The Cybersecurity Defenders Podcast

This episode of the Cybersecurity Defenders podcast is the second part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet.Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.If you have not heard the first episode it is recommended that you do so before listening to this one. You can listen to the first episode here: Stuxnet (Part 1)Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threatmmon have uncovered a targeted PowerShell backdoor malware attack that bypasses normal detection methodology.Researchers have uncovered an attack that is based on a classic sideloading technique with a twist in which a first-stage clean application sideloads a second clean application and auto-executes it.US authorities have announced the seizure of 13 internet domains.The Blackberry Threat Research and Intelligence team has discovered a new campaign from the Sidewinder APT group against Pakistani government organizations.CISA has issued an advisory letting the public know that the FBI has used a court order to take down a Russian government-controlled malware network.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The initial  attack vector of 3CX’s network was via malicious software downloaded from Trading Technologies websiteQuaDream has allegedly fired all of its staff and is shutting down its operations in the coming daysState-sponsored campaigns targeting global infrastructure: looks like obvious targeting to support future destructive attacksA new information-stealing malware called Atomic macOS Stealer (AMOS)Attackers have been observed attempting to disable EDR clients with a new defensive evasion tool we’ve dubbed AuKillA new report put out by the National Cyber Security Centre is meant to help defenders understand selected malware threats in more technical depth, and provide indicators and TTPs to support threat hunting or modeling: View the ReportThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders podcast we have a conversation around the history of security tooling with Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud.Dr. Anton Chuvakin is currently involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. He is also a co-host of Cloud Security Podcast http://www.twitter.com/CloudSecPodcastUntil June 2019, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. At Gartner he covered a broad range of security operations and detection and response topics, and is credited with inventing the term "EDR." He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog securitywarrior.org was one of the most popular in the industry. In addition, Anton taught classes (including his own SANS SEC434 class on log management) and presented at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on the advisory boards of several security start-ups.Before joining Gartner in 2011, Anton was running his own security consulting practice www.securitywarriorconsulting.com, focusing on SIEM, logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Anton earned his Ph.D. degree from Stony Brook University.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

On this episode of the Cybersecurity Defenders podcast we have a focused discussion on ransomware with Paul Ihme, Co-Founder and Managing Principle at Soteria Security Solutions and Advisory.Paul is a cybersecurity professional with experience in federal and private environments. Wide array of expertise in multiple information technology domains, specializing in penetration testing, vulnerability assessments, and security incident response.The blog article, "Ransomware Is Irrelevant (Wait WHAT?!)" written by Adrian Sanabria that is referenced in the podcast can be viewed here. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Over 1 million Wordpress sites have been infected by the Balada Injector malwareNokoyawa ransomware attacks are being seen in the wild exploiting a Windows zero-dayAn emerging Python-based credential harvester and hacktool, named LegionA recently discovered malware family being called “Domino” Care increasingly using the Action1 remote access software for persistence on compromised networksA ransomware group has created encryptors targeting Macs for the first timeAnd a Chrome type confusion issue in the V8 Javascript engineThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Emergency security updates issued by Apple: CVE-2023-28206 & CVE-2023-28205 .Check Point researchers have unveiled a new sophisticated and fast acting ransomware.eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.The CrowdStrike Falcon OverWatch team recently observed threat actors exploit WinRAR self-extracting archives.FBI, Europol and the Dutch Police have disrupted the infamous browser cookie market known as Genesis Market. Microsoft’s Digital Crimes Unit along with a cybersecurity software company Fortra and Health Information Sharing and Analysis Center are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike.And then we dive into OT security with Dave Cullen, Field CTO for OTORIO.As mentioned in the podcast, here is a link to the “So you want to be a SOC Analyst?” by Eric Capuano.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Crowdstrike reports the 3CX supply chain attack.Agents arrested Conor Brian Fitzpatrick on a charge of conspiracy to commit access device fraud.SentinelOne reporting on the CatB ransomware family which is sometimes referred to as CatB99 or Baxtoy.A new everything infostealer on the dark market called Radamanthys.Mandiant has assessed with high confidence they identified a new APT: APT43.And then we deep dive the Capital One data breach discovered on July 19, 2019, with DataDog Cloud Threat Detection Engineer, Day Johnson.As mentioned in the podcast, Day's cybersecurity education-focused YouTube channel can be found here: @daycyberwoxThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel: CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule) CVE-2023-24880: An unpatched security bypass in Microsoft’s SmartScreen security feature.Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.And an interview with Heidi and Bruce Potter, ShmooCon organizers. ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software, and hardware solutions, and open discussions of critical infosec issues.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.