Couverture de The CISO Signal: True Cybercrime Podcast

The CISO Signal: True Cybercrime Podcast

The CISO Signal: True Cybercrime Podcast

De : Jeremy Ladner
Écouter gratuitement

À propos de ce contenu audio

 The CISO Signal is a true cybercrime podcast investigating the most consequential breaches, insider threats, takedowns, and nation-state hacks shaping today’s digital world. Each episode combines gripping, cinematic storytelling with exclusive interviews from top CISOs and cybersecurity leaders. Together, we break down how the world’s most dangerous cyberattacks unfolded and what today’s security professionals must learn from them. Whether you’re a Chief Information Security Officer, a security team member, or a fan of true crime and high-stakes digital espionage, this show pulls you behind the curtain of real-world cyber warfare. 🎧 Educational. Entertaining. Essential. The CISO Signal delivers expert insights and battlefield-tested lessons that every security leader and true cybercrime fan should hear.© 2026 Jeremy Ladner
Épisodes
  • The Equifax Breach | One of the Largest Data Exposures in History

    The Equifax Breach | One of the Largest Data Exposures in History
    Apr 3 2026

    The Equifax Breach | One of the Largest Data Exposures in History

    🎙 With Jeremy Ladner and guest co-hosts Kavitha Mariappan and Mark Dorsi

    For months, the warning was sitting in plain sight.

    A critical vulnerability.

    Publicly disclosed.

    Actively exploited.

    A patch was available.

    Inside one of the largest credit reporting agencies in the world, the system remained exposed.

    No zero-day.

    No advanced exploit chain.

    Just a missed update.

    In May 2017, attackers began exploiting a known flaw in the Apache Struts framework.

    The vulnerability allowed remote code execution.

    Unauthenticated.

    Unrestricted.

    From the outside, it looked like routine traffic.

    Inside the network, it was something else.

    They accessed databases.

    Queried records.

    And began extracting one of the most sensitive datasets imaginable.

    Names.

    Social Security numbers.

    Birth dates.

    Addresses.

    The identity layer of nearly half the United States population.

    For 76 days, the activity continued.

    No alarms.

    No interruption.

    Until it was too late.

    By the time Equifax disclosed the breach in September 2017, approximately 147 million individuals had been affected.

    Executives resigned.

    Investigations launched.

    Congress intervened.

    But the breach itself had already unfolded.

    Because this was not a story about attackers breaking through hardened defenses. It was a story about what happens when a known vulnerability remains unpatched inside a system that holds national-scale data.

    In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Kavitha Mariappan of Rubrik and Mark Dorsi, CISO at Netlify, to examine how a single missed control can cascade into systemic failure, why patch management must be operationalized not assumed, and what resilience actually means when prevention fails.

    Because in cybersecurity, the most dangerous vulnerabilities are often the ones already documented. And already waiting.

    🎙 Guest CISO Co-Host

    Mark Dorsi

    Chief Information Security Officer

    Netlify

    https://www.netlify.com

    🤝 Sponsor Expert

    Kavitha Mariappan

    Chief Transformation Officer, Rubrik

    https://www.rubrik.com

    Rubrik delivers cyber resilience by securing data across enterprise, cloud, and SaaS environments, enabling organizations to recover quickly from cyber incidents and maintain operational continuity.

    🔎 Episode Topics

    • The Apache Struts vulnerability (CVE-2017-5638) and how it was exploited

    • Why patch management failures still drive catastrophic breaches

    • How attackers operated undetected inside Equifax systems for over two months

    • The difference between prevention failure and resilience failure

    • What security leaders must operationalize to avoid systemic exposure

    🧩 About The CISO Signal

    True cybercrime storytelling with real CISO lessons.

