SafeBreach - Podcast Details

Shows

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 64 - The Mythos Hype Index: What AI Really Did to the Zero-Day CurveEvery CISO is asking it: now that frontier models like Claude Mythos and ChatGPT 5.5 have real offensive cyber capability, are zero days surging? Host Tova Dvorin and SafeBreach offensive engineer Adrian Culley dig into the mid-2026 data — GTIG, Mandiant M-Trends, Rapid7, AISI — and find the curve moved in shape, not volume. Inside: the two AI "firsts" (Big Sleep and a 2FA-bypass exploit), why commercial spyware explains the rebound, the negative-seven-day time-to-exploit, and why defender deployment is the real bottleneck. #cybersecurity #infosec #CISO #zeroday #AIsecurity #BAS #AEV #CTEM #SafeBreach #threatintel

2026-06-2428 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 63 - Mythos and ChatGPT 5.5: Why AI Now Finds Decades-Old Zero DaysHow is AI suddenly finding zero days that survived decades of human fuzzing? In April 2026, Anthropic's Claude Mythos and OpenAI's ChatGPT 5.5 rewrote what's possible with a keyboard. Host Tova Dvorin and offensive security expert Adrian Culley unpack the UK AISI's verdict — genuine step changes — through decades-old bugs in OpenBSD and FFmpeg, the 32-step autonomous attack chain, the Cyberstrike AI campaign across 648 firewalls, and why "capability doubling every 4.7 months" makes continuous validation non-negotiable for every CISO.

2026-06-1719 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 62 - Zero Trust Breaks Against MCP: Why "Verified" No Longer Means SafeMost enterprises assume their zero trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP) — and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls.#cybersecurity #infosec #CISO #MCP #ZeroTrust #AgenticAI #AISecurity #BAS

2026-06-1021 min

Cybersecurity Business with Fexingo: Security Companies, Breaches, and Enterprise Defense How Security Teams Are Using Breach Simulation to Find GapsEpisode 32 of Cybersecurity Business with Fexingo dives into breach and attack simulation (BAS) tools. Lucas and Luna explore how companies like Cymulate, AttackIQ, and SafeBreach are helping enterprise security teams continuously test defenses by automating attacks. They discuss a real-world case: a mid-sized financial firm that used BAS to identify a critical gap in its email security before a phishing campaign hit. The hosts break down how BAS differs from traditional penetration testing, why it's gaining traction among CISOs in 2026, and where the technology still falls short. They also touch on the business models behind these vendors, including how...

2026-06-0507 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 61 - Blind With Scissors: The NSA's MCP Warning for Every Agentic AI DeploymentThe NSA just published a rare advisory on the Model Context Protocol (MCP)—the plumbing under nearly every agentic AI deployment of the last 18 months—and the verdict is stark: optional authentication, no token lifecycle, silent behavior changes, and no logging to catch any of it. Host Tova Dvorin sits down with defensive cybersecurity expert Adrian Culley to unpack the eight risk categories, the WhatsApp and GitHub MCP exploits, and why MCP is now a testable validation surface. #cybersecurity #infosec #CISO #MCP #AgenticAI #NSA #CTEM #BAS

2026-06-0321 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 60 - The Puppet Masters: Mustang Panda's Long Con Against ASEAN DiplomatsWhen a tired EU diplomat clicks "connect" on an airport Wi-Fi portal, his briefing — and his government's secrets — end up in Chengdu. Hosts Tova Dvorin and Adrian Culley unpack Mustang Panda (APT27 / Bronze President), the Chinese threat group running the long con against NGOs, ASEAN ministries, and Tibetan and Uyghur activists. Inside: captive-portal Wi-Fi Pineapples that bypass MFA, PlugX side-loading through legitimate apps, and the USB worm that jumps air-gapped military networks.#cybersecurity #infosec #CISO #MustangPanda #APT27 #ChinaAPT #BAS #SafeBreach

2026-05-2710 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 59 - Russia's Cyber Arsenal Exposed: Defeating the FSB, GRU, and BlackCat Before They StrikeIn the finale of our Russian intelligence and proxy threat series, SafeBreach engineer Adrian Culley joins host Tova Dvorin to turn five episodes of analysis into concrete, actionable defense. The threat is real — now here's how you stop it.Adrian and Tova walk through five critical mitigation layers your organization needs to implement today: hardening the human firewall through Continuous Automated Red Teaming (CART), enforcing adaptive MFA that Scattered Spider's session token theft and fatigue attacks can't bypass, locking down cloud and SaaS platforms — Salesforce, Snowflake, Okta — against FSB-linked privilege escalation, validating network segmentation against BlackCat ransom...

2026-05-2009 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 58 - Double Dragon: How China's APT 41 Works for the State by Day — and Itself by NightChina's cyber shadow has already reached your software. APT 41 — known as Double Dragon — isn't just stealing state secrets. They've pioneered a new generation of supply chain attacks, trojanizing the shared code libraries that thousands of organizations trust without question. And their latest splinter unit, UAT 7290, has been inside North American developer environments for over a year — not triggering anything, just watching, learning, and waiting to strike in a way that looks completely native.In this episode, Tova Dvorin and Adrian Culley expose the group that breaks every rule of traditional espionage: how the MSS built an elite...

2026-05-1309 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 57 - Russia's Proxy Bridge: BlackCat, Scattered Spider, and the KremlinIn Part 4 of our Russian intelligence series, host Tova Dvorin and Adrian Culley map the proxy bridge between Western teenage hackers and Moscow. BlackCat (ALPHV) ransomware-as-a-service is the operational hinge: Scattered Spider breaks in, BlackCat encrypts, and the FSB watches the dashboard. Hear how the Kremlin earns plausible deniability, why a $115M extortion stream self-funds Russian intelligence, and what MI6's new "hybrid shadow war" warning means for defenders simulating Rust-based ransomware in their own networks.

2026-05-0612 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 56 - 10,000 Bugs, 12 That Matter: Using AI to Cut Through Exposure Noise with CTEMAre you still stuck on the vulnerability hamster wheel? In this episode of the Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach VP of Product Koby Bar and offensive security expert Adrian Culley to unpack a major shift in how enterprises approach proactive security — and to announce the launch of SafeBreach Helm, the AI validation layer built for Continuous Threat Exposure Management (CTEM).They break down all five pillars of CTEM — scoping, discovery, prioritization, validation, and mobilization — and explain exactly why most organizations stall before operationalizing any of them. You'll learn why nearly...

2026-04-2914 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 55 - The ‘Typhoon’ Hack: How China Hid Inside Your Home RouterYour home router isn’t just sitting there. It might already be part of a global cyberattack.In Part 2 of our deep dive into Chinese cyber operations, Tova Dvorin and Adrian Culley unpack the “Typhoon” threat groups—Volt Typhoon, Salt Typhoon, and Flax Typhoon—and how they’re quietly reshaping modern cyber warfare.This isn’t about stealing data.It’s about staying hidden, pre-positioning, and being ready to strike.In this episode, you’ll learn:How hackers are living inside networks for years...

2026-04-2210 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 54 - EU Cyber Resilience Act (CRA) Explained: What Every Security Leader Must Do NowThe EU Cyber Resilience Act (CRA) is set to transform cybersecurity—from a best practice into a legal requirement. But what does that actually mean for security teams, product leaders, and CISOs?In this episode of The Cyber Resilience Brief, host Tova Dvorin and cybersecurity expert Adrian Culley break down the CRA in plain terms—and explain why the shift to continuous security validation is unavoidable.You’ll learn:What the CRA means by “products with digital elements (PDEs)”—and why almost e...

