Risky Business

Toni de la Fuente, Founder of Prowler, dives into cloud security innovations and the new support for Microsoft 365 in Prowler. He discusses how the tool enhances security for services like OneDrive and SharePoint. The conversation highlights Apple's recent memory integrity enforcement, which complicates exploit attempts and fortifies device security. Toni also explores the rise of ransomware attacks and the importance of accountability in cybersecurity. With humorous insights into the complexities of NPM supply chain attacks, this episode is both informative and engaging.

Damien Lewke, CEO of Nebulok, highlights how their AI threat hunting platform uncovers hidden attacker activities beyond traditional detection methods. Austin Gadient, CTO of Vali Cyber, discusses ZeroLock, a hypervisor security solution designed to combat ransomware threats in virtual environments. Stephen Dowie from Cape presents a privacy-focused mobile network that prioritizes user anonymity and data security, directly challenging the shortcomings of typical American cell providers. Their innovative approaches aim to reshape cybersecurity and mobile communication.

Edward Wu, the Founder and CEO of Dropzone.AI, joins the discussion as they explore the cybersecurity landscape. They dive into the implications of the Salesloft breach, addressing OAuth security challenges and its effects on client data. Wu shares insights on how AI-driven tools can significantly aid smaller organizations in enhancing their security measures. The conversation also touches on the ongoing struggles of cyber warfare and ransomware, emphasizing the importance of innovative solutions for those facing resource constraints.

Greg Bell, Chief Strategy Officer at Corelight, dives into the intriguing intersection of AI and network security. He explains how AI is streamlining the analysis of packet logs, making cybersecurity investigations more efficient. The discussion veers into the complexities of hacking attributions, particularly the mislabeling of perpetrators, such as a supposed DPRK hacker likely being Chinese. Additionally, advanced techniques for embedding covert instructions in digital media hint at the evolving challenges in cybersecurity. It's a riveting look at the future of data security!

In this discussion, cybersecurity experts Alex Stamos, former CISO at Yahoo and Facebook, and Chris Krebs, founding director of CISA, dive deep into Microsoft's controversial ties with Chinese engineers. They uncover how these collaborations raise unsettling national security concerns, particularly regarding the integrity of military cloud systems. Stamos and Krebs also debate the tricky balance between ethical business practices and profit in China’s tech landscape. The conversation highlights implications for trust, transparency, and the tech industry’s future.

Fletcher Heisler, CEO of Authentik and an expert in open-source identity solutions, shares his insights on the intricacies of implementing SSO across different operating systems. He reveals surprising challenges that varied significantly between Windows, Mac, and Linux. The discussion also touches on the broader cybersecurity landscape, including recent issues surrounding Oracle's departing CSO and the critical need for robust identity management solutions. Tune in for a blend of technical challenges and industry insights!

Feross Aboukhadijeh, the founder and CEO of Socket, dives into the complexities of software supply chain security. He discusses how to measure the reachability of vulnerabilities in applications, emphasizing the importance of knowing whether a CVE actually impacts your project. Feross shares insights on the evolution of Socket from tracking malicious packages to tackling CVEs. He also highlights challenges in navigating legacy applications and the critical need for effective detection of malicious packages, advocating for a nuanced approach to software security.

Justin Kohler, Chief Product Officer at SpecterOps and the mastermind behind Bloodhound, dives into the world of cybersecurity vulnerabilities and innovations. He discusses the urgent alerts around Microsoft Exchange systems and the risks of integrating legacy and cloud-based applications. Kohler also unveils Bloodhound's latest enhancements, including expanded attack path modeling, and the collaborative efforts within the cybersecurity community. Expect insights into the evolution of identity attacks and how new tools aim to secure complex infrastructures more effectively.

Sean Ollerton, Head of Solutions at Devicie, shares insights on the end of Windows 10's mainstream support and the transition to Windows 11. He reassures listeners that the new OS isn't as daunting as it's made out to be. The discussion also addresses the urgency of updating to Windows 11, emphasizing potential security risks in remaining on an unsupported system. Additionally, the rise of AI in cybersecurity is explored, highlighting its impact on bug detection and the need to balance AI tools with human expertise.

Josh Kamdjou, CEO of Sublime Security, dives into the intricate world of AI in cybersecurity. He candidly discusses how AI can enhance security while also acknowledging its limitations. The conversation highlights the critical balance between AI and human oversight, emphasizing that no AI can compensate for poor product design. They explore the challenges and innovations in email security, including the evolution of real-time detection systems and the complexities of automating incident responses, complete with humorous anecdotes about AI mishaps.