The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. endpoint detection and response solutionsMITRE's NERVE environmentBreachForumsInformation on MSSN CTRL, the security automation and engineering conference, can be found here.

On this episode of The Cybersecurity Defenders Podcast, we speak with Andrew Katz, Senior Information Security Engineer at Jamf. Andrew is a seasoned security engineer with a sharp focus on security automation. Over the past nine years, Andrew has honed his expertise in Python, API development, AWS, and Docker to craft sophisticated automated security solutions. His journey includes leading the development of SOAR platforms at Jamf, which enhanced distributed alerting systems to help SOC analysts combat alert fatigue. At Tevora, he offered his skills as a consultant, conducting enterprise-level cybersecurity risk assessments. Andrew's earlier roles as a Systems Engineer at Falck and an Information Technologist at GHD laid the groundwork for his profound understanding of IT, which feeds into his current security prowess. A holder of a CISSP and a Bachelor of Science in Geographic Science and Community Planning, Andrew brings a unique blend of technical skill and strategic insight to the field of cybersecurity. The Security Engineering Newsletter can be found here: SecEng Newsletter

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. war against UkraineLockBit ransomware group400,000 Linux serversquantum computing threatsDropbox Sign eSignature service

On this episode of The Cybersecurity Defenders Podcast, we speak with Kane Narraway, Head of Enterprise Security at Canva, about Zero Trust architecture. Kane brings over a decade of experience to the table, specializing in enterprise security, cloud security, and risk management. He's known for his groundbreaking work in building zero trust architectures at some of the world’s largest tech companies, often from scratch during the early days of zero trust when solutions were not readily available. Kane's career is marked by notable achievements, including integrating multi-billion dollar acquisitions and establishing robust security frameworks for regulations like SOC2, PCI-DSS, and HIPAA. He’s not only a director who has scaled technology companies from startup to enterprise level but also a passionate leader who has nurtured diverse teams, promoting autonomy and inclusivity. Outside of his direct work, Kane is dedicated to giving back to the community—whether it’s sharing cybersecurity insights, mentoring at boot camps, or volunteering at conferences. Join us as we gain insights from his extensive experience and innovative approaches to tackling some of the most complex challenges in cybersecurity today. Kane's blog can be found here.

On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report. The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted​​. The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures​. You can download the full report here.

In this episode of The Cybersecurity Defenders Podcast, we take a close look at the intersection of CTI & Detection Engineering with Wade Wells, Lead Cybersecurity Threat Detection Engineer. Wade Wells, a seasoned cyber security expert whose passion for technology was sparked at an early age. Growing up with a computer built from parts his dad found dumpster diving, Wade learned how to navigate MS-DOS before he could even spell 'windows'. His lifelong fascination with technology and rule-bending led him naturally into the world of cybersecurity. Today, Wade hunts for evil within networks, reveling in the continuous pursuit of knowledge and the thrill of uncovering deeper insights. Join us as we dive into his journey, explore the challenges of threat hunting, and discuss how his work contributes to a greater cause in cybersecurity. Sublime Security: Email security that's not a black box Salem Cyber: Find the alerts that actually matter Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities Psychology of Intelligence Analysis And the TV show Devs.

On this episode of The Cybersecurity Defenders Podcast we take a closer look at the RSA Conference: past, present and future. The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia, and the United Arab Emirates each year. The conference also hosts educational, professional networking, and awards programs.