2026-04-1510 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 53 - The Dragon’s Shadow: China’s Silent Cyber War Has Already BegunWhat if the next cyberattack doesn’t steal your data… but quietly prepares to break your infrastructure?In this premiere episode of our series on Chinese threat actors, we uncover how China transformed from noisy, smash-and-grab hackers into the world’s most sophisticated cyber power—one focused not just on espionage, but on pre-positioning inside critical infrastructure.Through a chilling real-world scenario, we explore a new kind of threat: digital landmines—subtle, invisible changes inside power grids, telecommunications networks, and industrial systems that can be triggered at any time.

2026-04-0810 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 52 - The Russian Cyber Triad: GRU, SVR, FSB ExplainedIn this episode of the Cyber Resilience Brief, we shift from chaotic cybercriminals to the calculated world of Russian nation-state threat actors—breaking down the three agencies that dominate Russia’s cyber operations: the GRU, SVR, and FSB.What many organizations mistakenly treat as a single “Russian threat” is actually a complex ecosystem of competing intelligence agencies—each with distinct goals, tactics, and operational philosophies.The GRU (military intelligence) acts as the sledgehammer, driving destructive campaigns like NotPetya and operating groups such as Fancy Bear and Sandworm.The SVR (foreig...

2026-04-0109 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 51 - 2026 Cyber War Update: Handala, MuddyWater, and the Rise of Destructive AttacksIranian cyber attacks are escalating—shifting from espionage to destructive, large-scale operations. In this episode, we break down what CISOs need to know.Host Tova Dvorin and offensive security expert Adrian Culley analyze the latest Iranian cyber threat activity, including groups like Handala (Void Manticore) and MuddyWater (Mango Sandstorm), and how their tactics are evolving.You’ll learn how attackers are using malwareless techniques like Microsoft Intune device wipes, blockchain-based command-and-control via Ethereum, and Telegram-driven infrastructure to bypass traditional defenses. We also explore how IRGC-linked operations are targeting critical infrastructure, including water and powe...

2026-03-2508 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 50 - Inside Trump’s 2026 Cyber Strategy: Why “Check-the-Box Security” Is DeadThe U.S. just made its boldest move in cybersecurity in decades.In this episode of the Cyber Resilience Brief, Tova Dvorin and Adrian break down President Trump’s 2026 Cyber Strategy—and why it signals a massive shift from reactive defense to proactive, offensive cybersecurity.What does this mean for CISOs, security leaders, and the private sector?We unpack the strategy’s most critical pillars, including:Why “checklist compliance” is officially deadThe rise of offensive cybersecurity and adversary disruptionHow A...

2026-03-1812 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 49 - Iran’s AI-Powered Cyber Warfare: The Next Phase of the Global Cyber ThreatIranian cyber operations are entering a new era.In this final episode of our Iran cyber series, we explore how Iranian APT groups are evolving — leveraging AI, targeting supply chains, and bypassing the billion-dollar security stacks built to stop them.Hosts Tova Dvorin and Adrian Culley break down the emerging threats shaping 2026, including:• Autonomous malware powered by localized LLMs• “Skeleton key” attacks targeting MSPs and IT providers• Adversarial AI collaboration between Iran, Russia, and North Korea• Why identity trust is collapsing in the age of deepfakes

2026-03-1109 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 48 - Iran's 12 Days of Cyber War: How Missiles Triggered a Global OT Hacking CampaignJune 2025 marked a turning point in cyber warfare.In this episode of The Cyber Resilience Brief, Tova Dvorin and offensive engineer Adrian Cully break down the cyber escalation that followed Operation Rising Lion — what some analysts now describe as Iran’s 12 days of cyber war.As missiles struck Iranian strategic targets, coordinated hacktivist groups like Cyber Avengers and Handala launched psychological operations, mass SMS spoofing campaigns, and attacks targeting operational technology (OT) systems — including Unitronics PLCs used in water and indust...

2026-03-0407 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 47 - APT42 & Iran’s AI Social Engineering: Deepfakes, Phishing & Hack-and-LeakIran’s APT42 — also known as Charming Kitten or Mint Sandstorm — is redefining social engineering with generative AI, deepfake voice cloning, and long-term phishing campaigns.In this episode of the Cyber Resilience Brief, we break down how Iranian state-sponsored threat actors are using AI-powered phishing, MFA fatigue attacks, credential harvesting, and hack-and-leak operations to target journalists, political campaigns, academics, and enterprise executives.You’ll learn:How APT42 builds months-long AI-generated relationships before deploying malwareHow deepfake voice notes are being used to bypass verificationHow compromised email accounts fuel election interference and information warfareWhy MFA fati...

2026-02-2510 min

CyberWire Daily Telegram for the throne. [Research Saturday]Today we have Tomer Bar, VP of Security Research at SafeBreach Labs, discussing their work on "Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope". In this first installment of SafeBreach’s deep dive into the Iranian-linked APT known as “Prince of Persia,” originally exposed by Palo Alto Networks Unit 42, researchers reveal that the group never truly went dark after 2022—but instead evolved. Led by Tomer, the investigation uncovers new variants of Foudre and Tonnerre malware, expanded campaign scale, active C2 infrastructure through late 2025, and a shift toward Telegram-based command-and-control. The research provides...

2026-02-2121 min

Research Saturday Telegram for the throne.Today we have Tomer Bar, VP of Security Research at SafeBreach Labs, discussing their work on "Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope". In this first installment of SafeBreach’s deep dive into the Iranian-linked APT known as “Prince of Persia,” originally exposed by Palo Alto Networks Unit 42, researchers reveal that the group never truly went dark after 2022—but instead evolved. Led by Tomer, the investigation uncovers new variants of Foudre and Tonnerre malware, expanded campaign scale, active C2 infrastructure through late 2025, and a shift toward Telegram-based command-and-control. The research provides...

2026-02-2121 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 46 - Blueprint Thieves: Inside Iran’s Industrial Espionage MachineIn this episode of The Cyber Resilience Brief, we break down the modern reality of Iranian cyber warfare and industrial espionage. Host Tova Dvorin and offensive security engineer Adrian Culley analyze the tactics, techniques, and procedures (TTPs) of APT33, OilRig (APT34), and MuddyWater — three of the most active Iranian state-sponsored threat actors targeting energy, aviation, manufacturing, government, and critical infrastructure.From intellectual property theft and aerospace breaches to DNS tunneling, living-off-the-land techniques, cloud-based command-and-control (C2), and wiper malware, we unpack how these groups evolved into stealthy, hi...

2026-02-1808 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 45 - Teen Hackers, SIM Swaps & Russian RansomwareIn Part 2 of our Russia cyber threat series, we unpack the Western cybercrime ecosystem powering Russian ransomware operations.We examine Scattered Spider, LAPSUS$, and Shiny Hunters, and how social engineering, SIM swapping, MFA bypass, and AI-driven voice spoofing are breaching Fortune 100 companies — without zero-days.Learn how access brokers commoditize breaches, why help desks are prime targets, and what this shift means for CISOs and security teams.If you’re only testing firewalls, you’re missing the real risk.Listen now to understand how modern ransomware campaigns succee...