    ▶️ / @thecisosignal

    💼 / the-ciso-signal

    🌐 https://www.thecisosignal.com

    👥 Join the Conversation

    The CISO Signal Cybersecurity Leadership Forum

    / 17974008

    #CISOSignal #EquifaxBreach #CyberSecurity

    #DataBreach #PatchManagement #CyberResilience

    #CISO #TrueCybercrime
    Afficher plus Afficher moins
    43 min
  • The Age of Agentic Attacks | The GTG-1002 Campaign and the Birth of AI-Directed Cyber Espionage Operations

    The Age of Agentic Attacks | The GTG-1002 Campaign and the Birth of AI-Directed Cyber Espionage Operations
    Mar 18 2026
    The Age of Agentic AttacksThe GTG-1002 Campaign and the Birth of AI-Directed Cyber Operations🎙 With guest co-hosts Ev Kontsevoy, CEO and Co-founder of Teleport, and Marius Poskus Global VP of Cyber Security at Glow Financial ServicesFor years, attackers have used artificial intelligence.It helped them write malware faster.Scan networks more efficiently.Refine phishing campaigns.Automate reconnaissance.But the humans were still in charge.They chose the targets.They wrote the scripts.They decided what happened next.That era has ended.The GTG-1002 campaign revealed something new on the cybersecurity battlefield:Agentic attackers.Not tools.Not assistants.Autonomous attackers capable of planning, testing, refining, and executing operational steps with minimal human direction.Armies of them.Once deployed, these systems do not pause.They iterate.And they move at a speed no human operator can match.In September 2025, security teams at Anthropic began noticing unusual activity inside Claude Code, the company’s powerful AI coding system designed to help engineers write software and automate development tasks.At first glance, the activity looked legitimate.Infrastructure validation.Authentication testing.Compliance reviews.But the sessions ran deeper than expected.Prompts chained together in recursive loops.Scripts generated, executed, refined, and redeployed in rapid succession.Reconnaissance disguised as routine engineering workflows.The system was not simply answering questions.It was executing operational sequences.Investigators eventually linked the activity to a threat cluster designated GTG-1002, touching organizations across technology, finance, manufacturing, and government environments.Human operators were still present.But they were no longer directing every move.Instead, the system generated scripts, mapped environments, refined exploit logic, and iterated through operational pathways at machine speed.Tasks that once required weeks compressed into cycles measured in minutes.Anthropic detected abnormal behavior patterns and suspended the accounts. On November 13, 2025, the company publicly disclosed what it described as the first known large-scale AI-orchestrated cyber espionage campaign.Attribution remains assessed rather than proven. Some analysts noted characteristics consistent with Chinese state-aligned operations. Chinese officials denied involvement.But the geopolitical debate may not be the most important part of this story.Because the real significance of GTG-1002 is not simply that attackers used AI.It is that agentic systems began managing parts of the operation themselves.In this episode of The CISO Signal | True Cybercrime Podcast, host Jeremy Ladner is joined by Ev Kontsevoy, Co-founder and CEO of Teleport, and Marius Poskus, Global VP of Cyber Security and CISO at Glow Financial Services, to examine how agentic AI systems can be manipulated into operational roles, why identity and infrastructure controls become critical in an agentic world, and what security leaders must understand when trusted automation begins directing attack workflows.Because once cyber operations move at machine speed, the rules change.And the age of agentic attacks has already begun.🎙 Guest CISO Co-HostsMarius PoskusGlobal Vice President of Cyber Security | CISOGlow Financial Services Limitedhttps://www.glowservices.com🤝 Sponsor ExpertEv KontsevoyCo-founder & CEO, Teleporthttps://goteleport.comTeleport is the AI Infrastructure Identity company, providing a unified identity layer that orchestrates identities for humans, machines, workloads, and AI agents while eliminating static credentials from infrastructure.🔎 Episode Topics• The GTG-1002 AI-orchestrated espionage campaign• Claude Code and the rise of agentic attack workflows• How prompt manipulation can redirect autonomous AI systems• The difference between AI-assisted and AI-directed attacks• Why agentic systems compress attack timelines dramatically🧩 About The CISO SignalTrue cybercrime storytelling with real CISO lessons.▶️ / @thecisosignal 💼 / the-ciso-signal 🌐
    Afficher plus Afficher moins
    44 min
  • The AT&T Beijing Breach | Metadata Maps That Intelligence Services Want

