Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks
  • 5,0 (1)
  • TIN TỨC CÔNG NGHỆ
  • HẰNG TUẦN

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

  1. WSUS RCE: Update Weaponized

    2 NGÀY TRƯỚC

    WSUS RCE: Update Weaponized

    Attackers are abusing a WSUS flaw - Microsoft’s Windows Server Update Services - to detonate PowerCat, spawn reverse shells, and plant ShadowPad. All from the update server your entire Windows estate trusts by default. One weak crypto key and a broken deserialization function let attackers hit your WSUS server with unauthenticated SYSTEM-level code execution. Chinese APT groups are already exploiting it to drop malware in memory, blend into legitimate WSUS traffic, and pivot deeper into the network. Yes WSUS patch exists, but even if you patch it today, the real problem remains:Your WSUS server is a high-value target with high-trust pathways - and most environments expose it far more than they think. Watch host Lieuwe Jan Koning - with Blue Team expert Rob Maas and Red Team lead Luca Cipriano - break down how the exploit works, how attackers chain it into real-world intrusions, and the Zero Trust fixes that actually matter. (00:00) - Intro (01:03) - What is a WSUS server? (02:48) - The WSUS vulnerability (05:49) - What is deserialization? (08:17) - What to do about this vulnerability (10:52) - How attackers are exploiting it (18:42) - Real-world harm (19:16) - Final advice & defense strategy Key Topics Covered• How one WSUS flaw enables unauthenticated RCE as SYSTEM• The attack chain: crafted payload → deserialization → PowerCat → ShadowPad• Why update servers are high-value pivot points for APT groups• How Chinese APTs weaponized this vulnerability in real-world intrusions• Zero Trust protections: segmentation, egress control, EDR/XDR detection• How to secure Microsoft Windows Server Update Services (WSUS patching best practices)Episodes Mentioned• China Nexus Barracuda Hack: https://www.youtube.com/watch?v=4X9AmBhOmSA• APT Sand Eagle: https://youtu.be/U5qdERmvEwg?si=kdsCJDNkGjs6Lklz• APT 44 / Seashell Blizzard: https://youtu.be/JqA0Irspxrc?si=nnJpz7VnLtz38LN4• APT Handala: https://youtu.be/XYf-SMhQdDc?si=WpIE0h9Q-pokz0MD Guest & Host LinksRob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/ Additional ResourcesThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/ams Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques. Click here to view the episode transcript. 🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirthttps://threat-talks.com/ 🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    23 phút
  2. Bad Successor: The Service Account Flaw to Watch

    9 THG 12

    Bad Successor: The Service Account Flaw to Watch

    It was built to secure service accounts.Instead, it became the cleanest privilege-escalation vector of 2025. They called it Bad Successor (A.K.A. CVE-2025-53779). A new “secure by design” feature in Windows Server 2025 -DMSA -was supposed to fix service account hygiene. Instead, it introduced a loophole where attackers could claim successor status, skip password requirements, and silently inherit elevated rights from any target account. Including domain admin. Even after Microsoft patched the issue, the deeper risk remains:Service accounts are over-privileged, under-monitored, and dangerously trusted -and adversaries know it. This isn’t a niche AD misconfiguration. It’s a privilege-escalation design flaw hiding inside a security feature, and a warning shot for every environment leaning on default trust in the identity layer. Watch host Rob Maas, Field CTO at ON2IT, and Luca Cipriano, CTI & Red Team Lead at ON2IT break down how Bad Successor works, how attackers exploited it, and what a Zero Trust AD strategy actually looks like in 2025. (00:00) - Intro & why service accounts still matter (00:46) - What are service accounts really for? (01:31) - DMSA explained: Microsoft’s new managed service account (02:56) - How DMSA migration works (the phone-migration analogy) (04:40) - What is Bad Successor & why it matters (08:00) - How widespread is this vulnerbility? (11:42) - – Microsoft’s patch & post-patch stealth paths – is the patch working? (14:03) - Defending AD: patching, OU permissions & logging (15:23) - Is Bad Proccessor the biggest active directory attack in your tool box? Key Topics Covered• How a security upgrade became a privilege-escalation vector.• Why service account security failures create invisible attack paths.• The real DMSA abuse chain: child objects → successor claim → domain admin.• Zero Trust defenses for AD: permissions, logging, rotation, least privilege.Got your attention?Subscribe to Threat Talks and turn on notifications for deep dives into the world’s leading cyber threats and trends. Guest and Host Links:Rob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/ Additional ResourcesThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/ams Click here to view the episode transcript. 🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirthttps://threat-talks.com/ 🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    17 phút
  3. From Hacker to Hero

