Risky Business

Haroon Meer, Founder of Thinkst Canary, emphasizes the need for transparency in vendor security practices. He argues that companies must demonstrate how they secure their architecture instead of relying on vague assurances. The discussion touches on the importance of accountability, with Meer advocating for pen tests and ongoing audits from vendors. They also explore innovative security designs like allowlisting and honeypots, highlighting recent updates to Thinkst Canary's cloud platforms.

In this engaging discussion, security journalist Adam Boileau sheds light on the recent drama between FFmpeg and Google over vulnerability disclosures. He advocates for clearer responsibilities among researchers and larger firms regarding bug fixes. The episode also explores OpenAI's Aardvark system and its innovative approach to bug hunting, alongside critical conversations about arrests of ransomware responders and the resurgence of notorious hackers. Adam's insights into the evolving landscape of cybersecurity make this chat both informative and captivating.

Adam Boileau, a security researcher known for his insights into cyber incidents, joins Matt Muller, Field CISO at Tines, to discuss the week’s biggest cybersecurity news. They tackle the shocking allegations against an L3Harris executive accused of selling exploits to Russia and dissect a serious patch exploit impacting Microsoft WSUS. Adam also unveils how predictable PRNG flaws have revived DNS cache poisoning threats. Meanwhile, Matt elaborates on Tines' innovative use of AI in streamlining SOC workflows and enhancing automation.

Jacques Louw, co-founder and Chief Product Officer at Push Security, dives into a LinkedIn phishing campaign that targeted CEOs. He explains how compromised contacts initiated complex phishing chains, exploiting Google and Microsoft services. Louw also highlights Push's browser-centric detection techniques, including session tracing that reconstructs user navigation, enhancing the early identification of similar attacks. The discussion emphasizes the importance of tracking origin links to sharpen detection capabilities and provide actionable insights.

In this discussion, cybersecurity experts Alex Stamos and Chris Krebs delve into the F5 hack and its implications. Stamos shares insights on why low-rated vulnerabilities can still pose serious threats. Krebs highlights the risks associated with private equity ownership of cybersecurity firms, underscoring potential exploitation. The two also address the importance of corporate response strategies post-breach and the role of AI in securing outdated codebases. Their dynamic dialogue sheds light on the evolving landscape of cybersecurity challenges and solutions.

In this insightful discussion, Johan Gerber, Executive Vice President at Mastercard, dives deep into the company’s strategic pivot into cybersecurity. He reveals why Mastercard invested $2.65 billion in threat intelligence, explaining their proactive measures against fraud and malware, including dark web monitoring. Johan shares how they collaborate with banks and governments, and discusses the impact of ransomware on small businesses. He also touches on the role of AI in enhancing defensive strategies against evolving cyber threats.

Mike Wiacek, Founder of Stairwell, shares insights on enhancing cybersecurity with their file-analysis platform, providing VirusTotal-like visibility for private files. The discussion highlights the surge in data extortion compared to ransomware, with recent high-profile breaches like Qantas and Discord. Wiacek explains how Stairwell integrates AI to improve threat-hunting efficiency and reduce false negatives. The conversation touches on the implications of government actions against leaked data and how organizations can proactively utilize Stairwell for better security outcomes.

Pete Martin, CEO of Realm Security, delves into AI-native security data pipelines, aiming to cut SIEM costs while optimizing log delivery. Snehal Antani from Horizon3 introduces autonomous AI hackers that demonstrate the real-world impact of vulnerabilities, showing how they outperform traditional scanners. Dimitri Greco of Persona discusses innovative identity verification techniques, including live ID checks and deepfake defenses. Together, they explore cutting-edge security solutions that push the boundaries of technology and fraud prevention.

In a twist of irony, hackers offering money to a journalist only lead to a juicy story. A surprising arrest links a middle-aged man to airport chaos, raising eyebrows. Georgia Tech researchers reveal the dark side of Tile trackers fueling stalking dangers. Meanwhile, the UK's CISA urges agencies to swiftly patch Cisco flaws, highlighting vulnerabilities. Adam captures attention discussing the risks of bribing insiders, while Amberleigh covers the shocking $7 billion Bitcoin seizure tied to a crypto scam. A cyberattack disrupts operations for Asahi, showcasing the far-reaching impacts of digital crime.

Rob Joyce, a former NSA senior official and cybersecurity expert, joins to discuss major security news, including the Secret Service's takedown of a New York SIM farm and MI6's dark web recruitment portal. They dive into a significant vulnerability in Entra ID that could grant unauthorized access across tenants. In a sponsor segment, Josh Kamdjou, CEO of Sublime Security, shares insights on AI-driven email security, emphasizing the trade-offs and strategies for deploying effective detection methods.