2026-02-1110 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 44 - DynoWiper: A Nation-State Wiper Targeting Poland’s Energy SectorIn this special bonus episode of The Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach threat research expert Adrian Culley to examine DynoWiper, a destructive nation-state wiper malware observed targeting Poland’s energy sector.First detected in late December 2025, DynoWiper has been linked to attacks on Polish wind farms and combined heat and power (CHP) plants, signaling a shift away from financially motivated ransomware toward pure disruption of critical infrastructure.The episode explores:How DynoWiper operates without command-and-control infrastructureWhy attribution points to Russian state-linked actors, including FSB Centre 16 (Static Tundra) an...

2026-02-0808 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 43 - Russian Threat Actors: Useful Fools and Proxy PowerIn this episode, Tova Dvorin and Adrian Culley break down the realities of Russian intelligence and cyber security, separating myth from fact. They explore how Russian state actors rely on proxy actors and cybercriminal marketplaces rather than direct operations, and why attribution challenges make cyber attacks so difficult to trace.The discussion highlights the difference between state-sponsored cyber activity and financially motivated cybercrime—and why defenders must rethink traditional assumptions. The episode closes with a look at why continuous threat exposure management is critical for st...

2026-02-0412 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 42 - Iran’s Cyber Shadow War: IRGC, MOIS, and the Battle for ControlEpisode 2 of 6 – Iran’s Cyber Program ExplainedIn Iran’s Cyber Shadow War: IRGC, MOIS, and the Battle for Control, we continue our deep-dive into Iran’s cyber operations by exposing the internal power struggle driving its most dangerous digital attacks.Iran does not operate a single, unified cyber command. Instead, two rival organizations—the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS)—run competing cyber missions with very different goals, tactics, and tradecraft. One favors loud, destructive attacks designed to intimidat...

2026-01-2710 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 41 - Iran’s Cyber Awakening: From Stuxnet to Shamoon and BeyondHow did Iran evolve from a regional actor into one of the world’s most disruptive cyber threat forces? In the first episode of our Iran threat series, we trace the pivotal moments that shaped Iran’s modern cyber doctrine — from the Stuxnet attack on Natanz to the rise of destructive wiper malware like Shamoon and today’s era of stealthy, persistent access operations. Host Tova Dvorin is joined by Adrian Culley, Offensive Cyber Security Engineer at SafeBreach, to unpack how Iran turned humiliation into capability, embraced a contractor-based APT model, and weaponized cyber operations as a too...

2026-01-2111 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 40 - CRINK: The Cyber Threat Accelerating Right NowChina. Russia. Iran. North Korea. As geopolitical tensions escalate—especially involving China and Iran—their cyber activity isn’t slowing down. It’s converging. In this episode of The Cyber Resilience Brief, Tova Dvorin and Adrian Culley unpack CRINK: an intelligence-community term rarely used in the commercial market, but critical for defenders to understand now. CRINK isn’t a formal alliance so much as it’s a shared playbook. Chinese pre-positioning, Russian disruption, Iranian sabotage, and North Korean cybercrime combine into a full-spectrum, asymmetric threat targeting critical infrastructure and enterprises. If your security strategy rel...

2026-01-1415 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 39 - The Shadow War is Already Here: How CISOs Must Prepare for Cyber ConflictThe Shadow War is already underway — and it’s being fought in cyberspace. In this episode of The Cyber Resilience Brief, host Tova Dvorin and cybersecurity strategist Adrian Culley explore how escalating global tensions are redefining modern warfare and what that means for CISOs and security teams today. We break down how nation-state cyber threats from Russia, China, Iran, and North Korea are operating in a state of persistent engagement — planting access, stealing data, disrupting critical infrastructure, and preparing for future conflict. Learn why reactive security is no longer enough and how Breach and At...

2026-01-1211 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 38: The Evolution of Offensive CybersecurityOffensive cybersecurity didn’t start with phishing or ransomware; it began with codebreaking, curiosity, and a drive to understand how systems fail. In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach Senior Sales Engineer Adrian Culley explore the evolution of offensive security — from early hacking and penetration testing to modern Breach and Attack Simulation (BAS) and continuous adversarial exposure validation. You’ll learn why point-in-time testing is no longer enough, how BAS enables safe testing of live production environments, and what CISOs need to build measurable, continuously validated cyber resilience.

2026-01-0717 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 37 - Emennet Pasargad Exposed: How Iran’s IRGC Cyber Unit Targets Organizations — and How to Stop ThemEmennet Pasargad is one of the most active and aggressive Iranian cyber threat groups operating today — tied directly to the Islamic Revolutionary Guard Corps (IRGC) Cyber Electronic Command. In this episode of Cyber Resilience Brief, SafeBreach Senior Sales Engineer Adrian Culley breaks down who Emennet Pasargad really is, how they operate through shell companies and phishing campaigns, and why their tactics pose both cybersecurity and geopolitical risks. You’ll learn how this Iranian nation-state group abuses email, malware delivery, and command-and-control infrastructure — and why traditional security awareness training isn’t enough. More importantly, we explore how adve...

2025-12-3013 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 36 - TIBER-EU Explained: How Threat-Led Red Teaming Is Redefining Cyber ResilienceThreat-led red teaming is no longer optional in Europe — it’s becoming the foundation of cyber resilience. In this episode of The Cyber Resilience Brief, host Tova Dvorin is joined by Adrian Culley, SafeBreach’s offensive security expert for Europe and the UK, to break down the TIBER-EU framework and why it’s reshaping how financial institutions and critical infrastructure organizations approach cyber defense. Originally developed by the European Central Bank, TIBER-EU (Threat Intelligence-Based Ethical Red Teaming) goes far beyond traditional penetration testing. It simulates real-world adversaries, real attack paths, and real operational pressure — aligning tightly wi...

2025-12-2313 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 35 - BAS, APTs, AEV, and CTEM Explained: A Practical Guide to Cybersecurity AcronymsIn this episode of the Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley clearly and practically explain some of the most commonly used — and most commonly misunderstood — terms in modern cybersecurity. Together, they break down: What Breach and Attack Simulation (BAS) actually means in practice How Advanced Persistent Threats (APTs) operate — and why persistence matters What Adversarial Exposure Validation (AEV) is (and what it isn’t) How CTEM (Continuous Threat Exposure Management) connects these concepts The difference between attack simulation and adversary emulation This episode focuses on plain-language explanations, real-world context, and why these terms ex...

2025-12-1717 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 34 - Inside the Jaguar Land Rover Cyberattack: Supply Chain Failure, Scattered Spider, and the New Threat EcosystemThe Jaguar Land Rover cyberattack has already cost the UK billions — and exposed a critical weakness in modern cybersecurity: supply chain risk. In this episode of The Cyber Resilience Brief, SafeBreach hosts Tova Dvorin and Adrian Culley sit down with Steve Cobb, CISO of SecurityScorecard, to unpack what really happened, why groups like Scattered Spider, ShinyHunters, and Lapsus are becoming more coordinated, and what CISOs must do now to protect against cascading third-party failures. We break down: How the Jaguar Land Rover breach unfolded Why third-party and fourth-party risk is now first-party risk ...

