Look for any podcast host, guest or anyone
Showing episodes and shows of

LimaCharlie

Shows

The Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#236 - Defender Fridays: Explore the Challenges of Securing AI Adoption with Jeremy Snyder, Founder and CEO of FireTail.aiMaxime Lamothe-Brassard, Founder and CEO of LimaCharlie, and Jeremy Snyder, Founder and CEO of FireTail.ai, sat down with the Defender Fridays community to discuss the hurdles of maintaining secure processes while adding AI to your workflow.Jeremy is the founder and CEO of FireTail.ai. Jeremy was an IT and cybersecurity practitioner for over 10 years before transitioning into product and sales roles in cloud security and cyber. Jeremy once went three days without seeing another human, but saw lots of reindeer. Another time, Jeremy was kicked off a train in central Sweden. Find out more at...2025-08-0830 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#235 - Intel Chat: SharePoint, SaaS shift, PaperCut NG/MF, Tridium’s Niagara Framework & Oil Industry AttacksIn this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.More than 90 state and local government organizations have been targeted in a recent wave of cyberattacks exploiting a vulnerability in Microsoft SharePoint, according to the Center for Internet Security (CIS).Traditional cyber attack methodologies - exploiting endpoints, moving laterally, escalating privileges - are increasingly outdated as enterprise IT shifts toward SaaS and browser-based access.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533 - a high-severity Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print...2025-08-0739 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#179 - Hacker Holidays: Operation FlyhookIn this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io2024-12-2718 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#166 - Intel Chat: Microsoft logs, USDoD, SolarWinds WHD, & CISA KEVIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil’s Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CI...2024-10-2429 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#164 - Intel Chat: Wazuh, .io, AI, Discord, Palo Alto & GoldenJackalIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A recent malware campaign has been discovered that exploits the open-source Wazuh SIEM agent to deliver a cryptomining payload. There is uncertainty surrounding the .io domain following the UK’s decision to return the Chagos Islands, including the British Indian Ocean Territory, to Mauritius.The October 2024 report, "Influence and Cyber Operations," explores how AI is being leveraged by both state and non-state actors in cyber campaigns. Key findings show that AI tools are increasingly being used to enhance tr...2024-10-2140 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#162 - Intel Chat: FIN7, COLDRIVER, perfectly, Comcast & EKUwuIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware. Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a rang...2024-10-1029 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#161 - Intel Chat: MSSN CTRL, CRI summit, Shadow AI, More_Eggs, Andariel hacking group & DrayTek routersIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The White House recently hosted the International Counter Ransomware Initiative (CRI) summit, bringing together representatives from 68 countries to address the growing global threat of ransomware.The rise of "Shadow AI," which refers to the unauthorized use of AI tools by employees without the oversight of IT departments, poses significant risks for organizations. A new wave of attacks leveraging the More_Eggs backdoor malware has been specifically targeting recruiters. TA4557, a financially motivated group linked to North Korea, has...2024-10-0840 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#159 - Intel Chat: Sequoia disruption, Github, Supershell, DPRK & Telegram arrestIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Apple’s release of macOS 15, or Sequoia, has caused significant disruptions for several security tools and software vendors, including CrowdStrike, SentinelOne, Microsoft, and others.Attackers are exploiting GitHub notifications for phishing by sending legitimate-looking alerts with malicious URLs.Truffle Security's research exposes a significant issue in GitHub’s handling of deleted and private repository data via Cross Fork Object Reference (CFOR).AhnLab’s report details Supershell, a malware targeting Linux SSH servers via brute-force attacks.Since 2022, Mandiant has tracke...2024-09-3038 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#156 - Intel Chat: Fortibitch, Hadooken, Void Banshee & CloudImposerIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Fortinet responded by confirming that the breach involved unauthorized access to files on a third-party cloud-based shared drive, affecting a small portion of customer data.Hackers are targeting Oracle WebLogic servers with a new Linux malware named "Hadooken," which is designed to deploy a cryptominer and facilitate distributed denial-of-service (DDoS) attacks. Microsoft has reclassified a previously patched bug, CVE-2024-43461, as a zero-day vulnerability actively exploited by the "Void Banshee" threat group.Security researchers from Tenable revealed a...2024-09-2032 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#154 - Intel Chat: Specula, Chromium, Mustang Panda & Service for AmericaIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Specula C2 framework represents a sophisticated attack method that transforms Microsoft Outlook into a command-and-control system by exploiting its Home Page feature. Attackers exploit browser notifications in Chromium-based browsers by tricking users through CAPTCHA-like prompts to enable notifications.The Biden administration has launched an initiative aimed at addressing the growing cybersecurity talent shortage, which has reached critical levels. Mustang Panda, a Chinese state-backed cyber-espionage group, has adapted its tactics by launching a USB-based attack campaign that leverages...2024-09-1228 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#153 - Unpacking the hacker mindset with Ken Westin, Senior Solutions Engineer at LimaCharlieOn this episode of The Cybersecurity Defenders Podcast, we unpack the hacker mindset with Ken Westin, Senior Solutions Engineer at LimaCharlie.Ken is a seasoned thought leader in cybersecurity who has spent years analyzing and understanding the intricacies of cyber threats and the methods behind them. Ken has a unique ability to identify emerging trends in the industry and for figuring out how businesses can protect themselves before they fall victim to attacks. Previous to his current role, Ken was the Field CISO at Panther, where he developed workshops and delivered them around the world...2024-09-1035 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#152 - Intel Chat: sedexp, Volt Typhoon, Citrine Sleet, Clearview AI & RansomHub?In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.The Black Lotus Labs team at Lumen Technologies have uncovered a group of hackers linked to the Chinese government which have exploited a previously unknown software vulnerability to target U.S. internet service providers.Earlier in August, a North Korean hacking group exploited a previously unknown bug in Chrome-based browsers, aiming to steal...2024-09-0537 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#150 - Intel Chat: Azure MFA, 2.9b records leaked, CVE 9.8 & ransomware recordIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Starting in October, all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts.Documents from a lawsuit revealed that over 2.9 billion records are vulnerable after a massive hack of the Florida-based National Public Data network.Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote Code Execution - or RCE - vulnerability within the Windows TCP/IP stack. Ransomware victims have...2024-08-2337 minPerpetual Motion® PodcastPerpetual Motion® PodcastLimaCharlie: Cybersecurity – Loud and ClearIn this episode, Michael Glenn and Colin Fowler speak with Maxime Lamothe-Brassard of LimaCharlie about cybersecurity as a buildable cloud service. Maxime discusses a thoughtful approach to product development that puts cloud service structure into context in terms of both market forces and the historical development of cybersecurity products.“But the fundamental truth behind it is, all of this is just stuff made up by humans to make a system work. And if you read about it and you go and you try to understand it, you can step through it and you can do it.” - Maxime Lamoth...2024-08-1553 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#148 - Intel Chat: Hacker Summer Camp, N. Korea, Dispossessor, Proofpoint & SinkcloseIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A heated dispute at DEF CON over the custom electronic badges this year turned physical, leading to an altercation between two attendees.The U.S. Department of Justice has charged Matthew Isaac Knoot, a 38-year-old Nashville resident, with multiple crimes for aiding North Korean IT workers in securing jobs with U.S. and U.K. companies.The FBI has dismantled the infrastructure of the Dispossessor ransomware group, also known as Radar, which had rapidly gained prominence since its...2024-08-1428 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#146 - Intel Chat: GhostEmperor, .top, PlugX & MicrosoftIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The Chinese hacker group GhostEmperor has re-emerged after a two-year hiatus, displaying new advanced capabilities and sophisticated evasion techniques. The Chinese company, Jiangsu Bangning Science & Technology Co., in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. Following a report by the cybersecurity firm Sekoia.io, the Paris Publ...2024-07-3131 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#143 - Intel Chat: Blast-RADIUS, Chrome, AT&T, Kaspersky & CrowdstrikeIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Blast-RADIUS is a vulnerability in the RADIUS protocol that allows a man-in-the-middle attacker to forge valid protocol accept messages in response to failed authentication requests.The blog post on Syntax-Err0r details a technique for silently installing a Chrome extension to maintain persistence, bypassing typical detection methods.American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network...2024-07-2439 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#140 - Intel Chat: 10bn Pwds, Eldorado RaaS, 840Mpps DDoS, regreSSHion & $1.4bn in stolen cryptoIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Likely the biggest password leak ever: nearly 10 billion credentials exposed.Eldorado is a newly discovered ransomware-as-a-service operation targeting both Windows and Linux systems. OVHcloud has reported mitigating a record-breaking distributed denial-of-service attack that peaked at 840 million packets per second.Cisco has issued a warning about a critical remote code execution vulnerability named "regreSSHion," tracked as CVE-2024-6387, affecting OpenSSH on glibc-based Linux systems. In the first half of 2024, cryptocurrency thefts amounted to $1.4 billion, significantly driven by rising crypto...2024-07-1027 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#139 - Intel Chat: MOVEit, P2PInfect, polyfill.io & TeamViewerIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A high-severity security vulnerability in Progress Software's MOVEit Transfer software could allow cyberattackers to get around the platform's authentication mechanisms — and it's been spotted being actively exploited in the wild just hours after it was made public.A new version of the P2P worm, P2PInfect, that targets Redis servers running on both Linux and Windows systems, which is aimed at deploying both ransomware and cryptocurrency mining payloads, is out in the wild.The polyfill.io domain, us...2024-07-0425 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#135 - Intel Chat: Sigma, Scattered Spider, Microsoft, Empire Market & UNC3886In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SigmaHQ has introduced Sigma Correlations to enhance its rule-based detection capabilities, allowing for more sophisticated event correlation across multiple Sigma rules.Tyler Buchanan, a 22-year-old from the UK and alleged leader of the Scattered Spider hacking group, was arrested in Spain.Microsoft has issued an urgent update for all supported versions of Windows to address a critical Wi-Fi vulnerability, CVE-2024-30078.Three individuals— Yousef Selassie, Ugochukwu Emmanuel Nwosu, and David Gil—have been charged with operating Empire Market, a da...2024-06-2136 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#133 - Intel Chat: Snowflake, Operation Endgame, Android spoof & Operation Crimson PalaceIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Mandiant has linked a series of data breaches affecting hundreds of Snowflake instances to the use of infostealer malware, primarily targeting non-Snowflake systems to harvest credentials.Authorities have ramped up something they are calling Operation Endgame which is an effort to capture a fellow that goes by the handle "Odd," the alleged mastermind behind the Emotet botnet.McAfee has identified a fake Bahrain government Android app masquerading as the Labour Market Regulatory Authority app, and is designed to...2024-06-1325 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#129 - Intel Chat: MSSN CTRL, GhostEngine, MITRE & BreachForumsIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Researchers have identified a new malware, called"GhostEngine," which targets vulnerable drivers to disable endpoint detection and response solutions. MITRE has released some more details on how Chinese state-sponsored hackers recently exploited VMware systems within MITRE's NERVE environment for persistence and evasion.The FBI has once again seized control of BreachForums, a notorious site known for trading stolen data, marking the second such action within a year.Information on MSSN CTRL, the security automation and engineering conference...2024-05-3022 minCyberBytes: The PodcastCyberBytes: The PodcastCyberBytes: RSA 2024 Edition: LimaCharlie with Maxime Lamothe-BrassardIt’s not too often that a Cybersecurity vendor comes along with a truly new offering. LimaCharlie is the first Cloud provider for Cybersecurity, and the first vendor I’ve ever seen raffle off a power tool set on the conference floor! CEO & Founder, Maxime Lamothe-Brassard joins me on CyberBytes: The Podcast RSA 2024 Edition and walks us through…His incredible early career with the Canadian equivalent to the NSA, building the early CrowdStrike product and Moonshot/Google X  The growing desire to start his own company that led to founding LimaCharlie The challenge and education that comes with...2024-05-2714 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#127 - Intel Chat: Alabuga Leaks, LockBit, EBury, E2EE & DropboxIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Some of the findings that were revealed by this leak about the inner workings of the Russian company Albatross and its Albatross-M5 UAVs, now being used in the war against Ukraine. The U.S. Department of Justice has charged Dmitry Yuryevich Khoroshev, a 31-year-old Russian national, as the leader of the LockBit ransomware group.ESET reveals the persistent threat posed by the Ebury malware, which has compromised approximately 400,000 Linux servers since 2009, which was initially documented in 2014.Zoom has...2024-05-2426 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#122 - Platformization in cybersecurity with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlieOn this episode of The Cyebrsecurity