The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. United States, United Kingdom, and CanadaChinese state-sponsored hackersunpatched systems

MSSPs and other security service providers comprise the backbone of the cybersecurity industry. They are the organizations on the front line that keep the world running in the face of ever more sophisticated adversaries. In this special series we are going to be exploring a variety of topics with seasoned experts around the ways they have learned to improve the effectiveness of their organizations. Our guest today is Nick Gipson - the founder and CEO of Gipson Cyber. Nick founded Gipson Cyber in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare. Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up. Nick Gipson, the founder of Gipson Cyber, a company he launched in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare. Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial Pipeline On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state. This episode was written by the talented Nathaniel Nelson. Casey Ellis can be found on LinkedIn here.

On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.' Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.” This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack. The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States. Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware. Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.

Slack channelpackages sourced from PyPI and npm repositoriestwo unnamed telecommunications firmsLinux distribution package repositoriesWindows 7 and Server 2008 R2 up to the latest Windows 11 v24H2 and Server 2022And you can subscribe to Detection Engineering Weekly here.

On this episode of The Cybersecurity Defenders Podcast we explore the reality of modern browser threats with John Tuckner, Founder at Secure Annex. John, the founder of Secure Annex, an innovative platform focused on helping organizations manage and secure browser extensions. With over a decade of experience in cybersecurity and technical program management, they have held key leadership roles at companies like Tines, Cyderes, and Optiv. At Tines, they spearheaded multiple initiatives, including the creation of Tines Labs, the development of a natural language AI workflow tool, and the expansion of the Tines Library of automation workflows. John’s career also includes building customer success engineering teams, driving security automation research, and implementing cutting-edge network and security solutions. They bring a wealth of expertise in creating scalable frameworks, strategic tools, and impactful automation technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Russian courts have sentenced Stanislav Moiseyev, the leader of the Hydra dark web marketplace, to life imprisonment. The U.S. Commerce Department has expanded its export controls, adding nearly 140 Chinese technology companies to its "entity list." This action primarily targets firms involved in the production of computer chips, chipmaking tools, and related software, including Chinese-owned entities operating in Japan, South Korea, and Singapore. Researchers have uncovered new malware strains, RevC2 and Venom Loader, tied to the sophisticated threat actor known as Venom Spider. Recent analyses have identified a critical vulnerability in generative AI systems, termed "flowbreaking" exploits, which can lead to unintended data leaks.

A special episode of The Cybersecurity Defenders Podcast, where we look back at our conversations throughout 2024, and bring together all of the predictions for the future of cybersecurity.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. copying and pasting scripts into their systems.execution to obscure its true purposeincreasing security of Windows systems. “nearest neighbor attack” to exploit Wi-Fi networks remotely."the worst telecom hack in our nation's history."

On today's episode of The Cybersecurity Defenders Podcast we talk about cybercrime cottage industries with Reed McGinley-Stempel, the Co-Founder and CEO of Stytch Stytch is a platform designed to streamline authentication, authorization, and fraud prevention in a way that enhances security while minimizing user friction. Stytch serves both consumer and B2B applications, offering a variety of authentication solutions, including features like Google One-Tap and Biometrics for consumer-facing applications, as well as SSO, Role-Based Access Control, and SCIM integrations for enterprise SaaS. Reed founded Stytch after witnessing the challenges teams face when building secure and user-friendly authentication solutions, a problem he first encountered while working at Plaid. He is also a proud duke alumni and was the recipient of the prestigious Fullbright Scholarship

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. one of Snowflake's prominent clientstheft of confidential information and cryptocurrencyobjectives of the Chinese Communist Party (CCP)enhanced stealth and persistence mechanisms November's Black Friday seasonCVE-2024-0012 and CVE-2024-9474

On this episode of The Cybersecurity Defenders Podcast we speak with Jibby Saetang, Security Researcher with Microsoft GHOST, about his novel path to a career in cybersecurity. With over a decade of experience in watch and jewelry repair, Jibby developed an impressive eye for detail and a knack for solving complex problems. These skills translated seamlessly into the world of cybersecurity, where Jibby found an unexpected yet perfect fit. Driven by a passion for learning, Jibby dove into the KC7 platform, an immersive cybersecurity training resource, which ultimately led to a role at Microsoft—all without taking the traditional certification route. Jibby’s story is a testament to the power of persistence, passion, and non-traditional paths in tech. Now, Jibby is focused on helping others break into cybersecurity by developing new KC7 training modules, aiming to inspire and equip the next generation of problem-solvers.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. MFA is enabledMITRE ATT&CK Techniquesoften lack adequate protectioncompanies, often under disguised identitiesSEO poisoning tacticspopular app Notionacross South and Southeast Asia

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. evasive, sophisticated malwarelong-term presence in systemsactively exploited in the wildcircular economyopen-source community

On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel. My guest today is Joshua Sitta, the co-founder and CTO of Sittadel, a cybersecurity company specializing in 24/7/365 Managed Detection and Response services. With a focus on enterprise-grade EDR solutions, Sittadel provides comprehensive cybersecurity monitoring and incident response. Before founding Sittadel, Joshua served as the Director of Enterprise Security Architecture at SouthState Bank, where he built a robust in-house cybersecurity program that safeguarded billions in assets. He brings a deep expertise in protecting organizations from modern cyber threats.