2025-12-1014 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 33 - BRICKSTORM Reemerges: CISA & NSA Warn of New Persistence Tactics and Cyber Resilience GapsIn Episode 33 of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley revisit the BRICKSTORM threat—this time through the lens of the new CISA, NSA, and Canadian Cyber Centre joint advisory. While Episode 24 explored BRICKSTORM’s origin, stealth techniques, and UNC5221’s long-term espionage campaign, this episode focuses on what’s changed, and why BRICKSTORM remains a critical concern for defenders in 2025 and into 2026. Tova and Adrian break down the advisory’s latest findings, including expanded targeting of government and IT sectors, advanced persistence mechanisms, and new insights into how attackers leverage VMware environments to maintain f...

2025-12-0712 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 32 - Inside “The Com”: The Social-Engineering Supergroup Behind Global Ransomware AttacksIn this episode of The Cyber Resilience Brief, host Tova Dvorin and offensive security expert Adrian Culley expose The Com—the decentralized cybercrime collective behind threat groups like Lapsus$, Scattered Spider (UNC 3944 / Octo Tempest), and ShinyHunters. Together, they break down how this teenage-to-young-adult adversary ecosystem has weaponized vishing, MFA fatigue, SIM-swapping, and cloud exfiltration to breach giants including Microsoft, Okta, Nvidia, MGM Resorts, and more. You’ll learn: How The Com evolved from Lapsus$ chaos into a professionalized extortion machine Why help desks—not firewalls—are their favorite initial access vector Their si...

2025-12-0317 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 31 - From Exercise to Efficacy: Resilience as a MeasurementIn this final episode of our November Critical Infrastructure series, The Cyber Resilience Brief host Tova Dvorin and SafeBreach offensive engineer Adrian Culley explore what it truly means to measure resilience — not just talk about it. They break down how the CISA resilience framework (“Know, Assess, Plan, and Continuously Improve”) connects directly to modern validation tools like Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Continuous Red Teaming (CART). Discover how organizations can move from tabletop exercises to quantifiable, data-driven resilience metrics, bridging the gap between security plans and operational reality. Learn how continuous validation transf...

2025-11-2607 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 30 - Bridging IT and OT - A Unified Red Team ViewAs IT and OT environments converge, critical infrastructure faces an evolving threat landscape where cyberattacks can have real-world, physical consequences. In this episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Cybersecurity Engineer at SafeBreach, explore how Continuous Automated Red Teaming (CART) delivers a unified approach to testing and securing IT/OT boundaries. Learn how continuous validation, segmentation assurance, and evidence-based remediation help organizations protect industrial control systems (ICS) and SCADA environments—without disrupting operations. Discover how to align with CISA’s resilience principles, reduce mean time to remediation (MTTR), and strengthen cyber-physical resilience through cont...

2025-11-1907 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 29 - The Domino Effect: Validating Supply Chain and DependenciesIn this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley explore the domino effect of supply chain vulnerabilities within critical infrastructure. Using real-world examples like SolarWinds, MOVEit, and Log4j, they unpack how a single compromised vendor can ripple across entire sectors—and how Adversary Exposure Validation (AEV) can help break that chain. Adrian explains how AEV models third-party attack paths and validates resilience across shared dependencies, while Tova highlights the widening IT/OT gap and why Continuous Automated Red Teaming (CART) is essential to maintaining ongoing protection. Tune in to le...

2025-11-1210 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 28: Critical Infrastructure’s Unique Validation ChallengeIn this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach offensive security engineer Adrian Culley explore the high-stakes world of critical infrastructure cybersecurity. November marks Critical Infrastructure Security and Resilience Month, and the discussion dives deep into why continuous validation — not periodic testing — is essential for protecting energy, water, finance, and healthcare systems from nation-state threats. Learn how Breach and Attack Simulation (BAS) can safely test IT/OT boundaries, validate segmentation controls, and transform compliance efforts from “check-the-box” to “prove-the-box.” Discover how SafeBreach empowers critical infrastructure organizations to achieve resilient, safe, and measurable security efficacy wit...

2025-11-0507 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 27 - The Evolution of ShinyHunters: From Data Theft to Weaponized TrustThe ShinyHunters threat group has transformed from a dark-web data broker into one of the most dangerous alliances in modern cybercrime. In this episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down how the group’s merger with Scattered Spider marks a new era of as-a-service cybercrime — one built on social engineering, AI-powered vishing, and the exploitation of trust in SaaS ecosystems like Salesforce and Snowflake. Discover: How AI-enhanced vishing is bypassing even multi-factor authentication (MFA). Why identity and OAuth tokens are now the...

2025-10-2917 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 26: The Cyber Resilience PlaybookIn the finale of our Cybersecurity Awareness Month series, SafeBreach’s Cyber Resilience Brief delivers its most powerful episode yet — The Cyber Resilience Playbook. Join hosts Tova Dvorin and Adrian Culley as they connect the dots between Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) — revealing how these validation layers work together to create a unified framework for cyber resilience. Discover how organizations can: Continuously validate their security controls against real-world threats Prioritize remediation with threat-driven exposure validation Operationalize resilience with automated red te...

2025-10-2709 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 25: Beyond the Drill: The Power of Continuous Automated Red Teaming (CART)How can security teams stay truly proactive in a world where adversaries never stop? In this episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley explore Continuous Automated Red Teaming (CART) — the next evolution in proactive security validation. They break down how CART extends beyond traditional red teaming and breach simulation, combining automation and intelligence to deliver 24/7, real-time attack validation. Learn how CART helps organizations: Continuously test and optimize their security controls Detect misconfigurations and vulnerabilities before adversaries do Strengthen overall cyber resilience and operational readiness Wh...

2025-10-2210 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 24 - BrickStorm: From LoTL to "Living Off the Blind Spot"In this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach offensive security expert Adrian Culley unpack BrickStorm — a highly sophisticated espionage operation attributed to China-nexus group UNC5221. With an average dwell time of 393 days, this campaign redefines stealth and persistence in cyber warfare. Discover how attackers are “living off the blind spot” by exploiting critical infrastructure gaps in VPNs, VMware vCenter servers, and ESXi hosts — areas traditional security tools can’t see. Adrian breaks down their use of Go-based malware, delayed activation, and a genius offline credential theft technique that clones virtual machines to exfiltrate...

2025-10-2012 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 23 - Zeroing In on Adversary Exposure Validation (AEV): Moving Beyond Vulnerability ManagementIn episode 2 of our special 4-part Cybersecurity Awareness Month series, The Cyber Resilience Brief hosts Tova Dvorin and Adrian Culley dive deep into Adversary Exposure Validation (AEV) — the next evolution of Breach and Attack Simulation (BAS) and Continuous Threat Exposure Management (CTEM). Learn how AEV helps organizations move beyond endless vulnerability lists to validate exposures that real adversaries exploit, prioritize based on active threat intelligence, and shift from reactive defense to continuous cyber readiness. Featuring insights on SafeBreach’s attack library, MITRE ATT&CK mapping, and why “patch and proceed is dead,” this episode reveals how AEV...

2025-10-1509 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 22 - Scattered Spider's Declaration of War: Deconstructing the ThreatIn this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and Adrian Culley, Offensive Security Engineer at SafeBreach, break down the shocking manifesto released by Scattered Spider — also known as Lapsus$ and ShinyHunters — the same threat group now linked to the Jaguar Land Rover cyberattack that’s suspected to have Russian ties. As geopolitical tensions rise and Russia’s hybrid cyber warfare intensifies, Scattered Spider’s public “declaration of war” marks a chilling shift: from quiet ransomware operations to open intimidation of Western governments and Fortune 500 companies. Tova and Adrian unpack how this group combines...

