Every Tuesday at 1 PM ET, Red Canary Co-founder Keith McCammon and CISO Dave Farrow tackle cybersecurity news and industry trends with special guests and exclusive operational insights.

June’s episodes covered a range of adversary tradecraft, from attacks targeting software developers to the latest lures in ongoing paste-and-run campaigns. We’ve embedded them all here for your viewing pleasure.

Episode 18: How to mitigate privileged user attacks

Keith and Dave welcome Justin Steven from Tanto Security to discuss the threat landscape specific to developers. Justin touches on vulnerabilities in software development tools like Visual Studio Code, along with the risks of unverified software and the necessity for non-technical solutions to validate identities.

Episode 19: ClickFix, fake CAPTCHA, and malvertising

Keith shares the latest operational insights into paste-and-run (aka ClickFix and fakeCAPTCHA) lures, then breaks down a malvertising campaign that ends with CleanUpLoader as a final payload.

Episode 20: June Intelligence Insights and Mocha Manakin

Keith welcomes Senior Intelligence Analyst Stef Rand to break down June’s Intelligence Insights. After walking through the 10 top threat list, Stef introduces Mocha Manakin, a new threat tracked and named by Red Canary that delivers a custom NodeJS backdoor via paste and run.

Episode 21: Social engineering survival guide

Dave welcomes Red Canary’s Senior Manager of Intelligence Alex Berninger to talk all things social engineering, providing actionable guidance on how to educate your organization about email bombing and paste-and-run campaigns. Check out our free handout with customizable templates for user awareness training.