Defenders Podcast, we talk platformization and the SecOps Cloud Platform with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie.In a world where digital transformation has become the norm, cybersecurity professionals face unprecedented challenges. The traditional approach of managing dozens of disparate point solutions and siloed security tools, while attempting to control costs, is no longer sufficient.It's time to embrace a new era of cybersecurity in the SecOps Cloud Platform – one that treats cybersecurity as a set of capabilities much like how cloud providers did for IT. We challenge you to...2024-05-0622 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#121 - Intel Chat: Albatross leak, Cerber ransomware, UAT4356 & MITRE compromisedIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ukrainian hackers claim to have breached the Russian drone developer Albatross, leaking 100 gigabytes of data, including internal documentation, technical data and drawings of various types of unmanned aerial vehicles.A critical vulnerability in Atlassian Confluence Data Center and Server was used to deploy a Linux variant of Cerber ransomware.Cisco Talos are actively monitoring a global increase in brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services since at least March 18, 2024. An...2024-05-0128 minMidstage Startup MomentumMidstage Startup Momentum#087 LimaCharlie Founder and CEO Maxime Lamothe-Brassard: Learn it the Hard WayCybersecurity is one of the biggest markets emerging in the tech industry right now. There are several big players, yet there is plenty of room for startups that are being innovative and taking a different approach. LimaCharlie is the latter, creating a SecOps cloud platform that aims to bring together a variety of cybersecurity capabilities in a single platform. In other words, it’s a more simplified approach to cybersecurity in the modern era.  Naturally, by taking a different approach to things, LimaCharlie ran into some unique challenges during its startup journey. Founder & CEO Max...2024-04-1923 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#118 - Intel Chat: FakeBat, Sisense, APT29 & CVE of 10In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.eSentire's Threat Response Unit has observed FakeBat loader being distributed via FakeUpdates, ultimately leading to a LummaC2 infection via a custom-written PaykRunPE provided by the FakeBat Threat Actors.CISA is investigating a breach at business intelligence company Sisense and urged all Sisense customers to reset any credentials and secrets that may have been shared with the company.CISA has confirmed that Russian government-backed hackers stole emails from several U.S. federal agencies as a result of an ongoing...2024-04-1839 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#116 - Intel Chat: XZ UtilsIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.On March 29, 2024 defenders became aware that a backdoor was intentionally planted inside of XZ Utils an open source data compression utility available on many installations of Linux and other Unix-like operating systems. The threat actors behind this implant likely spent years on this operation and were very close to getting the backdoor merged into Debian and Redhat before it was discovered.The original disclosure email can be found here.A technical break down...2024-04-0440 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#113 - Intel Chat: StrelaStealer, APT29, Apple's M-series & APT31In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Unit 42 have recently identified a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and U.S.Researchers at Mandiant on Friday raised an alarm after discovering Russia’s APT29 hacking group targeting political parties in Germany, indicating a possible new operational focus beyond typical attacks on diplomatic figures.The newly discovered vulnerability baked into Apple’s M-series of chips that allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations.The...2024-03-2745 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#111 - Intel Chat: Magnet Goblin, StopCrypt ransomware, aiohttp & Midnight BlizzardIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threat actors have been actively targeting vulnerable Connect Secure VPN appliances after the disclosure of CVE-2023-46805 and CVE-2023-21887.Threat researchers recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code.In the last week of January 2024, a patch was released to address a directory traversal vulnerability in the package that allows unauthenticated...2024-03-2032 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#110 - Intel Chat: Lazarus Group, tunnelling with QEMU, ScreenConnect & CISA breachIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.North Korean threat actors known as the Lazarus Group exploited a zero-day in the Windows AppLocker driver to gain kernel-level access and turn off security tools, allowing them to bypass noisy Bring Your Own Vulnerable Driver techniques.Researchers observed threat actors run the Angry IP Scanner, followed by some Mimikatz functions, and then the kicker, the open-source QEMU hardware emulator and virtualizer.Threat actors have been observed installing RMM tools as a means of maintaining persistence within a...2024-03-1534 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#109 - Hacker History: The MOVEit cyberattackIn this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of John Hammond, Principal Security Researcher at Huntress, tell the story of the MOVEit cyberattack: the biggest data theft of 2023.The MOVEit cyberbreach, was a far-reaching cyber attack that unfolded with significant implications worldwide. The breach initially came to light on June 3, when the Government of Nova Scotia disclosed that approximately 100,000 of its current and former employees had been affected, signaling the severity of the breach's impact.The scope of the breach widened on June 5, as it became...2024-03-1319 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#108 - Intel Chat: Nood RAT, GTPDOOR, Pikabot, Bifrost & the Executive Order on Preventing Access to AmericansIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.AhnLab Security Intelligence Center published an article exploring Nood RAT. Nood RAT is a variant of Gh0st RAT that works in Linux.GTPDOOR is the name of Linux-based malware that is intended to be deployed on systems in telco networks adjacent to the GRPS eXchange Network with the novel feature of communicating C2 traffic over GTP-C Control Plane signaling messages.Researchers reporting on Pikabot evasion techniques for Endpoint Detection and Response systems by employing an advanced technique...2024-03-0838 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#106 - Intel Chat: LockBit, TicTacToe Dropper, Google Cloud Run & I-SoonIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Law enforcement from 10 countries - in a joint operation called ‘Operation Cronos’ - have disrupted the criminal operation of the LockBit ransomware group.FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads through 2023 they are calling the TicTacToe dropper.Cisco Talos researchers have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. A massive leak from a Chinese Ministry of P...2024-02-2928 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#104 - Intel Chat: Pikabot, OpenAI boots APTs, GRU Military Unit 26165 & the Akira ransomware groupIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.ZScaler ThreatLabz are reporting on some recent campaigns, which started in February 2024, where they observed Pikabot reemerging with significant changes in its code base and structure.OpenAi is claiming that they have terminated accounts associated with state-affiliated threat actors.A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that were used to commit crimes by