2025-10-1312 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 21 - The October Wake-Up Call: Awareness is Not EnoughOctober may be Cybersecurity Awareness Month, but as SafeBreach experts Tova Dvorin and Adrian Culley reveal, awareness alone doesn’t stop attackers. In this kickoff episode of our special four-part Cyber Month series, we explore why traditional awareness training and annual penetration tests aren’t enough in today’s rapidly evolving threat landscape. Adrian and Tova break down: Why awareness ≠ readiness — and the critical role of validation How Breach and Attack Simulation (BAS) turns cyber hygiene into measurable resilience The alarming reality: 30% of security controls fail the first time they’re tested ...

2025-10-0806 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 20 - Changing Faces: Inside the BianLian Cybercrime OperationIn this episode of The Cyber Resilience Brief, we expose the tactics of one of today’s most agile and financially motivated threat groups: BianLian. Originally known for double extortion ransomware, BianLian rapidly pivoted to pure data theft and extortion—making them harder to stop and faster to profit. SafeBreach offensive security engineer Adrian Culley joins host Tova Dvorin to unpack: How BianLian evolved from ransomware to exfiltration-based extortion. The TTPs behind their attacks, from compromised RDP credentials to stealthy “living off the land” techniques. Why traditional defenses struggle to keep pace wit...

2025-10-0609 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 19 (Special) - The US Government Shutdown and CISA: Erosion of Alert CapabilitiesAs the US government shutdown begins, critical questions emerge about how funding instability threatens the nation’s cyber defense. In this urgent episode of The Cyber Resilience Brief, Tova and Adrian unpack the “dual threat” facing CISA: the looming expiration of the Cybersecurity Information Sharing Act of 2015, and deep budget cuts that could decimate its operational capacity. We explore how these pressures risk crippling CISA’s ability to issue timely, actionable threat alerts—and what that means for CISOs trying to protect their networks today. Beyond CISA, we highlight the domestic agencies and international partners stepping up to fill th...

2025-10-0109 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 18 - From Logs to Insights: The Power of Parsers in Detection EngineeringIn this episode of the Cyber Resilience Brief, we dive into detection engineering and one of its most powerful tools: parsers. SafeBreach experts Jonathan Tillman and Shachaf Raviv share how parsers transform raw logs into actionable insights, enabling organizations to scale detection engineering, customize security validation, and integrate seamlessly across SIEMs and security controls. --- This episode is also a teaser for our upcoming webinar, “Elevate Detection Engineering at Scale”, where we’ll showcase the brand-new Parsers UI, walk through practical use cases, and answer your questions live. 🔗 Register here: safebreach.com/elevate-detection-engineering-at-scale

2025-10-0112 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 17 - Inside the Dark Web: Lessons Hackers Teach Us About Cyber ResilienceStep inside the hidden world of the dark web with SafeBreach’s Cyber Resilience Brief. In this episode, Senior Sales Engineer Hudney Piquant shares eye-opening stories from his explorations into hacker forums and ransomware recruitment pipelines. Discover: How cybercrime groups like Conti operate more like corporations than chaos-driven collectives. Why the psychology of hacking—speed, opportunism, and human exploitation—matters as much as technology. How penetration testing and adversary simulation can help security teams counter evolving tactics. Why AI is supercharging cybercrime—and how defenders must adapt to keep pace.

2025-09-2414 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep 16. - Malicious Listeners in Ivanti EPMM: Breaking Down CISA’s AR25-261A ReportIn this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach’s Adrian Culley analyze the brand-new CISA AR25-261A report detailing malicious listeners in Ivanti Endpoint Manager Mobile (EPMM). We break down how attackers are exploiting CVE-2025-4427 and CVE-2025-4428, using sophisticated base64-encoded payload delivery to evade detection and establish persistent backdoors. Listeners will learn: How state-sponsored threat groups are targeting multiple industries—including finance, healthcare, retail, education, manufacturing, and energy. The malware techniques involved, from malicious loaders to reassembled encoded chunks. The critical role...

2025-09-1808 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep 15 - Inside the Web of Scattered Spider: Social Engineering at ScaleScattered Spider — also known as UNC3944, Oktapus, and Muddled Libra — has quickly become one of today’s most notorious cybercriminal groups. From high-profile breaches at MGM Resorts and Caesars Entertainment to attacks on retailers and airlines, their tactics show that the biggest threat isn’t always malware — it’s social engineering. In this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley explore how Scattered Spider operates and what makes them so dangerous. We break down their favorite attack methods, including SIM swapping, MFA push bombing, and IT helpdesk impersonation — and reveal why “they don’t break in...

2025-09-1713 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 14 - NIS2 Directive Explained: Strengthening Cyber Resilience Across Europe and BeyondThe EU’s NIS2 Directive is reshaping the global cybersecurity landscape with sweeping requirements for essential and important entities, strict reporting obligations, and substantial penalties for non-compliance. In this episode of Cyber Resilience Brief, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer at SafeBreach and EU/UK regulatory expert, to unpack what NIS2 means for organizations worldwide. We explore: How NIS2 builds on DORA and connects to the upcoming Cyber Resilience Act Key sectors impacted, from critical infrastructure to digital providers Executive accountability, supply chain security, and audit requirements Why Breach and Attack Si...

2025-09-1018 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 13 - Proactive Security vs. Dragonfly: Using BAS, AEV & CART to Outpace AdversariesIn this episode of the Cyber Resilience Brief, co-hosts Tova Dvorin and Adrian Culley dive into the FBI’s recent PSA 25820 alert on Dragonfly (a.k.a. Energetic Bear, Static Tundra) — one of the most persistent, state-sponsored Russian cyber espionage groups targeting critical infrastructure and industrial control systems (ICS). We break down Dragonfly’s latest tactics, including: Exploiting unpatched vulnerabilities in legacy systems Deploying custom malware (SinfulNOC) for long-term persistence Conducting reconnaissance inside victim networks Most importantly, we explore how Breach and Attack Simulation (BAS), Adversary Exposure Validation (AEV), and Con...

2025-09-0309 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep 12 - Women in Cyber: Voices of Resilience and ChangeWhat’s it really like to be a woman in cybersecurity in 2025? In this special International Women in Cyber Day episode, SafeBreach leaders and team members share candid stories of resilience, representation, and mentorship. Hear how they balance career and family, tackle technical challenges, and empower future generations to step into cyber with confidence.

2025-09-0124 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep 11 - Salt Typhoon Exposed: Breaking Down CISA Advisory AA25-239In this special episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley unpack the newly released CISA Advisory AA25-239, a joint warning from CISA, NSA, FBI, and international partners on the persistent Chinese state-sponsored threat group known as Salt Typhoon. Salt Typhoon has been quietly infiltrating critical infrastructure worldwide using outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, and scheduled tasks—often remaining undetected for years. This episode explores: Key TTPs & IOCs called out in the advisory, including router exploits, credential abuse, and stealthy exfiltration techniques.

