Couverture de The CISO Signal: True Cybercrime Podcast

The CISO Signal: True Cybercrime Podcast

The CISO Signal: True Cybercrime Podcast

De : Jeremy Ladner
Écouter gratuitement

À propos de ce contenu audio

 The CISO Signal is a true cybercrime podcast investigating the most consequential breaches, insider threats, takedowns, and nation-state hacks shaping today’s digital world. Each episode combines gripping, cinematic storytelling with exclusive interviews from top CISOs and cybersecurity leaders. Together, we break down how the world’s most dangerous cyberattacks unfolded and what today’s security professionals must learn from them. Whether you’re a Chief Information Security Officer, a security team member, or a fan of true crime and high-stakes digital espionage, this show pulls you behind the curtain of real-world cyber warfare. 🎧 Educational. Entertaining. Essential. The CISO Signal delivers expert insights and battlefield-tested lessons that every security leader and true cybercrime fan should hear.© 2026 Jeremy Ladner
Les membres Amazon Prime bénéficient automatiquement de 2 livres audio offerts chez Audible.

Vous êtes membre Amazon Prime ?

Bénéficiez automatiquement de 2 livres audio offerts.
Bonne écoute !
    Épisodes
    • Accellion FTA | How a Legacy File Transfer Tool Fueled a Global Extortion Campaign

      Accellion FTA | How a Legacy File Transfer Tool Fueled a Global Extortion Campaign
      Feb 5 2026
      Accellion FTA | How a Legacy File Transfer Tool Fueled a Global Extortion CampaignWith guest co-hosts Christopher Russell, CISO at tZERO Groupand Benjamin Lipczynski, Director of Cyber Security & Regulatory Services at OriginaIn late 2020, attackers did not target the cloud.They did not exploit a modern SaaS platform.They went after a quiet, aging file transfer appliance that had been sitting in enterprise environments for nearly two decades.The Accellion File Transfer Appliance (FTA) was still moving contracts, legal documents, financial records, and sensitive data across governments, universities, and global enterprises. Long past its intended design horizon, it remained trusted. And largely unseen.Then a cluster of zero-day vulnerabilities was exploited.Attackers linked to FIN11 used the flaws for large-scale data exfiltration. The stolen data was then handed off to the Clop, which launched a public leak-site extortion campaign.No ransomware encryption.Just stolen files and pressure.Victims included Shell, Kroger, the Reserve Bank of New Zealand, multiple universities, and public-sector agencies worldwide.In this episode of The CISO Signal | True Cybercrime Podcast, we break down how legacy systems quietly become high-consequence risk, why patching alone could not fix the underlying problem, and what happens when attackers specialize across exploitation and extortion.This is not a story about ignoring upgrades.It is a story about systems that outlive their assumptions.🎙 Guest Co-HostsChristopher Russell:Chief Information Security Officer, tZERO Group👉 www.tzero.com 👉 / tzero Benjamin Lipczynski:Director, Cyber Security & Regulatory Services, 🤝 Episode Sponsor: Origina👉 www.origina.com👉 / origina This episode is sponsored by Origina, an independent provider of third-party software support and lifecycle governance for mission-critical enterprise systems.Origina works with security, IT, and risk leaders to safely operate, harden, and govern systems that may be aging, end-of-life, or under vendor upgrade pressure, without forcing rushed or unnecessary migrations. Their approach focuses on control, stability, and evidence-based decision making, especially in environments where downtime or disruption is not an option.🔍 Episode Topics• Why legacy file transfer tools stayed in production for decades• How multiple zero-days were exploited in rapid succession• The handoff between initial access groups and extortion operators• Why many victims learned of the breach through leak sites• Patching vs architectural limits in aging systems• How security leaders can manage legacy risk without panic-driven upgrades🧊 The aftershockBy early 2021, global CERT teams urged organizations to migrate off Accellion FTA immediately, citing its end-of-life status and ongoing risk. Multiple lawsuits followed, along with increased regulatory scrutiny of legacy tools embedded in sensitive workflows.The Accellion breach became a reference point for a broader industry reckoning around technical debt, governance, and the hidden risk of systems that are still working right up until the moment they fail.🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons.Subscribe so you never miss an investigation.👉 @thecisosignal 👉 www.linkedin.com/company/the-ciso-signal 👉 www.theCISOsignal.com #CISOSignal #AccellionBreach #Clop #FIN11#LegacySystems #DataExtortion
      Afficher plus Afficher moins
      25 min
    • Midnight Blizzard | How Russian Intelligence Breached Microsoft - w/ Alyssa Robinson, CISO @ HubSpot

      Midnight Blizzard | How Russian Intelligence Breached Microsoft - w/ Alyssa Robinson, CISO @ HubSpot
      Dec 30 2025

      Midnight Blizzard | How Russian Intelligence Breached Microsoft

      With guest CISO Co-Host Alyssa Robinson, CISO at HubSpot

      In late 2023, a Russian state-sponsored threat actor known as Midnight Blizzard (also called NOBELIUM and widely associated with APT29) began probing Microsoft the old-fashioned way: password spraying.

      No zero-day. No smash-and-grab.