the GRU Military Unit 26165.SecurityWeek is reporting on the fine folks at CISA who are...2024-02-2338 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#103 - A better way forward for cybersecurity with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlieIn this episode of The Cybersecurity Defenders Podcast, we delve into an innovative, engineering-centered perspective on cybersecurity with Maxime Lamothe-Brassard, the Founder & CEO of LimaCharlie.As part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from development of cyber defence technologies, Counter Computer Network Exploitation, and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defence and worked for Crowdstrike, Go...2024-02-2153 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#102 - Intel Chat: toothbrush DDOS, TPM-based encryption bypass & HijackLoaderIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The spectacular headline announcing a DDOS attack that involved 3-million electric toothbrushes.A hardware attack to bypass TPM-based encryption which is used on most Microsoft Windows devices.CrowdStrike researchers have identified a HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.2024-02-1633 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#98 - Intel Chat: Midnight Blizzard, GKE vulnerability, NetSupport RAT & Cactus ransomwareIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft updated the public on their findings - apparently, the threat actors were able to gain persistent access to the privileged email accounts by abusing the OAuth authorization protocol.Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine that could be potentially exploited by threat actors to take control of a Kubernetes cluster.A new campaign is using phishing emails to distribute malware and legitimate services to bypass email protection systems to install NetSupport RAT.On January 20...2024-02-0136 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#96 - Intel Chat: iOS malware detection, credentials leaked, ColdRiver, & Midnight BlizzardIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SecureList researchers from Kaspersky have come up with a lightweight method to detect iOS malware.Nearly 71 million unique credentials that were leaked from websites such as Facebook, Roblox, eBay, Yahoo, and Coinbase have been circulating on the Internet.Russian threat group COLDRIVER has expanded its targeting of Western officials to include the use of malware.The Microsoft security team is reporting that it detected a nation-state attack on its corporate systems on January 12, 2024. 2024-01-2530 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#94 - Intel Chat: Bandook, NoaBot, mandating 2FA & POST SMTPIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A new Bandook variant has been distributed via a PDF since this past October.Akami researchers have uncovered a new crypto-mining campaign that has been active since the start of 2023. The Centres for Medicare and Medicaid Services will reportedly set out the proposed requirements that include two-factor authentication and maintaining a vulnerability-fixing program.Two vulnerabilities were uncovered that impact the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites.2024-01-1937 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#91 - Intel Chat: ALPHV, DanaBot?, Operation Triangulation, npm everything, & Sandworm?In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.An international group of law enforcement agencies has seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat.IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections with a possible connection to DanaBot.Kaspersky published some new research in which they have identified a vulnerability in Apple System on a chip - or SOC - that has played a critical role in the attacks they saw in Operation Triangulation...2024-01-1032 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders PodcastPodcast trailer for 2024Welcome to the Cybersecurity Defenders Podcast. My name is Christopher Luft, one of the founders of LimaCharlie and I am your host.This podcast is set up as a series of segments in and around cybersecurity - with a focus on the defensive side.Tune in for weekly intelligence reports and discussions, as well as deep-dives into major incidents like the MGM ransomware attack or the recent Okta breach with expert guests who can break down the events.I also get the privilege of interviewing many information security experts to share their unique stories. Hear from...2024-01-0201 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#86 - Intel Chat: pfSense vulnerability, Gootloader, OilRig & the KV-botnetIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sonar Source are reporting on a few vulnerabilities they have found in pfSense.eSentire’s Threat Response Unit launched a multi-pronged offensive against the Gootloader Initial Access-as-a-Service Operation. ESET researchers documented a series of new OilRig downloaders, all relying on legitimate cloud service providers for command and control communications.The Black Lotus Labs team at Lumen Technologies is tracking a small or home office router botnet that forms a covert data transfer network for advanced threat actors. Yo...2023-12-2130 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#84 - Intel Chat: Push notification surveillance, a RAT, a critical Bluetooth flaw & 5GhoulIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Unidentified governments are surveilling smartphone users via their apps' push notifications, as reported by a US senator on December 6th.Cyber.wtf reporting on an interesting piece of malware that turned out to be a RAT written in C#.Israel’s critical infrastructure is under threat from an Iranian proxy hacking group operating out of Lebanon.Hacker News is reporting on a critical Bluetooth security flaw that could be exploited by threat actors to take control of Android, Li...2023-12-1428 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#83 - Intel Chat: Atomic Stealer, Okta breach grows, CrushFTP & Danabot opens the door for Cactus ransomwareIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MalwareBytes is reporting on Atomic Stealer, a popular information stealer for MacOS.Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system.Huntress is reporting that threat actors of varying types continue to target managed file transfer applications for exploitation. Microsoft has detected Danabot infections leading to hands-on-keyboard activity by ransomware operator Twisted Spider, culminating in the deployment of Cactus ransomware.2023-12-0830 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#81 - Intel Chat: DarkCasino, Agent Tesla, DarkGate, DiamonSleet & ChimeraIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.NSFOCUS Research Labs about how the DarkCasino APT group has leveraged a recently disclosed WinRAR zero-day vulnerability.G DATA CyberDefense is reporting on a threat actor using the ZPAQ archive and .wav file extension to infect systems with Agent Tesla.A technical analysis of DarkGate Malware-as-a-Service which is widely available on various cybercrime forums by the RastaFarEye persona.The Micrososft Threat Intelligence team has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet involving...2023-11-3038 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#79 - Intel Chat: SystemBC, Ddostf DDOS bot, ALPHV files with the SEC, & LummaC2 v4.0In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A look at a versatile piece of malware that gets categorised as proxy malware, a bot, a backdoor, and even as a RAT, known as SystemBC.The AhnLab Security Emergency response Center’s analysis team has published an article outlining their recent discovery that the Ddostf DDoS bot is being installed on vulnerable MySQL servers.The notorious ALPHV ransomware group has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against on...2023-11-2324 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#77 - Intel Chat: Okta again, MuddyWater, Google Calendar Rat & BiBi-Windows WiperIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Arstechnica is reporting that identity and authentication management provider Okta has been hit by another breach.Deep Instinct’s Threat Research team has identified a new campaign from the “MuddyWater” group. Google is warning of multiple threat actors sharing a public proof-of-concept exploit that leverages its Calendar service to host command-and-control infrastructure.BlackBerry Research and Intelligence Team has found a wiper variant that targets Windows systems being deployed by hacktivists in support of Hamas.2023-11-1629 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#74 - Hacker History: When the Lights Went Out in Ukraine (Part 2)On this episode of The Cybersecurity Defenders Podcast, we share the second part of 'When the Lights Went Out in Ukraine.'If you haven’t already, I recommend going back now and listening to “When the Lights Went Out in Ukraine, Part 1.”Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belar...2023-10-3022 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#73 - Intel Chat: macOS malware, BlackCat's Munchkin, Cisco zero-day, the Phantom Hacker, & a WinRAR vuln.In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Sentinel One talking about emerging trends and evolving techniques for macOS malware in 2023BlackCat operators recently announced new updates to their tooling, including a utility called MunchkinOn October 16, Cisco released an advisory regarding a critical zero-day privilege escalation vulnerability in their IOS XE Web UI software.WithSecure Labs is reporting that Vietnamese cybercrime groups are using multiple different Malware as a Service infostealers and Remote Access Trojans to target the digital marketing sector.The FBI in Phoenix is...2023-10-2524 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#71 - Intel Chat: BlackTech, Lazarus, CL0P, Python supply chain, Android malware & libcue 0-dayIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A joint advisory that was published by the NSA, the FBI and CISA, along with, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity.ESET researchers have uncovered a Lazarus attack against an aerospace company in Spain.Unit 42 at Palo Alto are reporting that the CL0P ransomware group recently began using torrents to distribute victim data after a rather notorious campaign stealing data from thousands of companies.Checkmarx is...2023-10-1837 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#69 - The SecOps Cloud Platform for Managed Security Service ProvidersOn this episode of the Cybersecurity Defenders Podcast, a hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for Managed Security Service Providers.The panel is moderated by LimaCharlie Co-founder, Christopher Luft. The panel participants are:Co-founder at Soteria, Paul IhmeCo-founder/CTO at Horangi Security, Lee SultWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent...2023-10-1029 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#68 - Intel Chat: Bumbebee, LockBit Gang, LUC-3, HTTPSnoop, DeadGlyph & Stately Taurus + Alloy Taurus + GelsemiumIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Intel471 are reporting on a campaign utilizing Bumblebee, a type of a loader that has increasingly been used by threat actors affiliated with ransomware.ESentire are reporting on several attacks conducted by the Russia-linked LockBit Gang.Permiso reporting on LUC-3 who overlaps with Scattered Spider.Cisco Talos has discovered a new malware family they have dubbed HTTPSnoop being deployed against telecommunication providers in the Middle East.  WeLiveSecurity have stumbled upon a previously unknown backdoor being deployed in the Mi...2023-09-2847 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#65 - Intel Chat: DB#JAMMER, Chae$ malware, W3LL, APT34 deploy Side Twist Trojan and government-backed actors in North Korea target security researchers.In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Securonix Threat Labs are reporting that threat actors working as part of the DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks. AhnLab’s Security Emergency Response Center are reporting on threat actors using phishing emails to distribute some fileless malware.The researchers over at Group-IB have uncovered a covert business email compromise phishing campaign targeting Microsoft 365.NSFOCUS Security Labs captured a new APT34 phishing attack against enterprise targets that released a variant of the...2023-09-1437 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#63 - The SecOps Cloud Platform for ecosystem buildersA hosted panel discussion with industry leaders to explore what advantages the SecOps Cloud Platform confers for ecosystem builders.The panel is moderated by LimaCharlie's Head of Product, Matt Bromiley. The panel participants are:Senior Security Researcher at Thinkst, Casey SmithSecurity Evangelist at RunZero, Huxley BarbeeHead of Tines Labs, John TucknerWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless...2023-09-0827 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#62 - Cybersecurity industry trends with Ross Haleliuk, Co-Lead of the Venture in Security Angel SyndicateOn this episode of The Cybersecurity Defenders Podcast, we chat with Ross Haleliuk, Co-Lead of the Venture in Security Angel Syndicate, and Head of Product at LimaCharlie.Ross is a head of product at LimaCharlie - a startup that enables organisations to detect & respond to threats, automate processes, and future-proof their security operations. His areas of expertise include go-to-market and product strategy, B2B product-led growth, strategic positioning, product-market fit expansion, and growth. Outside of work, Ross is a startup advisor, angel investor, frequent contributor to TechCrunch, Forbes, and VentureBeat, and author of VentureinSecurity.net...2023-09-0740 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#61 - Intel Chat: QuiteRAT, CollectionRAT, Maldoc in PDF, DarkGate & the FBI takes down QakbotIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos reporting on both QuiteRAT and CollectionRAT from the Lazarus Group.JPCERT/CC has confirmed a new technique used in an attack that bypasses detection by embedding a malicious Word file into a PDF file. Telekom Security was recently made aware via trust groups about a new malware campaign involving DarkGate .The FBI and the Justice Department announced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. T...2023-09-0121 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#60 - Building scalable security products quickly with the SecOps Cloud PlatformA hosted panel discussion with industry leaders to explore the advantages of the SecOps Cloud Platform for product builders.The panel is moderated by LimaCharlie's Head of Product, Ross Haleliuk. The panel participants are:Founder & CTO of Recon InfoSec, Eric CapuanoLead Incident Detection Engineer at Blumira, Amanda BerlinWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of...2023-08-2925 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#59 - Intel Chat: Racoon stealer, Duke, WoofLocker, Cuba ransomware & XLoaderIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The return of the Racoon Stealer after temporarily being disrupted.EclecticIQ, analysts have assessed with high-confidence two observed PDF documents that are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.MalwareBytes is following up on a tech support scam campaign dubbed WoofLocker.The threat research team at BlackBerry has discovered and documented new tools used by the Cuba ransomware threat group.SentinelOne are reporting a new iteration of the XLoader malware-as-a-service infostealer