2025-08-2809 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 10 - Beyond CVEs: Why Patching Isn’t Enough to Stop BreachesMost security teams are laser-focused on patching CVEs, but does that guarantee protection? In this episode, SafeBreach Co-Founder & CTO Itzik Kotler and VP of Sales Engineering Michael De Groat unpack the real risks that slip through even the most rigorous vulnerability management programs. From misconfigurations and overly-permissioned identities to insider threats, social engineering, and zero-days, adversaries are exploiting far more than just published vulnerabilities. Discover why an assumed breach mindset and proactive adversarial simulation are critical for building resilience—long after your systems are fully patched. Tune in to learn: Why 100% patch compliance st...

2025-08-2719 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep 9 - Inside Volt Typhoon: Defending Against Chinese State-Sponsored Cyber ThreatsIn this episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach Senior Sales Engineer Adrian Culley dissect the stealthy tactics of Volt Typhoon, a Chinese state-sponsored cyber group targeting critical infrastructure worldwide. Learn how their “living off the land” techniques bypass traditional defenses, what indicators of compromise to hunt for, and how adversary emulation can proactively expose your gaps. Packed with real-world threat intelligence and practical defense strategies, this conversation is a must-listen for CISOs, security teams, and critical infrastructure operators seeking to build resilience against nation-state threats.

2025-08-2013 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 8 - Hijacking, Crashing & Controlling: The Creative Side of Cyberattacks (Black Hat/DEFCON 2025)In this special Black Hat/DEFCON 2025 edition of The Cybersecurity Brief, host Tova Dvorin sits down with SafeBreach Labs researchers Or Yair and Ron Ben-Yizhak to unpack three groundbreaking discoveries shaking up the cybersecurity world. From abusing Windows RPC for devastating DoS and DDoS attacks, to exploiting Google Gemini through nothing more than a calendar invite, to hijacking RPC endpoints before privileged services even launch — these exploits highlight how creativity, not just technical skill, can redefine the threat landscape. Tune in for live-demo insights, real-world attack scenarios, and actionable takeaways you can use today to st...

2025-08-1310 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 7: You've Just Run a Penetration Test - What's Next? Beyond PentestingWhat happens after a traditional penetration test? In this episode, host Tova Dvorin is joined by Adrian Culley, Senior Sales Engineer and EU lead at SafeBreach, to explore the critical evolution from legacy pentesting to continuous, automated red teaming (CART) and breach and attack simulation (BAS). We dive deep into the limitations of point-in-time manual penetration testing and why modern security teams and CISOs need to shift toward proactive risk management and continuous threat exposure management (CTEM). Adrian explains how tools like SafeBreach’s Propagate go beyond simulating known threats to dynamically generate new attack paths—including zero...

2025-08-0713 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 6: Storm-2603 & Warlock: Where Ransomware-as-a-Service Gets RealA new breed of ransomware is on the rise: Warlock. In this episode, host Tova Dvorin and SafeBreach senior sales engineer Adrian Culley dig into the chilling details of the Warlock ransomware campaign and its deployment by Chinese threat actor Storm-2603. Learn how this adversary is combining nation-state level tactics with financially motivated ransomware-as-a-service operations, and what it means for critical infrastructure defense. Discover the key TTPs, IOCs, and how SafeBreach customers can validate their resilience using AEV.

2025-07-3013 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 5: Interlock Ransomware: Don’t Accept Code from StrangersIn this episode of the SafeBreach Cyber Resilience Podcast, host Tova Dvorin sits down with Senior Sales Engineer Adrian Culley to dissect one of the most aggressive ransomware threats in circulation today: Interlock. Backed by a rapidly evolving, financially motivated threat group, Interlock ransomware isn’t just encrypting systems—it’s stealing sensitive data first, then holding victims hostage with a powerful double-extortion model. From major healthcare systems in the U.S. to public schools in Scotland, Interlock is making an outsized impact across sectors. We unpack: Why Interlock is not just another ransom...

2025-07-2509 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 4: ToolShell in the Wild: SharePoint Zero-Day CVE-2025-53770 ExplainedIn this urgent Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach experts Adrian Culley and Tomer Bar to break down CVE-2025-53770, a critical zero-day vulnerability actively exploited in Microsoft SharePoint Server. Known as part of the ToolShell attack chain, this deserialization flaw allows unauthenticated remote code execution and persistence — and it’s already being used in the wild. We discuss: What makes this vulnerability so dangerous (hint: there's no patch for SharePoint 2016 yet) Why Microsoft is advising customers to assume breach How SafeBreach Labs responded within 24 hours with new...

2025-07-2110 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 3: Palo Alto Networks Research and AI Generated AttacksAI vs. Cybersecurity: The New Frontline In this eye-opening episode, host Tova Dvorin sits down with Tomer Bar, VP of Security Research at SafeBreach, and Shelly Zucker, Product Manager at SafeBreach, to unravel the alarming ways AI is transforming the cyber threat landscape—and what it means for defenders. The conversation kicks off with jaw-dropping findings from Palo Alto Networks: AI-powered ransomware attacks that complete from breach to data theft in just 25 minutes, slashing attack timelines by 100x, and fueling forecasts of $57 billion in damages in 2025 alone. Pair that with an 890% surge in enterprise AI ap...

2025-07-1614 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 2: FBI Advisory, Iranian Threats & ResilienceIn this episode, we break down the latest FBI advisory on Iranian cyber actors — and what it means for your OT, IoT, and critical systems. SafeBreach’s Adrian Culley shares practical steps to validate defenses and lock the stable door before the horse bolts.

2025-07-0307 min

The Cyber Resilience Brief: A SafeBreach Podcast Ep. 1: Building DORA-Ready Defenses -- Cyber Resilience Starts NowIn this premiere episode of The Cyber Resilience Brief, we dive into the EU’s Digital Operational Resilience Act (DORA) — and why its impact goes far beyond Europe. Host Tova Dvorin is joined by Adrian Culley and David Murray from SafeBreach to break down what DORA means for financial institutions, insurers, and ICT providers worldwide. We explore: Why resilience — both toughness and rapid recovery — is now the apex of cybersecurity How DORA is pushing continuous testing and validation on live production systems, not just lab environments What it means to have a “cyber...

2025-07-0316 min

Cyber Morning Call 697 - Publicado PoC para falha que derruba o Active Directory[Referências do Episódio] LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49113 - https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/ Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405) - https://www.wiz.io/blog/nuclei-signature-verification-bypass EAGERBEE, with updated and novel components, targets the Middle East - https://securelist.com/eagerbee-backdoor/115175/ Tenable Chairman and CEO Amit Yoran Has Died - https://www.tenable.com/blog/tenable-chairman-and-ceo-amit-yoran-has-died Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio...

2025-01-0604 min

Out of the Woods: The Threat Hunting Podcast Top 5 Threat Hunting Headlines - 12 Aug 2024Top 5 Threat Hunting Headlines - 12 Aug 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackershttps://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true2. ReasonLabs | Enterprise Grade Security to All of Your Personal Deviceshttps://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scriptshttps://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/4. SafeBreach | Downgrade Attacks Using Windows Updateshttps://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Sitehttps://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view=true -----Follow Us!Twitter: https://twitter.com/CyborgSecInc

2024-08-1555 min

Out of the Woods: The Threat Hunting Podcast Top 5 Threat Hunting Headlines - 12 August 2024Top 5 Threat Hunting Headlines - 12 August 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true 2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign 3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scripts https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/ 4. SafeBreach | Downgrade Attacks Using Windows Updates https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/ 5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Site https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view...