On this episode of The Cyebrsecurity Defenders Podcast, we talk platformization and the SecOps Cloud Platform with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie. In a world where digital transformation has become the norm, cybersecurity professionals face unprecedented challenges. The traditional approach of managing dozens of disparate point solutions and siloed security tools, while attempting to control costs, is no longer sufficient. It's time to embrace a new era of cybersecurity in the SecOps Cloud Platform – one that treats cybersecurity as a set of capabilities much like how cloud providers did for IT. We challenge you to question the status quo and to open your mind a new way of thinking about security operations. You can get started for free at limacharlie.io

Slack channelunmanned aerial vehiclesCerber ransomwareweb application authentication interfacespreviously unknown actorNERVE

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Open Source Intelligence with Mishaal Khan, Cybersecurity Practice Lead at Mindsight. Misshal is a jack of all trades and master of some! With a profound knack for thinking like the bad guys, Misshal harnesses his extensive knowledge—from the nitty-gritty of bits and bytes to intricate business processes. As a techie, Ethical Hacker, OSINT enthusiast, and Social Engineer, he leverages his diverse skillset to help organizations fortify their defenses and tackle real-world security challenges. You can find out more about his book, The Phantom CISO, on his website, here. And you can learn more about Operation Privacy here.

In this episode of The Cybersecurity Defenders Podcast, we discuss the GRU-backed cyber unit Sandworm which was recently promoted to APT44 by Mandiant. Sandworm is a notorious hacking group, believed to be linked to Russia's military intelligence agency, the GRU. Known for its destructive cyberattacks, Sandworm has targeted various sectors worldwide, including energy, media, and election systems. Their activities are marked by the use of sophisticated malware and tactics that not only seek to steal information but also to disrupt critical infrastructure. The group gained international prominence with attacks like NotPetya in 2017, which caused billions of dollars in damage across multiple countries, emphasizing their capability to impact global cyber stability. The name "Sandworm" is inspired by the monstrous creatures from Frank Herbert's science fiction novel "Dune," reflecting the group's elusive and destructive nature. Over the years, Sandworm's operations have evolved, showcasing their adaptability and the increasing complexity of their attacks. This evolution highlights the growing challenges in cybersecurity, making the understanding of such threat actors crucial for developing robust defense strategies against state-sponsored cyber warfare. YouTube video showing Sandworm attacking a Ukrainian power plant here. Episode #56 - When the lights went out in Ukraine (Part 1) Episode #74 - When the lights went out in Ukraine (Part 2) Episode #16 - NotPetya

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. FakeBat Threat Actorsshared with the companycyberattack at Microsoft.security monitoring customers

In this episode of The Cybersecurity Defenders Podcast, we take a close look at Digital Forensics with Carlos Cajigas, CTO of Covert Bit. Carlos is a seasoned Incident Response professional hailing from San Juan, Puerto Rico. Carlos's journey in the field began after dedicating over a decade to law enforcement, specializing as a Digital Forensics Detective and Examiner in West Palm Beach, Florida. His extensive experience spans conducting detailed examinations on numerous digital devices, backed by hundreds of hours in specialized training from reputable institutions like EnCase, NW3C, Access Data, and SANS, to name a few. Carlos is not just an expert in the field; he's also a dedicated educator, holding instructor roles with both the Florida Department of Law Enforcement and SANS, where he teaches courses on Windows Forensic Analysis and Advanced Incident Response. With a solid academic foundation, Carlos brings a wealth of knowledge and insight into today's digital forensics and incident response landscape. You can find Carlos on Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. On March 29, 2024 defenders became aware that a backdoor was intentionally planted inside of XZ Utils an open source data compression utility available on many installations of Linux and other Unix-like operating systems. The threat actors behind this implant likely spent years on this operation and were very close to getting the backdoor merged into Debian and Redhat before it was discovered. The original disclosure email can be found here. A technical break down of the compromise can be found here. A Wired article covering the compromise in-depth can be found here.