a...2023-08-2531 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#58 - An introduction to the SecOps Cloud Platform with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlieOn this episode of The Cybersecurity Defenders Podcast, we chat with Maxime Lamothe-Brassard, Founder & CEO of LimaCharlie, about the SecOps Cloud Platform.The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An environment where many solutions can exist, not as a collection of random tools, but as a...2023-08-2006 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#55 - Intel Chat: XWorm, SugarCRM zero-day, Statc Stealer, Background Task Manager fail, Seaspy & WhirlpoolIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. A new injector written in Rust is used to inject shellcode and introduce XWorm into a victim’s environment.Multiple cases where the SugarCRM was the initial attack vector and allowed threat actors to gain access to AWS accounts.Statc Stealer is a sophisticated malware that infects devices powered by Windows, gains access to computer systems and steals sensitive information.Patrick Wardle's research says that macOS's Background Task Manager can be easily bypassed and that Apple failed to act...2023-08-1638 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#53 - The future of enterprise SecOps: a panel discussion with industry leadersOn this episode of The Cybersecurity Defenders Podcast we host a panel discussion with industry leaders and explore the advantages of the SecOps Cloud Platform for securing enterprise organizations.The panel is moderated by LimaCharlie's Chief Revenue Officer, Jessica Crytzer. The panel participants are:Founder & CEO of LimaCharlie, Maxime Lamothe-BrassardFounder & CEO of Turngate, Bruce Potter Head of Product, Interpres Security, Fred WilmotPrincipal Consultant at Higgins Cybersecurity Consulting, Sean HigginsWhat is the SecOps Cloud Platform?The SecOps Cloud Platform is a construct for delivering the core...2023-08-0331 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#52 - Intel Chat: Mallox, Decoy Dog, Casbaneiro, Nitrogen, search-ms exploit, & the BlackLotusIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Decoy Dog is a malware toolkit that cleverly uses DNS to perform command and control.Breaking down the infection chain for Casbaneiro, another banking trojan targeting Latin America.An initial-access malware campaign that leverages malicious advertising - or malvertising - to impersonate legitimate software and compromise business networks.The VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques.Trellix Advanced Research Center who have identified a novel method for exploiting the ‘search-ms” protocol handler.The source code of the Bl...2023-08-0239 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#50 - Intel Chat: AgentTesla, Cobalt Strike, njRAT, LokiBot, SophosEncrypt, BundleBot, and targetted OSS supply chain attacksIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that b...2023-07-2626 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#49 - The history of LimaCharlie with Founder & CEO, Maxime Lamothe-BrassardOn this episode of The Cybersecurity Defenders Podcast, we sit down with LimaCharlie Founder & CEO, Maxime Lamothe-Brassard, and talk about the history and vision of the SecOps Cloud Platform.About the SecOps Cloud Platform:The SecOps Cloud Platform is a construct for delivering the core components needed to secure and monitor any given organization: things like, deploying endpoint capabilities through a single agent regardless of the technology, alerting and correlating from logs regardless of the source, automating analysis and response regardless of the environment.The SecOps Cloud Platform is:An...2023-07-2139 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#48 - Intel Chat: Rust Bucket, RedEnergy, Charming Kitten, Truebot variants, Big Head & TOITOINIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. The RustBucket malware allows operators to download and execute various payloads. Zscaler ThreatLabz researchers discovered a new Stealer-as-a-Ransomware named RedEnergy used in attacks against energy utilities, oil, gas, telecom, and machinery sectors.Charming Kitten sends a lure masquerading as a senior fellow with the Royal United Services Institute to a public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. New Truebot malware variants deployed on networks compromised using a critical rem...2023-07-1301 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#46 - Intel Chat: RedEyes, The Flea, JS dropper delivering Bumblebee & IcedID, and free smartwatchesIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. ASEC discovered that RedEyes is distributing and using an infostealer with wiretapping features. Symantex is reporting that The Flea has continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023. Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID Rapid7 researchers recently undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered. Members...2023-06-2930 minCyber ThoughtsCyber ThoughtsEP 3: Maxime Lamothe-Brassard, Founder & CEO of LimaCharlieIn this episode of the Cyber Thoughts Podcast, Lucas interviews Maxime Lamothe-Brassard, the founder and CEO of LimaCharlie, a Lytical Venture's portfolio company. Maxime shares his journey in cybersecurity, starting from his time at the CSE, Canada’s national cryptologic agency, through his stints at CrowdStrike and Google, and founding LimaCharlie.2023-06-2729 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#44 - Intel Chat: Fake GitHub repos, NPM poison, Vidar, Mac malware, Tsunami DDOS, Cl0p reward, and the EDR killer: SpyboyIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.VulnCheck comes across a malicious GitHub repository that is claimed to be a Signal 0-day.CheckMarx are reporting that Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking a S3 bucket.Team CYMRU has released a detailed publication on Vidar infrastructure which encompasses both the primary administrative aspects and the underlying backend. Bit Defender Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a mor...2023-06-2443 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#42 - Intel Chat: Atomic Wallet, Azure goes down, BEC justice, FortiOS SSL VPN and the BatCloakIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. $35 million has reportedly been stolen from users of Atomic Wallet.On June 9th the Microsoft Azure Portal was down on the web as a result of suspected DDOS.The US Department of Justice has indicted 6 people for their involvement in a $6 million dollar business email compromise scam.CVE-2023-27997 was reported by Fortinet on June 13th (Fortinet hardening guide).Trend Micro recently discovered the use of heavily obfuscated batch files utilizing the advanced BatCloak engine.And a really c...2023-06-1535 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#40 - Intel Chat: BlackCat, RaidForums Exposed, MOVEit Transfer, Camaro Dragon, mystery iOS malware, TrueBot and the Cyclops Ransomware & Stealer comboIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.BlackCat makes some changes geared towards improving its tradecraft and increasing the likelihood of data theft and encryption. A new hacking forum called Exposed has publicly leaked a substantial database from the infamous RaidForums.A critical vulnerability in the MOVEit Transfer software.Camaro Dragon targets European foreign affairs entities linked to Southeast and East Asia.Kaspersky is reporting on some unknown malware targeting iOS devices.The Hacker News is reporting a surge in TrueBot activity that w...2023-06-0811 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#38 - Intel Chat: Donut, Agrius, Kimsuky, Pikabot, QBot & the Gootloader Initial Access-as-a-Service Operation.In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire...2023-06-0145 