Risky Business

Toni de la Fuente, founder of Prowler, dives into the complexities of cybersecurity, discussing recent breaches like the Coinbase data theft by a contractor. He shares insights on the importance of open-source tools and their adaptability for cloud security. The conversation highlights Telegram's crackdown on crime, the rising threat of phishing, and the challenges UK businesses face amid data vulnerabilities. Toni also introduces Prowler's exciting new features, including AI assistance for enhanced security checks.

Adam Bateman, Co-founder and CEO of Push Security, and Luke Jennings, Head of Research, dive into the critical world of identity security in modern browsers. They discuss the evolution of phishing techniques and the need for organizations to adapt their defenses. The duo explains how browser-based security solutions can monitor user interactions and protect against sophisticated threats. They also highlight the importance of safeguarding Single Sign-On (SSO) passwords and the complexities involved in securing identities across various platforms.

This week features Travis McPeak, Founder and CEO of Resourcely, who specializes in cloud security and Terraform management. They delve into the intriguing role of AI in SharePoint, revealing how Copilot could unintentionally leak sensitive data. The discussion also unpacks the evolving ransomware landscape, including shifts in group dynamics and the implications of recent high-profile attacks. Additionally, they highlight innovative research on vehicle hacking using Bluetooth vulnerabilities and emphasize the need for coordinated cloud security efforts, showcasing Resourcely's mission to streamline Terraform management.

Steve Stone, SVP of Threat Discovery and Response at SentinelOne, and Alex Stamos, CISO at SentinelOne, dive into the alarming tactics used by state adversaries against security vendors. They reveal how North Korea employs deceptive job applications to infiltrate, and explore the evolution of ransomware attacks that adapt to new security measures. The discussion covers the vulnerabilities in endpoint protection and cloud authentication, emphasizing the critical need for collaboration in combating these sophisticated cyber threats.

Aaron Unterberger, Director of Sales Engineering at Nucleus Security, dives into the complexities of vulnerability management in cloud environments. He discusses the shift from traditional practices to modern techniques, emphasizing the importance of a proactive approach and advanced tools for asset discovery. The conversation tackles the risks associated with cloud components, including the need for effective patch management and accountability. Unterberger also highlights how unified data can enhance cloud risk management, proving essential in today’s complex digital landscape.

Senator Mark Warner, Vice Chair of the Senate Select Committee on Intelligence, dives into the pressing issues of Signalgate and cyber threats from China. He argues for a more assertive U.S. response to the Volt Typhoon campaign and critiques tariff impacts on American alliances. Warner emphasizes the sanctity of the Five Eyes alliance and discusses the potential dangers of using unapproved communication platforms. The conversation also touches on the need for bipartisan support in maintaining integrity within intelligence operations while countering disinformation.

Adam Pointon, CEO of Knocknoc, shares insights on the vital security enhancements unlocked by IPv6. He emphasizes its role in enabling zero-trust access control and network isolation for critical systems. The discussion also touches on severe vulnerabilities found in Apple's AirPlay, highlighting ongoing challenges in cybersecurity. Pointon explains how Knocknoc's technology enhances firewall management and the adoption hurdles of IPv6. His engaging narrative sheds light on the innovative approaches needed in the evolving landscape of network security.

In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products: LimaCharlie: A public cloud for SecOps Honeywell Cyber Insights: An OT security/discovery solution Fortra’s CobaltStrike and Outflank: Security tooling for red teamers This episode is also available on Youtube. Show notes

In this discussion, Chris Horsley, Founder of Cosive, shares insights on hosting MISP servers in the cloud, freeing cybersecurity teams from outdated hardware. Alex Lawrence, from Sysdig, unveils innovations enhancing Linux security in cloud environments. Oliver Friedrichs, CEO of Pangea, tackles pressing concerns around AI applications, discussing the importance of guardrails to prevent rogue outputs and protect sensitive data. The trio emphasizes the evolving landscape of cybersecurity, underscored by collaboration and AI integration.

Rob Joyce, former NSA Cybersecurity Director, discusses the fallout from Trump targeting Chris Krebs for his election security stance. The implications for the cybersecurity industry are alarming, with potential chilling effects on public safety. Fletcher Heisler, CEO of Authentik, dives into the complexities of the identity ecosystem and how innovative solutions are emerging to tackle these challenges. They also touch on recent cyber threats, including ransomware trends and the ongoing push for accountability in the spy industry.