In this episode of The Cybersecurity Defenders Podcast we have an in-depth talk about the cyber threat from China, with Adam Kozy and Daniel Velasquez. Daniel started his career as a defender in the United States Marine Corps as an intelligence analyst where he served in Afghanistan - from there he went on to work with the Defense Intelligence Agency, Joint Special Operations Command and the CIA. After his service, he was a director at Mandiant and is now the Executive Vice President of OP[4] - a company providing security for critical devices and embedded systems. Adam began his career as an intelligence analyst working with the Federal Bureau of Investigation where he provided all-source analysis of Asia-Pacifc related cybersecurity issues. After the FBI, Adam was the principal intelligence analyst for the Asia cyber team at CrowdStrike. Currently, he is the founder of SinaCyber which is a boutique consulting firm combining native Chinese language research and cyber intelligence expertise to create bespoke reports for government officials, technology firms, and financial institutions under threat from China's rampant cyber espionage campaigns. The history of China and its people goes back to ancient times. It is a rich and beautiful culture that has given much to the world in the form of art, ideas and technology. When we talk about China or the Chinese in this podcast episode we are specifically talking about the Chinese Communist Party - or CCP - which are a group of elites offering an increasingly authoritarian world view and alternative model to Western ideals of democracy and freedom. The Chinese people themselves are not your enemy. Current laws in China make it easy for the CCP to co-opt its citizenry for use in intelligence operations, wittingly and unwittingly. Unnecessarily making this into a racial divide alienates the folks that can help us the most in the coming years and provides more ammunition for Beijing. It was an incredible honor to speak with these two, and I hope you enjoy this conversation full of valuable information. Adam's testimony before the U.S.-China Economic and Security Review Commission Hearing on, “China’s Cyber Capabilities: Warfare, Espionage, and Implications for the United States” here. The Mandiant report on APT1 can be found here.

In this episode of The Cybersecurity Defenders Podcast we speak with Salvador Mendoza, Director of Research and Development at Metabase Q, about the tokenization of payment systems. Salvador is a prominent figure in the cybersecurity industry and holds the position of Director of Research and Development at Metabase Q. He is also an integral member of the Ocelot Offensive Security Team. His area of expertise lies in the intricate world of the tokenization process, payment systems, and the development of embedded prototypes. With a commendable history of presenting at high-profile security conferences including Black Hat, DEF CON, Hack in the Box, and Troopers, Salvador brings a wealth of knowledge and insight to our discussion. Furthermore, he is the author of the insightful book, "Show me the e-money. Hacking digital payment systems: NFC, RFID, MST and EMV Chips," where he delves into the vulnerabilities and security measures of digital payment technologies. You can find his book for purchase here. And you can find the PCI spec here. You can follow Salvaador on Twitter/X here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. across the EU and U.Snew operational focuswidely used cryptographic operationsaffiliates of threat group APT31

In this episode of The Cybersecurity Defenders Podcast we speak with Grace Chi, CoFounder & COO of Pulsedive Cyber Threat Intelligence about a report she published on cyber threat intelligence networking. Cyber Threat Intelligence (CTI) is an evolving field, with an industry-wide consensus that teams cannot effectively operate in an intelligence silo. This sentiment is shared across all stakeholder segments – public, private, vendor, and academic. In support of improved CTI sharing, stakeholders have invested in efforts around cross-boundary collaboration, technical standardization, managing trust, and reporting best practices. However, understanding the time and effort spent in CTI networking (i.e. connecting human-to-human for improved business outcomes) is often overlooked. The report can be found here: Sharing, Compared: A Study on the Changing Landscape of CTI Networking The Op Ed mentioned in the show: Op-Ed: How tro Make STIX Stickie And the subreddit mention on the show (possibly NSFW): LinkedIn Lunatics Pulsedive can be found on Twitter here. Grace can be found on LinkedIn here.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Threat actors have been actively targeting vulnerable Connect Secure VPN appliances after the disclosure of CVE-2023-46805 and CVE-2023-21887. Threat researchers recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code. In the last week of January 2024, a patch was released to address a directory traversal vulnerability in the package that allows unauthenticated, remote attackers to access sensitive information from arbitrary files on the server if exploited. On March 8th, Microsoft said that it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Bring Your Own Vulnerable DriverQEMU hardware emulator and virtualizercompromised organizationIvanti products