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#36 - Intel Chat: Red Stinger, 3 new Apple Zero Days, the GuLoader, BlackCat and the Golden JackalIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Malware Bytes researchers reporting on the Red Stinger group which has targeted entities in Ukraine.Apple is reporting three new zero days affecting iPhones, iPads, Macs and even Apple watches and TVs. The folks over at CISCO Talos have recently identified a new RA group that has been operating since at least April 22, 2023.Check Point researchers have uncovered the GuLoader that has been used in a large number of attacks.Trend Micro is reporting on a n...2023-05-2539 minSecure Ventures with Kyle McNultySecure Ventures with Kyle McNultyLimaCharlie: Maxime Lamothe-Brassard on Cybersecurity Middleware for Incident ResponseMaxime: CEO and founder at LimaCharlie, middleware for cybersecurity application integration for incident response Previously worked for Google, Crowdstrike, and Canada's department of defense Check out the episode for our discussion on the challenges of building your own security workflows, automation adoption journeys, and how the larger cybersecurity automation world is evolving. https://limacharlie.io/ 2023-05-1636 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#33 - Hacker History: Stuxnet (Part 2)This episode of the Cybersecurity Defenders podcast is the second part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet.Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.If you have not heard the first episode it is recommended that you do so before listening to this one. You can listen to the first episode here: Stuxnet (Part 1)Stuxnet is a malicious computer worm first uncovered in 2010 and thought to...2023-05-1618 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#32 - Intel Chat: APT41, Sidewinder & Operation Medusa cuts the head off of SnakeIn this episode of the Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threatmmon have uncovered a targeted PowerShell backdoor malware attack that bypasses normal detection methodology.Researchers have uncovered an attack that is based on a classic sideloading technique with a twist in which a first-stage clean application sideloads a second clean application and auto-executes it.US authorities have announced the seizure of 13 internet domains.The Blackberry Threat Research and Intelligence team has discovered a new campaign from the Sidewinder APT group against Pakistani government organizations.CISA has issued an...2023-05-1128 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#31 - Intel Chat: 3CX Inception, QuaDream goes down, APTs targeting for destruction, AMOS & AuKillIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.The initial  attack vector of 3CX’s network was via malicious software downloaded from Trading Technologies websiteQuaDream has allegedly fired all of its staff and is shutting down its operations in the coming daysState-sponsored campaigns targeting global infrastructure: looks like obvious targeting to support future destructive attacksA new information-stealing malware called Atomic macOS Stealer (AMOS)Attackers have been observed attempting to disable EDR clients with a new defensive evasion tool we’ve dubbed AuKillA new report put o...2023-05-0430 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#28 - Intel Chat: Balada injector, Lockbit, the Legion hacktool, Nokoyawa ransomware, Domino malware and more.In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Over 1 million Wordpress sites have been infected by the Balada Injector malwareNokoyawa ransomware attacks are being seen in the wild exploiting a Windows zero-dayAn emerging Python-based credential harvester and hacktool, named LegionA recently discovered malware family being called “Domino” Care increasingly using the Action1 remote access software for persistence on compromised networksA ransomware group has created encryptors targeting Macs for the first timeAnd a Chrome type confusion issue in the V8 Javascript engineThe Cyber...2023-04-1939 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#27 - Intel Chat: Apple zero-days to the end of the Genesis Market. And a dive into OT security with Dave Cullen, Field CTO of OTORIOIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Emergency security updates issued by Apple: CVE-2023-28206 & CVE-2023-28205 .Check Point researchers have unveiled a new sophisticated and fast acting ransomware.eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.The CrowdStrike Falcon OverWatch team recently observed threat actors exploit WinRAR self-extracting archives.FBI, Europol and the Dutch Police have disrupted the infamous browser cookie market known as Genesis Market. Microsoft’s Digital Crimes Uni...2023-04-121h 12The Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#26 - Intel Chat: 3CX to APT43. And a deep dive on the Capital One breach with Cloud Threat Detection Engineer, Day JohnsonIn this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Crowdstrike reports the 3CX supply chain attack.Agents arrested Conor Brian Fitzpatrick on a charge of conspiracy to commit access device fraud.SentinelOne reporting on the CatB ransomware family which is sometimes referred to as CatB99 or Baxtoy.A new everything infostealer on the dark market called Radamanthys.Mandiant has assessed with high confidence they identified a new APT: APT43.And then we deep dive the Capital One data breach discovered on July 19, 2019, with DataDog Cloud Threat...2023-04-0659 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#25 - Hacker History: Stuxnet (Part 1)This episode of the Cybersecurity Defenders podcast is the first part in a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon.Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran...2023-03-2920 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#24 - Intel Chat: MS Outlook exploit. And ShmooCon organizers, Heidi and Bruce Potter.In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel: CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule) CVE-2023-24880: An unpatched security bypass in Microsoft’s SmartScreen security feature.Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.And an interview with Heidi and Bruce Pott...2023-03-221h 07The Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#23 - Intel chat with Matt Bromiley and an interview with Joe Schreiber, Co-founder & CEO of appNovi.In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:A new Microsoft Word Vulnerability: CVE-2023-21716. The Emotet botnet is back spamming again.A previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities.A SpaceX vendor has been compromised by a LockBit affiliate.Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group.And an interview with Joe Schreiber, Co-founder and CEO of appNovi.2023-03-1659 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#22 - An intel chat with Matt Bromiley and an interview with Rich Heimann, Chief AI Officer at SilverSky.In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:Menlo Labs has uncovered an unknown threat actor that’s running an evasive threat campaign which is being distributed via Discord and is targeting government entities.TA569 is a prolific threat actor who has been deploying website injections that run a Javascript payload known as SocGholish.The risk to business from burned-out analysts.The emerging post-explotation framework, EXFILTRATOR-22 or EX-22.And an interview with Rich Heimann, Chief AI Officer at SilverSky, where we...2023-03-081h 01The Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#21 - A intel chat with Matt Bromiley and an interview with Nick Gipson, Director of Cyber Operations at Pareto Cyber.In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel. After that, an interview with Nick Gipson, Director of Cyber Operations at Pareto Cyber.