In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• From earlier this week, The Docker Systems Status page reports an ongoing issue affecting Docker Desktop on macOS, where malware alerts are triggered by macOS identifying com.docker.vmnetd or com.docker.socket as potential threats.
• SafeBreach Labs has released a proof-of-concept (PoC) exploit for CVE-2024-49113, a critical vulnerability in the Lightweight Directory Access Protocol (LDAP) that impacts unpatched Windows Servers, including Active Directory Domain Controllers (DCs).
• The Halcyon RISE team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, exploiting AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C).
• A recent campaign has been targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability to gain unauthorized administrative access.
• Sophos recently reported on two distinct ransomware campaigns utilizing unique techniques to pressure victims and evade detection.

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.

Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.

Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she’s helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.

She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market.

You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark

On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light.

David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes.

David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community.

Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• We pause to honor the life and legacy of Amit Yoran, a visionary leader in the world of cybersecurity who passed away on January 4, 2025, after battling cancer.
• In April 2024, a threat actor known as "USDoD" advertised a massive database for sale on BreachForums, claiming it contained 2.9 billion records encompassing personal information of individuals from the United States, United Kingdom, and Canada.
• In December 2024, the U.S. Treasury Department disclosed a significant cybersecurity breach attributed to Chinese state-sponsored hackers.
• SafeBreach Labs has published a proof-of-concept (PoC) exploit for CVE-2024-49113, dubbed "LDAPNightmare." This vulnerability affects Windows Servers using the Lightweight Directory Access Protocol (LDAP) and enables attackers to crash unpatched systems.

MSSPs and other security service providers comprise the backbone of the cybersecurity industry. They are the organizations on the front line that keep the world running in the face of ever more sophisticated adversaries.

In this special series we are going to be exploring a variety of topics with seasoned experts around the ways they have learned to improve the effectiveness of their organizations.

Our guest today is Nick Gipson - the founder and CEO of Gipson Cyber.

Nick founded Gipson Cyber in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare.

Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.

Nick Gipson, the founder of Gipson Cyber, a company he launched in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare.

Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial Pipeline

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.

This episode was written by the talented Nathaniel Nelson.

Casey Ellis can be found on LinkedIn here.

On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.'

Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.”

This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.