      Just patience, repetition, and one legacy gap.

      Microsoft says the actor compromised a legacy, non-production test tenant account and used that foothold to access a very small percentage of Microsoft corporate email accounts, including members of senior leadership and employees in cybersecurity and legal, then exfiltrated some emails and attached documents. Microsoft detected the attack on January 12, 2024, and disclosed it publicly on January 19, 2024.
      Microsoft

      This was espionage, not extortion: Microsoft assessed the actor was initially seeking information related to Midnight Blizzard itself, essentially trying to learn what Microsoft knew about their operations.
      Microsoft
      +1

      In this episode of The CISO Signal | True Cybercrime Podcast, we break down how a nation-state operation targets the most valuable asset in modern security: identity. We explore why executive inboxes are intelligence gold, why slow intrusions are so hard to see in real time, and what incident response looks like when the adversary is collecting insight, not detonating ransomware.

      🎙 Guest CISO Co-Host

      Alyssa Robinson
      Chief Information Security Officer, HubSpot

      🔍 Episode Topics

      • How password spraying still works at massive scale
      • Why legacy test tenants and exceptions become the entry point
      • Executive identity risk and the “convenience gap”
      • What changes when the attacker is a nation state
      • The trust question: what downstream organizations must assume

      🧊 The aftershock

      Microsoft later reported evidence that the actor was using exfiltrated information to pursue additional unauthorized access, including some source code repositories and internal systems, while stating it found no evidence that Microsoft-hosted customer-facing systems were compromised.
      Microsoft

      CISA also issued guidance on SVR / APT29 tradecraft for initial cloud access (AA24-057A) and an Emergency Directive tied to this compromise (ED 24-02).
      CISA
      +1

      🧩 About The CISO Signal
      True cybercrime storytelling with real CISO lessons. Subscribe so you never miss an investigation.
      👉 / @thecisosignal
      www.linkedin.com/company/the-ciso-signal

      #CISOSignal #MicrosoftBreach #MidnightBlizzard #APT29 #NOBELIUM
      #CyberEspionage #IdentitySecurity #CloudSecurity #CISO #TrueCybercrime
      Afficher plus Afficher moins
      33 min
    • The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)

      The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)
      Dec 7 2025

      The HubSpot Hack | The SaaS Backdoor to Bitcoin - ft. Scott Kisser (CISO, Swan Bitcoin)
      When attackers breached HubSpot in March 2022, they weren’t after HubSpot at all.

      They were after the customers of its customers.

      Crypto firms like Trezor, BlockFi, and Swan Bitcoin suddenly saw their users targeted by near-perfect phishing emails designed to steal recovery seeds and drain wallets. And just weeks later, another SaaS provider, Klaviyo, was hit the same way. The message was clear:

      You can defend your castle…
      but attackers will go after the people guarding your gates.

      This week on The CISO Signal | True Cybercrime Podcast, we dissect the SaaS-supply-chain breach that shook the crypto world and the coordinated response that stopped it from becoming a full-scale disaster.

      🎙 Guest CISO Co-Host: Scott Kisser
      Chief Information Security Officer – Swan Bitcoin
      Former security leader at Salesforce, DocuSign, Amazon, and F5.

      Scott takes us inside the incident response:
      • How a single phished employee put the SaaS ecosystem at risk
      • Why crypto companies were the downstream target
      • The race to warn customers before attackers drained wallets
      • How CISOs must rethink vendor access and trust assumptions
      • Why no major funds were stolen — and why that victory matters

      This wasn’t a tale of ransomware, it was a breach of trust.
      And a reminder that SaaS is now part of every organization’s attack surface.

      🔍 Episode Topics

      • Vendor compromise → internal tool access → crypto user phishing

      • The human element behind SaaS security

      • What leadership communication looks like when trust is shaken

      • The new rules of defending against third-party attack vectors


      🏴‍☠️ Key Players
      • HubSpot — initial breach vector
      • Klaviyo — second SaaS compromise
      • Trezor & Swan Bitcoin — downstream targets
      • Crypto customers — the true victims
      • CISOs — left to restore confidence & reshape strategy

      💡 Takeaway for CISOs
      “You’re only as strong as the SaaS identities you can’t see.”

      🧩 About The CISO Signal
      Hollywood-style storytelling meets real cybersecurity lessons.
      Every episode, CISOs break down the world’s most notorious cyberattacks — what happened, what broke, and what must change.

      Subscribe & ring the bell so you never miss an investigation. 🛎️
      👉 / @thecisosignal

      📣 Connect with Us
      🌐 Website: thecisosignal.transistor.fm
      🔗 LinkedIn: linkedin.com/company/the-ciso-signal
      Subscribe & share to stay ahead of the world’s most sophisticated cyber threats.


      🔥 Hashtags
      #CISOSignal #HubSpotBreach #Klaviyo #SaaSSecurity #CryptoSecurity #SupplyChainAttack #SocialEngineering #Phishing #SecurityPodcast #TrueCybercrime #ScottKisser #SwanBitcoin #Trezor
      Afficher plus Afficher moins
      30 min
    Aucun commentaire pour le moment