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet. 2023-03-0131 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#16 - Hacker History: NotPetyaIn this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were...2023-01-2619 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#13 - Hacker History: Titan RainIn this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent...2023-01-0419 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#10 - Simply Cyber Report for December 14. Plus a conversation with several Open Source cybersecurity founders.The Simply Cyber Report for December 14, 2022.Go-based malware named Zerobot in the wild. Android malware dubbed "Zombinder" a Just-in-time Trojan style malware. Iranian based APT, has been pushing hard with remote administration tooling.A roundtable conversation with several Open Source cybersecurity founders. During the conversation we discuss the complexities of open-source as it relates to cybersecurity, the effects it has on the industry, funding models, what inspired these projects, how they came to be, how they are trying to grow, and any lessons - good or bad - they have learned along the way.2022-12-141h 01The Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#9 - Predictions for the future from 2022As we get ready to say goodbye to 2022 the team at the Cybersecurity Defenders podcast thought it would be nice to review all the predictions for the future made by guests on this show so far.It is a fun episode and will be interesting to circle back on next year at the same time.In the show, we talk about Dr. Joseph Burt-Miller Jr's study hall group on Discord - here is the link for anybody interested in checking it out: https://discord.gg/Z8gaAvnS4mAs always, your feedback is...2022-12-0721 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#7 - Hacker History: Operation FlyhookIn this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.Any questions or feedback can be directed to defenders@limacharlie.ioThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet. 2022-11-2318 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#5 - The Adversary Toolbox: PaExec. Plus Eric Capuano, Founder & CEO of Recon InfosecIn this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox and tells us all about PaExec.We also sit down to chat with Eric Capuano, Founder and CEO of Recon Infosec.During the conversation with Eric, we talk about many different things including the OpenSoc Network Defense Range and their new Thursday Defensive webcast.If you have any suggestions or feedback please don't hesitate to reach out to us: defenders@limacharlie.ioThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the...2022-11-0941 minThe Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#3 - Introducing The Adversary Toolbox: PsExec. Plus cybersecurity startup founders roundtable.In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley introduces the Adversary Toolbox and discusses Microsoft Windows remote execution tool, PsExec.We also sit down to chat with several cybersecurity startup founders about the lessons that they learned along the way and the things they wished they had known starting out.The panelists for this informative discussion are:Roselle Safran, Founder and CEO of KeyCaliberCorey White, Founder and CEO of CyvatarMaxime Lamothe-Brassard, Founder and CEO of LimaCharlieIf you have any suggestions or feedback please don't...2022-10-2611h 56The Cybersecurity Defenders PodcastThe Cybersecurity Defenders Podcast#1 - Introducing The Cybersecurity Defenders PodcastThe first episode of The Cybersecurity Defenders Podcast. A show about cybersecurity and the people that defend the internet. This weekly show is put together as a series of segments. This episode includes the following:A cybersecurity news update by Dr. Gerald Auger of Simply Cyber.An interview with the CISO of Synoptek, Chris Gebhardt.A product update from LimaCharlie founder Maxime Lamothe-Brassard.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet. 2022-10-1954 minAngelneers: Insights From Startup BuildersAngelneers: Insights From Startup BuildersBringing an Engineering Approach to Cybersecurity with Maxime Lamothe-Brassard from LimaCharlieSiloed security products today don’t give you the control, transparency, scale, and innovation needed to protect against today’s advanced threats.  In this episode, we sat down with Maxime Lamothe-Brassard to talk about bringing an engineering approach to cybersecurity through the Security Infrastructure as a Service (SIaaS) model and its implications. Maxime is a co-founder and CEO of LimaCharlie which enables organizations to detect & respond to threats, automate processes, reduce the number of vendors they use, and future-proof their security operations. Slack LinkedIn Twitter Github Youtube 2022-10-1451 minThe Future of Security OperationsThe Future of Security OperationsLimaCharlie’s Maxime Lamothe-Brassard: Rethinking How Cybersecurity Tools Are Sold — Less Snakeoil, More Focus on CapabilitiesIn our third episode, we speak with Maxime Lamothe-Brassard — CEO and founder of LimaCharlie, a security infrastructure as a service tool that gives security teams full control over how they manage their security infrastructure. Maxime’s unique perspectives come from a career in security, including Canada’s NSA, Google, Arc4dia, and the early days of Crowdstrike.  Topics discussed in this episode:  The problem LimaCharlie solves.  What endpoint hygiene means and lessons Maxime learned from working at Google.  How Maxime describes the state of security today.  Maxime’s philosophy for how cybersecurity products should be marketed and sold to cu...2022-04-2530 minUNSECURITY: Information Security PodcastUNSECURITY: Information Security PodcastUNSECURITY Episode 163: The Need for Transparency in Cybersecurity Products w/ Max of LimaCharlieThis week, Brad and Evan sit down with special guest Max of LimaCharlie to discuss the importance of transparency in cybersecurity products, and how LimaCharlie is doing things differently.Give episode 163 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com.Don't forget to like and subscribe!2022-02-0140 minCybersecurity: Amplified And IntensifiedCybersecurity: Amplified And IntensifiedEpisode #40 - Incident Response Orchestration with Maxime Lamothe-Brassard of LimaCharlie.ioAs part of the Canadian Intelligence apparatus, Maxime worked in positions ranging from development of cyber defense technologies through Counter Computer Network Exploitation and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service.After leaving the government, Maxime provided direct help to private and public organizations in matters of cyber defense and worked for CrowdStrike, Google and Google X. Maxime left Google X - where he was a founding member of Chronicle Security - in 2018 to found LimaCharlie.Maxime La...2021-12-061h 02Sittadel PodcastSittadel Podcast30 - Maxime Lamothe-Bressard, Founder of LimaCharlieSome men see EDR as it is; others see EDR as it should be.  Maxime Lamothe-Bressard joins Nate and Joshua for a discussion on the ways LimaCharlie is removing the roadblocks for working with some of the most important data points for Incident Responders and SOC analysts: file execution telemetry.  Maxime brings a wealth of experience to the show, bringing insight from his time at Google-X, CrowdStrike, and a French Cafe.  You can get started with LimaCharlie today for free by visiting limacharlie.io.For more information, visit https://www.sittadel.com or tweet us at @sittadelpodcast.2021-10-0445 minSecure Talk PodcastSecure Talk PodcastMaxime Lamothe-Brassard, Founder LimaCharlieMaxime "Max" Lamothe-Brassard Founder of LimaCharlie talks about the ins and outs of cloud-based endpoint detection and response (EDR), and explains how LimaCharlie is changing traditional thinking related to corporate cybersecurity solutions.2021-09-2943 min