security disclosures intensifies, Gaurav offers a unique perspective on how AI can reshape the future of risk management, helping organizations strike the right balance between innovation and security.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK’s decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations. Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.

Rich Heimann, an AI researcher and committed advocate for ethical practices in technology, joins to share his insights on AI in cybersecurity. He discusses the evolution of AI perceptions and the limitations of generative models, like 'hallucinations.' Heimann emphasizes the importance of prompt engineering and collaboration between data science and legal teams. He also covers practical strategies for businesses adopting AI, particularly through existing SaaS models, and highlights the significance of Retrieval Augmented Generation for managing data effectively.

In this discussion, cybersecurity expert Matt Bromley shares his insights on emerging threats. He reveals how the FIN7 group is using AI-driven deepfakes in phishing scams, manipulating victims through familiar applications. The conversation also highlights the dismantling of COLDRIVER's cyber operations by Microsoft's Digital Crimes Unit. Additionally, Bromley discusses Aqua Security's research into stealthy Linux-targeting malware and the implications of a significant data breach at Comcast. The vulnerabilities within Active Directory Certificate Services are examined, stressing the need for proactive security measures.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has been distributing this backdoor since late 2023.The Andariel hacking group, a subgroup of North Korea’s Lazarus Group, has turned its attention to financially motivated attacks against U.S. organizations.Forescout Vedere Labs has uncovered 14 vulnerabilities affecting over 700,000 DrayTek routers, with two critical flaws posing significant security risks.