Sign up to save your podcasts
Or
Share The Adversarial Podcast Ep. 19 – AI-Powered Cybercrime, CISO job market, the BYOL elephant in the room
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Adversarial Podcast Ep. 19 – AI-Powered Cybercrime, CISO job market, the BYOL elephant in the room
⬇️ See below for timestamps/summaries/references for each topic
00:00 Highlight/theme
00:37 Intro
01:37 Malvertising campaign leads to info stealers hosted on GitHub
11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals
24:02 What Really Happened With the DDoS Attacks That Took Down X
28:34 Bring-your-own-laptop policies
40:41 Are WAFs useful or are they just another TPRM box to check?
46:59 Is the CISO job market warming up?
Malvertising campaign leads to info stealers hosted on GitHub
Microsoft Threat Intelligence uncovered a large-scale malvertising campaign in December 2024, affecting nearly one million devices globally. The attack originated from illegal streaming sites embedding malvertising redirectors, which funneled users to GitHub-hosted malware, with additional payloads delivered via Discord and Dropbox. This multi-stage attack leveraged info stealers like Lumma and Doenerium, along with remote monitoring tools, using advanced evasion techniques to steal system and browser data while maintaining persistence on compromised devices.
📖 References: https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
Wall Street is worried it can't keep up with AI-powered cybercriminals
A survey by Accenture found that 80% of bank cybersecurity executives believe generative AI is enabling cybercriminals faster than banks can respond. While banks invest billions in cybersecurity, they struggle to keep pace due to strict regulations and the rapid advancement of AI-powered scams that target customers, employees, and vendors. Cybercriminals exploit generative AI to craft sophisticated attacks, infiltrate supply chains, and identify vulnerabilities, making third-party risk a major concern for financial institutions.
📖 References: https://www.businessinsider.com/banks-ai-cybersecurity-threats-hackers-generative-ai-2025-3
What Really Happened With the DDoS Attacks That Took Down X
X experienced intermittent outages due to a series of DDoS attacks, which Elon Musk attributed to Ukrainian IP addresses, though cybersecurity experts argue that IP attribution alone is unreliable. Analysts suggest the attacks targeted improperly secured X origin servers, allowing a botnet of compromised cameras and DVRs to bypass Cloudflare protection. While a pro-Palestinian group claimed responsibility, experts emphasize that the attack’s true origin remains unclear due to the decentralized nature of botnets and the use of obfuscation techniques.
📖 References: https://www.wired.com/story/x-ddos-attack-march-2025/
View all episodes
By Jerry Perullo, Sounil Yu, Mario Duarte
5
2222 ratings
⬇️ See below for timestamps/summaries/references for each topic
00:00 Highlight/theme
00:37 Intro
01:37 Malvertising campaign leads to info stealers hosted on GitHub
11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals
24:02 What Really Happened With the DDoS Attacks That Took Down X
28:34 Bring-your-own-laptop policies
40:41 Are WAFs useful or are they just another TPRM box to check?
46:59 Is the CISO job market warming up?
Malvertising campaign leads to info stealers hosted on GitHub
Microsoft Threat Intelligence uncovered a large-scale malvertising campaign in December 2024, affecting nearly one million devices globally. The attack originated from illegal streaming sites embedding malvertising redirectors, which funneled users to GitHub-hosted malware, with additional payloads delivered via Discord and Dropbox. This multi-stage attack leveraged info stealers like Lumma and Doenerium, along with remote monitoring tools, using advanced evasion techniques to steal system and browser data while maintaining persistence on compromised devices.
📖 References: https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
Wall Street is worried it can't keep up with AI-powered cybercriminals
A survey by Accenture found that 80% of bank cybersecurity executives believe generative AI is enabling cybercriminals faster than banks can respond. While banks invest billions in cybersecurity, they struggle to keep pace due to strict regulations and the rapid advancement of AI-powered scams that target customers, employees, and vendors. Cybercriminals exploit generative AI to craft sophisticated attacks, infiltrate supply chains, and identify vulnerabilities, making third-party risk a major concern for financial institutions.
📖 References: https://www.businessinsider.com/banks-ai-cybersecurity-threats-hackers-generative-ai-2025-3
What Really Happened With the DDoS Attacks That Took Down X
X experienced intermittent outages due to a series of DDoS attacks, which Elon Musk attributed to Ukrainian IP addresses, though cybersecurity experts argue that IP attribution alone is unreliable. Analysts suggest the attacks targeted improperly secured X origin servers, allowing a botnet of compromised cameras and DVRs to bypass Cloudflare protection. While a pro-Palestinian group claimed responsibility, experts emphasize that the attack’s true origin remains unclear due to the decentralized nature of botnets and the use of obfuscation techniques.
📖 References: https://www.wired.com/story/x-ddos-attack-march-2025/
More shows like The Adversarial Podcast
View all
Acquired
4,304 Listeners
Odd Lots
1,865 Listeners
Decoder with Nilay Patel
3,148 Listeners
Risky Business
375 Listeners
CyberWire Daily
1,016 Listeners
Click Here
416 Listeners
Darknet Diaries
8,010 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Your Undivided Attention
1,584 Listeners
Cyber Security Headlines
134 Listeners
Hard Fork
5,470 Listeners
The Big Take
156 Listeners
Prof G Markets
1,327 Listeners