    3 THG 12

    From Hacker to Hero

    What if your next great cyber defender is a teenager gaming in their bedroom right now? In this Threat Talks episode, Lieuwe Jan Koning and former FBI Supervisory Special Agent William McKean (founder of The Redirect Project) explore how young digital natives go From Hacker to Hero. They chart the journey from gaming and online communities to risky first hacks and real-world intrusions. Then they show how to redirect that curiosity away from cybercrime and into ethical hacking, cyber defense, and a Zero Trust mindset at home and at work. You’ll get practical questions to ask kids, simple “safe word” tactics, and concrete steps security leaders can use to grow defenders instead of future attackers. Key Topics CoveredFrom gamer to attacker: How curiosity, gaming communities and digital “mentors” funnel kids into cybercrime, and how to redirect that path toward ethical hacking. Psychology of recruitment: Why belonging, status and rewards override an undeveloped moral compass, and how grooming patterns mirror terrorism and gang recruitment. Parent & educator playbook: Practical ways to talk about online life, spot early warning signs, use “safe words,” and apply a Zero Trust mindset at home. Diversion, not destruction: How programs like The re_direct Project, HackShield, re_B00TCMP, Hack_Right, and The Hacking Games turn justice-involved kids into defenders instead of life-long offenders. (00:00) - - Introduction (01:25) - - What does FBI’s cyber division do (05:40) - - Children as hackers (08:14) - - From hacker to helper (10:31) - - It all starts with curiosity (17:56) - - What about AI development (21:27) - - Other mechanisms to worry about (22:32) - - 27:17 What can we do to help (27:17) - - The re_direct Project (33:45) - - What should the consequences be for child hackers (37:09) - - Recommendations for parents (42:02) - - What can organizations do Additional ResourcesON2IT & Threat Talks• ON2IT – Zero Trust Innovators: https://on2it.net/• Zero Trust as a Service: https://on2it.net/zero-trust/• Threat Talks podcast hub: https://threat-talks.com/ Episode Guest & Projects Mentioned• The re_direct Project (youth cyber diversion & mentorship): https://www.redirectproject.org/ • HackShield (elementary school cyber game): https://www.hackshieldgame.com/ • Dutch Police re_B00TCMP “Reboot Camp”: https://www.politie.nl/informatie/re_b00tcmp.html • Hack_Right juvenile cyber program: https://www.om.nl/onderwerpen/cybercrime/hack_right • The Hacking Games (ethical hacker esports): https://www.thehackinggames.com/  If this episode helped you rethink your From Hacker to Hero strategy for your family or your workforce, don’t forget to hit Like, subscribe to Threat Talks. Click here to view the episode transcript. 🔔 Follow and Support our channel! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirt https://threat-talks.com/ 🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    45 phút
  4. The Npm Worm Outbreak

    25 THG 11

    The Npm Worm Outbreak

    The world’s biggest open-source ecosystem - npm - faced its first self-spreading worm. They called it Shai Hulud. It didn’t just infect one package. It infected developers themselves. When a maintainer got phished, the worm harvested credentials, hijacked tokens, and created new CI/CD workflows to keep spreading - automatically. No command-and-control. No manual uploads. Just a chain reaction across the npm registry. And while the world was busy shouting about “2.6 billion downloads affected,” this real threat was quietly exfiltrating GitHub, cloud, and npm secrets - right under everyone’s nose. This isn’t just another npm story. It’s the first-ever self-replicating supply chain worm - and a wake-up call for every developer and security team building in the open. Watch host Rob Maas (Field CTO, ON2IT) and Yuri Wit (SOC Analyst, ON2IT)  break down how it started, how it spread, and how to make sure your pipeline isn’t the next one to go viral. (00:00) - Intro, welcome & what npm is (00:01) - Crypto drainer: how it worked, maintainer phish & real impact (00:05) - “Shai Hulud” worm: credential harvesting & package spread (00:07) - Hype vs reality: the “2.6 billion downloads” myth & media reaction (00:10) - Defenses: dependency strategy & CI/CD workflow alerts (00:14) - Secrets hygiene, OS targeting (Windows exit), end-user/EDR tips & takeaways Key Topics CoveredHow a maintainer phish and TOTP capture led to a crypto drainer in npm.Why Shai Hulud’s credential harvesting + CI/CD persistence makes it high-impact.Practical defenses: pin/review dependencies, CI/CD change alerts, secret rotation, egress monitoring.What developers vs. end users can (and can’t) do in supply-chain attacks.Got your attention?  Subscribe to Threat Talks and turn on notifications for more content on the world’s leading cyber threats and trends. Guest and Host Links:  Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/   Yuri Wit (SOC Analyst, ON2IT): https://www.linkedin.com/in/yuriwit/     Additional Resources Threat Talks: https://threat-talks.com/ ON2IT (Zero Trust as a Service): https://on2it.net/ AMS-IX: https://www.ams-ix.net/ams npm: https://www.npmjs.com/ Node.js: https://nodejs.org/ GitHub Docs: Actions & Workflows: https://docs.github.com/actions MetaMask: https://metamask.io/ OWASP Dependency Management: https://owasp.org/www-project-dependency-check/ SLSA Supply-chain Levels for Software Artifacts: https://slsa.dev/ Click here to view the episode transcript.