2024-08-141h 08

Cyber Briefing December 11, 2023 - Cyber Briefing 👉 What's happening in cybersecurity today? 🚨 #CyberAlerts AutoSpill Attack Pilfers Android Password Managers Credentials Source: BackHat Europe New Process Injection, Dubbed Pool Party, Evades Top EDRs Without Detection Source: SafeBreach GuLoader Malware Employs New Anti-analysis Methods Revealed by Researchers Source: Elastic New Lock Screen Bypass Bug Found in Android 14 and 13 Source: Daily Motion 5Ghoul Bugs Affect 5G Devices Qualcomm MediaTek Chips Source: AhnLab Security Emergency Response Center (ASEC) 💥 #CyberIncidents McDonald's Cyber Attack Claim Fac...

2023-12-1108 min

CCTV NEWS Ep#199 - První Plně Nezjistitelný Cloudový CryptoMinerhttps://discord.gg/qQvXnUyeH2 Shrnutí týdne 43/23. Kapitoly: 00:00 Úvod 01:08 Falešná Aplikace WhatsApp Šíří Spyware 02:30 Cloudový CryptoMiner 03:46 Sandworm Způsobil Výpadek Elekřiny na Ukrajině 05:18 Severní Korea Implantuje MacOS Malware 06:35 Vlády se Shodli Na Boji Proti Ransomwaru 07:41 Meme of The Week Odkazy a zdroje: Cryptocurrency Miner Leveraging Microsoft Azure | SafeBreach CanesSpy Spyware Discovered in Modified WhatsApp Versions (thehackernews.com) Vlády se shodly na koordinovaném boji proti ransomwaru - Computerworld www.stanovo.cz #ITBezpecnost #IT #Novinky #Bezpecnost #Česko #Kriminalita #Cloud #Cryptominer

2023-11-1308 min

Security Weekly Podcast Network (Audio)Simplify Your Audit Process, News, BlackHat Interviews - Tomer Bar, Raghu Nandakumara, Erik Huckle - ESW #330Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how...

2023-09-012h 34

Enterprise Security Weekly (Audio)Simplify Your Audit Process, News, BlackHat Interviews - Tomer Bar, Raghu Nandakumara, Erik Huckle - ESW #330Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how...

2023-09-012h 34

Enterprise Security Weekly (Video)Secure the Cloud and See ROI, Attack Your Way to Accurate Answers - ESW #330In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments. This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiobh to learn more about them! It’s no secret that the attack surface is increasing and the best defense is one that’s matched to the most releva...

2023-09-0139 min

The Application Security Podcast Maril Vernon -- You Get What You Inspect, Not What You ExpectMaril Vernon is passionate about Purple teaming and joins Robert and Chris to discuss the intricacies of purple teaming in cybersecurity. She underscores the significance of fostering a collaborative environment between developers and the security team. Drawing from her experiences, Maril shares the challenge of development overlooking her remediation recommendations. She chose to engage directly with the developers, understanding their perspective and subsequently learning to frame her remediations in developer-centric language. This approach made her recommendations actionable and bridged the communication gap between the two teams.Maril also looks into the future of purple teaming, envisioning a...

2023-08-2940 min

The Conference Room with Simon Lader Ep 110 - "Scaling Revenues in a Hypergrowth Cybersecurity Startup" with Robert FreemanIn this week's episode we welcome cybersecurity sales leader Robert Freeman as we talk about sales, revenue growth and leadership in a hypergrowth cybersecurity startup. KEY TAKEAWAYS FROM THIS EPISODE Effective leadership involves uniting and motivating individuals towards a shared goal, understanding their motivations, and fostering good communication and positive culture. Leaders in startup environments need to be resourceful, adaptable, and able to wear multiple hats to navigate challenges and accommodate customer requests. Hiring individuals with startup experience is crucial, as they bring valuable skills and independence to thrive in a less structured...

2023-06-2639 min

Renegade Marketers Unite Build Your Dream B2B Marketing TeamWhat maketh a high functioning, well connected B2B marketing team? In this episode of Renegade Marketers Unite, we welcome three CMOs who share their approaches to shaping, growing, and nurturing their marketing organization in tandem with business growth. Get ready for some winning wisdom from these three CMOs: Melissa Goldberger of Safebreach James B. Stanton of Empyrean Jamie Walker of Keyfactor For full show notes and transcripts, visit https://renegade.com/podcasts/ To learn more about CMO Huddles, visit https://cmohuddles.com/

2022-12-1646 min

20MinuteLeaders Ep973: Guy Bejerano | CEO & Co-founder, SafeBreachGuy Bejerano is co-founder and CEO of SafeBreach, a pioneer in the continuous security validation category. Prior to SafeBreach, Guy was CSO of LivePerson, leading the security of one of the world's largest cloud platforms and providing security for more than 1 billion web visits across the internet each month. Guy has more than 24 years of expertise in operational, application, and network security, specializing in building security programs for global companies and cloud services, including the Information Security branch and red-team operations of the Israeli Air-Force.

2022-12-1421 min

CYBER2GO Fra antivirus til data wiper, 4 personer anholdt i Australien for $100m scam, RackSpace sagsøgtTre emner dækker dagens episode: En researcher hos SafeBreach har fundet ud af, hvordan man kan bruge sletningsteknikker på antivirusprogrammer og Endpoint Detection & Response programmer så de kan bruges som data-wipers. 4 kinesiske personer er i Australien blevet anholdt under mistanke af at stå bag en scam, hvori de har fået omkring $100m. RackSpace er blevet sagsøgt som følge af det ransomwareangreb de stod til mål for.Patchede versioner af programmerne i første nyhed: Microsoft Malware Protection Engine: 1.1.19700.2 eller nyereTrendMicro Apex One: Hotfix 23573 og Patch_b11136 eller nyereAvast...

2022-12-1205 min

teissPodcast - Cracking Cyber Security teissTalk: Industry focus - how healthcare institutions protect their data from cyber threatsThis is the audio-only version of our twice-weekly cyber security talk show, teissTalk. Join us twice a week for free by visiting www.teiss.co.uk/teisstalkThe panel discussion is titledteissTalk: Industry focus - how healthcare institutions protect their data from cyber threatsWhat are the unique challenges facing infosec leaders in this industry, and what are the transferable learnings?Comparing current risk to target risk in the healthcare industry – how have cyber risk appetites changed?Fostering an effective security culture across a healthcare setting - overcoming industry-specific challengesThis epi...

2022-11-0344 min

Cyber Morning Call Cyber Morning Call - #184 - 20/10/2022[Referências do Episódio] PF prende brasileiro suspeito de integrar organização criminosa internacional - https://www.gov.br/pf/pt-br/assuntos/noticias/2022/10/pf-prende-brasileiro-suspeito-de-integrar-organizacao-criminosa-internacional New fully undetectable powershell backdoor - https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/ NAS under threat- https://blog.group-ib.com/nas-under-threat A New Attack Surface on MS Exchange Part 4 ProxyRelay - https://devco.re/blog/2022/10/19/a-new-attack-surface-on-MS-exchange-part-4-ProxyRelay/?utm_campaign=social-alert&utm_medium=email&utm_source=newslit An In Depth Look At Russian Threat Actor Killnet - https://www.avertium.com/resources/threat-reports/an-in-depth-look-at-russian-threat-actor-killnet?utm_source...