    The AT&T Beijing Breach | Metadata Maps That Intelligence Services Want
    Mar 3 2026

    The AT&T Beijing Breach | Metadata Maps That Intelligence Services Want

    With guest co-host John Carse, Field CISO at SquareX

    In 2024, attackers did not steal call recordings.
    They did not intercept encrypted text messages.
    They went after something quieter.
    Call detail records.
    The outlines of conversations.
    Phone numbers.
    Timestamps.
    Durations.
    Cell tower connections.
    Metadata that, on its own, seems technical. Harmless. Operational.
    But at telecom scale, metadata becomes something else.
    Between April and early June 2024, attackers accessed systems containing call and text metadata tied to approximately 86 million AT&T customers. The intrusion was traced to a third-party cloud environment associated with AT&T’s data operations. Investigators later pointed to compromised credentials discovered in a Snowflake environment after a phishing attack and infostealer infection inside a vendor ecosystem.
    No ransomware encryption.
    No service outage.
    No dramatic system shutdown.
    Instead, approximately $370,000 in cryptocurrency was reportedly paid in an effort to prevent public exposure of the dataset.
    Some analysts linked the activity to a cluster labeled UNC5537.

    Other reporting mentioned data brokerage ecosystems such as ShinyHunters. Researchers, including those at Mandiant, urged caution on attribution, noting behavior consistent with criminal monetization rather than confirmed state-sponsored espionage.

    There is no public evidence that this dataset was used for intelligence operations.
    There is also no way to prove that it was not.

    Because telecom metadata does not just describe calls.
    It describes relationships.
    Who speaks to whom.
    How often.
    From where.
    Which towers were touched along the way.

    For criminals, that information enables SIM swapping, fraud, and targeted phishing.
    For nation states, it can illuminate social graphs, travel patterns, and networks of influence.

    In this episode of The CISO Signal | True Cybercrime Podcast, we examine how third-party access became the breach path, why metadata is often more strategically valuable than content, and what happens when operational data quietly becomes intelligence-grade material.
    This is not a story about encryption failing.
    It is a story about accumulation.

    🎙 Guest Co-Host
    John Carse
    Field CISO, SquareX
    Three-time CISO and host of Be Fearless: The CISO Perspective

    🔍 Episode Topics
    • What telecom metadata actually reveals beyond call content
    • Why large telecom providers are high-value intelligence targets
    • How third-party access and credential reuse created the breach path
    • Snowflake, vendor risk, and the anatomy of cloud miscalculation
    • The criminal data brokerage ecosystem and resale supply chains
    • Why metadata can be more operationally useful than call recordings
    • Inside the first 24 hours of executive response and board escalation
    • How security debt surfaces after a third-party breach
    • Why threat models must evolve when operational systems become intelligence repositories

    🧊 The Aftershock
    On July 12, 2024, AT&T publicly acknowledged the breach, confirming that call and text content were not accessed.
    But the exposure shifted the conversation.
    Privacy experts noted that metadata can reveal business relationships, political activity, religious observance, romantic connections, and movement patterns, without ever recording a single word.
    Later reporting connected the broader Snowflake-related campaign to individuals including John Erin Binns and Connor Moucka, though attribution questions remain complex and evolving.
    What makes the AT&T breach different is not technical spectacle.
    It is the quiet reality that behavioral data, once accumulated at scale, becomes strategic.
    Every organization that logs user behavior now holds a map.
    And every map attracts attention.

    🧩 About The CISO Signal
    True cybercrime storytelling with real CISO lessons.
    Subscribe so you never miss an investigation.
    👉 @thecisosignal
    👉 www.linkedin.com/company/the-ciso-signal
    👉 www.theCISOsignal.com

    #CISOSignal #ATTBreach #Metadata #Snowflake
    #CyberEspionage #ThirdPartyRisk #TelecomSecurity #CISO #TrueCybercrime
    Afficher plus Afficher moins
    35 min
Aucun commentaire pour le moment