    18 phút
  5. Inside the SalesLoft Breach

    18 THG 11

    Inside the SalesLoft Breach

    You were promised safe SaaS - but got silent data loss.In Inside the Salesloft Breach, Rob Maas and Luca Cipriano expose how trusted integrations became the attack vector. They trace how vishing calls, trojanized Salesforce tools, and GitHub-to-AWS pivots gave attackers OAuth access and drained CRMs without a single alert. You’ll hear how Drift integrations and bulk SOQL queries quietly moved data out of sight, while audit trails and API metadata disappeared.If you need provable control over data exfiltration and a narrative your board will understand, this is your playbook. Turn Zero Trust from slogan to stop - with IP allowlists, app inventories, token telemetry, and shared responsibility that actually blocks abuse at the source. (00:00) - Cloud first did not mean data safe. (00:45) - What Salesforce is and why attackers target it. (02:00) - Campaign one. Vishing and a trojanized data loader to OAuth access. (04:15) - Campaign two. Salesloft and Drift path from GitHub to AWS to Salesforce tokens. (07:00) - Impact and cover up. 700 plus orgs hit and API job metadata removed. (09:10) - Who was involved. ShinyHunters, Scattered Spider, Lapsus, and legal fallout. (11:00) - Zero Trust actions. IP allowlisting, app inventory, token monitoring, staff education, shared responsibility. Key Topics Covered:•  How one sign-in token became a master key for your CRM.•  The attacker’s route: from code repo → cloud → Salesforce → data exfiltration.•  What shared responsibility means in SaaS — and what’s actually on you.•  What truly stops it: trusted apps only, IP allowlists, short-lived tokens, and continuous monitoring.Found value and want outcome focused guidance every week? Subscribe to Threat Talks, turn on notifications and add your questions for the next deep dive Guest and Host Links: Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT): https://www.linkedin.com/in/luca-c-914973124/ Click here to view the episode transcript. Additional resources:Threat Talks https://threat-talks.com/ON2IT https://on2it.net/?AMS IX https://www.ams-ix.net/amsSalesforce https://www.salesforce.com/Salesloft https://www.salesloft.com/Drift https://www.drift.com/Okta https://www.okta.com/Have I Been Pwned https://haveibeenpwned.com/ 🔔 Follow and Support our channel! 🔔=== ► YOUTUBE:  / @threattalks  ► SPOTIFY: https://open.spotify.com/show/1SXUyUE...► APPLE: https://podcasts.apple.com/us/podcast... 👕 Receive your Threat Talks T-shirthttps://threat-talks.com/ 🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    22 phút
  6. The App Store Nightmare: Why AI MCP Stores Are a Trap

    11 THG 11

    The App Store Nightmare: Why AI MCP Stores Are a Trap

    The new AI app store is here - and it’s already making choices for your company. This episode shows you how to spot it, stop it, and stay safe. Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing. Real cases, real damage: Postmark MCP backdoor - secretly BCC’d emails (email copies)Shadow Escape - “zero-click” data theft from a hidden promptkubectl chaos - a command mistake that can wipe serversYour quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode. Key topics covered: ·       The app storenightmare: a new AI app store you don’t control ·       How a tricked document can make your AI act against you ·       A simple ZeroTrust plan anyone can start today ·       How to cut tool sprawl, cost, and risk—without slowing the team If you use ChatGPT, Claude, or Gemini at work, this is your survival brief. Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance.   Guest and Host Links:  Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/  Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/  Click here to view the episode transcript. Additional Resources:Threat Talks: https://threat-talks.com/ ON2IT (Zero Trust as a Service): https://on2it.net/ AMS-IX: https://www.ams-ix.net/ams Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/ Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.html If this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.