2022-10-2005 min

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Thursday, October 20th, 2022Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/

2022-10-2006 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$

SANS Internet Storm Center's Daily Network Security News Podcast Network Security News Summary for Thursday October 20th, 2022Internet Wide Scanning; studentaid scams; undetectable command and control Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/ keywords: backdoor; powershell; undetectable; fbi; student loan; studentaid.gov; scanning

2022-10-2006 min $SANS Internet Storm Center\'s Daily Network Security News Podcast$

2022-10-2006 min

CISO Series Podcast We Take Security and Privacy Seriously… SeriouslyAll links and images for this episode can be found on CISO Series After every breach, you hear the same mantra from the attacked company: "We take security and privacy seriously." It's lost all its meaning. But what if you truly ARE serious about how you handle security and privacy? Should you say "seriously" twice? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Geoff Belknap (@geoffbelknap), CISO, LinkedIn and co-host of Defense in Depth. It was recorded in front of a...

2022-10-1146 min

20MinuteLeaders Ep732: Edo Yahav | VP R&D, GM Israel, SafeBreachEdo is SafeBreach's VP of R&D and IL GM, before SafeBreach, Edo served as Mintigo's VP of R&D (Acquired by Anaplan) where he lead the development of the company's engineering and research groups. Prior to Mintigo, Edo was an engineering manager in Microsoft working on several areas such as Telecom, Windows security, and Azure. Edo has also spent time in his career leading teams at several start-ups mostly in networking and network security. Edo holds a B.Sc in Computer Science from the University of Bar-Ilan.

2022-02-0221 min

Enterprise Security Weekly (Audio)Everyone Works Everywhere - ESW #235This week, in our first segment, we welcome Ed Rossi, Vice President of Product Management, Asset Inventory & Discovery at Qualys, to talk about Reinventing Asset Inventory for Security! Then, in the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Finally, we wrap up the show with two micro interviews from...

2021-07-231h 41

Enterprise Security Weekly (Video)Rapid7 Acquires Intsights, Intezer Refines Malware Analysis, & Funding News - ESW #235In the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw235

2021-07-2241 min

CISO to CISO Cybersecurity Talk Episode 3 - Yaron Levi - CISO of Blue Cross and Blue Shield of Kansas CityYaron is the CISO of Blue Cross and Blue Shield of Kansas City, who has more than 20 years of experience in cyber security and Information technology. Yaron held venture advisor roles for SideChannel Security, Cyberstarts, YL Ventures, and is on the board of advisors of Glilot Capital Partners, SafeBreach, Optiv Inc, WhiteHat Security, IntSights. Yaron specializes in creating and managing security strategies, building and maturing security practices, cyber defense teams and DevSecOps practices, embedding security into the organization’s DNA, and educating organization’s on matters of security, privacy and risk management. Michael and Yaron will talk abou...

2020-07-3127 min

Enterprise Security Weekly (Audio)All Systems Go - ESW #180This week, we talk Enterprise News, to discuss F-Secure launching protection and response service to protect remote workers, Sectigo and Infineon integrate to advance IoT security with automated certificate provisioning, Enhanced continuous threat detection and secure remote access with the Claroty Platform, and some acquisition and funding updates from SafeBreach, Swimlane, & Syncurity! In our second segment, we welcome Mark Orsi, President of the Global Resilience Federation, to talk about the Business Impacts and Security Risks with Working from Home! In our final segment, we welcome Peter Warmka, Founder of the Counterintelligence Institute, to discuss how The Threat of Social...

2020-04-231h 20

Enterprise Security Weekly (Video)ThunderScan, F-Secure Countercept, & ZeroFOX AI - ESW #180This week in the Enterprise Security News, Breach-and-Attack Simulation Firm SafeBreach Raises $19 Million, F-Secure launches protection and response service to protect remote workers, Swimlane acquires Syncurity to spur growth and affirm commitment to SOAR market, DefenseCode ThunderScan SAST 2.1.0 supports Go and ABAP languages, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode180

2020-04-2222 min

Research Saturday New vulnerabilities in PC sound cards.SafeBreach Labs discovered a new vulnerability in the Realtek HD Audio Driver Package, which is deployed on PCs containing Realtek sound cards. On this week's Research Saturday, our conversation with Itzik Kotler, who is Co-Founder and CTO at SafeBreach. The research can be found here: Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses Learn more about your ad choices. Visit megaphone.fm/adchoices

2020-02-2221 min

Enterprise Security Weekly (Video)ForeScout, SafeBreach, & ExtraHop - Enterprise Security Weekly #96ForeScout deepens visibility into OT networks with industrial system integrations, Trend Micro extends container security for DevOps, Sophos adds AI to improve Its email security solution, Fortinet optimizes web application firewall with new machine learning capabilities, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode96 Visit http://securityweekly.com/esw for all the latest episodes!

2018-06-2227 min $Paul\'s Security Weekly$

Paul's Security Weekly Chocolate Covered Nuts - Enterprise Security Weekly #96This week, Paul and John discuss IPFIX, and how John learned to love it and not hate it! In the Enterprise News, we have updates from ForeScout, SafeBreach, ExtraHop, Fortinet, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode96 Visit https://www.securityweekly.com/esw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

2018-06-2155 min

Enterprise Security Weekly (Audio)Chocolate Covered Nuts - Enterprise Security Weekly #96This week, Paul and John discuss IPFIX, and how John learned to love it and not hate it! In the Enterprise News, we have updates from ForeScout, SafeBreach, ExtraHop, Fortinet, and more on this episode of Enterprise Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ES_Episode96 Visit https://www.securityweekly.com/esw for all the latest episodes! →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

2018-06-2155 min

Business Security Weekly (Video)PhishLabs, SafeBreach, & Red Canary - Business Security Weekly #85In Tracking Security Innovation, PhishLabs-BrandProtect merger, Avast cuts proposed IPO range, SafeBreach raised $15M Series B, Red Canary raised $6.3M in Equity, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode85 Visit http://securityweekly.com/category/ssw for all the latest episodes! !

2018-05-1716 min $Paul\'s Security Weekly$

Paul's Security Weekly Tickling My Fancy - Business Security Weekly #85This week, Michael and Paul interview George Finney, Chief Security Officer at Southern Methodist University! In the Article Discussion, "Why People Really Quit Their Jobs", "Why You Need an Untouchable Day Every Week", and more! In Tracking Security Innovation, we have updates from PhishLabs, Avast, SafeBreach, Red Canary, and more on this episode of Business Security Weekly! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode85 Visit https://www.securityweekly.com/bsw for all the latest episodes!

2018-05-151h 23

Business Security Weekly (Video)Sqrrl, Hexadite, and SafeBreach - Startup Security Weekly #44Negotiation mistakes that are hurting your deals, hiring re-founders, and does VC fund differentiation really matter? Michael and Matt deliver updates from Hexadite, Amazon, Sqrrl, SafeBreach, and more! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode44 Visit http://securityweekly.com/category/ssw/ for all the latest episodes!

2017-06-2147 min

AT&T ThreatTraq ThreatTraq #220 - I Can Look At a Piece of Code Like The MatrixAT&T Data Security analysts, along with Amit Klein of SafeBreach, discuss perfect data exfiltration, 2016 Flare-On Challenge, response to viewer mail, and the Internet Weather Report. Originally recorded November 8, 2016.

2016-11-1500 min