    35 phút
  7. The Secret Diplomats Fighting Cyber Wars

    4 THG 11

    The Secret Diplomats Fighting Cyber Wars

    Cyber defense doesn’t just happen in code. It’s shaped in conversation. Behind every cyber norm or sanction, there’s a diplomat working to stop digital wars before they start.   In this episode of Threat Talks, Lieuwe Jan Koning (CTO & co-founder of ON2IT) sits down with Ernst Noorman, Ambassador at Large for Cyber Affairs for the Kingdom of the Netherlands. They reveal how backchannel talks, sanctions, and shared rules define what countries can and can’t do in cyberspace, and what CISOs can learn from a diplomat’s playbook. This isn’t patch management. It’s peacekeeping in real time. What You’ll Learn (From Real-Life Example Discussions) What a cyber ambassador actually does – and why every nation needs one.How diplomacy helps prevent cyber conflicts between world powers.Why UN-backed cyber norms matters even when nations ignore them.How global collaboration builds cyber resilience, from Ukraine to Asia.What businesses can learn from diplomats about cooperation and intelligence sharing. (00:00) - - 02:29 - Intro (02:29) - - 03:46 - What is the role of a cyber ambassador? (03:46) - - 09:13 - What diplomacy achieves (09:13) - - 10:07 - The US and cyber diplomacy (10:07) - - 11:51 - Asian countries and their approach to cyber crime (11:51) - - 15:47 - The five ‘don’t’s and eight ‘do’s’ at UN level (15:47) - - 19:52 - What happens if someone violates a rule? (19:52) - - 21:09 - Helping Ukraine with cyber resilience + the Tallinn mechanism (21:09) - - 23:01 - Efforts against disinformation (23:01) - - 26:22 - How to ensure information integrity (26:22) - - 29:12 - What is the Brussels Effect? (29:12) - - 30:13 - Common ground on worldwide subjects (30:13) - - 30:35 - Treasure hunt (30:35) - - 34:51 - Diplomacy and skepticism (34:51) - - 37:59 - A European Splinternet - how realistic is this? (37:59) - - 39:07 - The Cyber Resilience Act and China (39:07) - - 47:23 - Initiatives to look forward to (47:23) - - 48:53 - Outro Related ON2IT Content & Referenced ResourcesON2IT: https://on2it.net/Threat Talks: https://threat-talks.com/AMS-IX: https://www.ams-ix.net/amsLieuwe Jan Koning: https://www.linkedin.com/in/lieuwejan/ Ernst Noorman: https://www.linkedin.com/in/ernst-noorman-b630ab6/  If this episode gave you a new view on global cybersecurity, subscribe to Threat Talks. Share it with your team – because in a connected world, every company plays a role in cyber peace. Click here to view the episode transcript.

    49 phút
  8. Patch Smarter, Not Harder

    28 THG 10

    Patch Smarter, Not Harder

    Patch smarter, not harder.Lieuwe Jan Koning and ON2IT Field CTO Rob Maas break down why “patch everything now” isn’t a strategy, but a risk multiplier. In this session, they teach a practical patching strategy: know your assets, patch edge first, stage updates, and use Zero Trust segmentation to choke off exposure so you only patch what truly matters: fast, safely, and without outages. (00:00) - 01:11 - Intro (01:11) - - 02:28 - Reality check #1: Not everything can be patched (02:28) - - 05:02 - Reality check #2: Patches are scary (05:02) - - 08:45 - The solution: Patch in phases (08:45) - - 10:36 - How Zero Trust enables patch management (10:36) - - 11:23 - Prioritization matters (11:23) - - 14:50 - Patching tips and tricks (14:50) - - 16:21 - Guidelines for patching triage (16:21) - - 17:37 - Practical advice (17:37) - - END - Outro Key Topics Covered ·       Why “patch everything immediately” fails; availability vs. security ·       Staged deployments and rollback safety for crown-jewel services ·       Zero Trust segmentation to reduce urgency and shrink attack surface ·       Priority signals that matter: asset criticality, exposure, KEV, CVSS Related ON2IT content & explicitly referenced resources ON2IT Zero Trust: https://on2it.net/zero-trust/ Threat Talks (site): https://threat-talks.com/ CVSS (FIRST): https://www.first.org/cvss/ CISA guidance – Citrix/NetScaler (Citrix Bleed example): https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed Crowdstrike episode: https://youtu.be/IRvWVg1lSuo?si=f8Sj6WYG0KNxlkJD  Click here to view the episode transcript.

    18 phút
Xem tất cả (101)

Trailer

Giới Thiệu

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Thông Tin