CyberWire Daily - No hocus pocus—MagicINFO flaw is the real threat.

Episode Date: May 6, 2025

A critical flaw in a Samsung’s CMS is being actively exploited. President Trump’s proposed 2026 budget aims to slash funding for CISA. “ClickFix” malware targets both Windows and Linux systems... through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited in the wild. A new supply-chain attack targets Linux servers using malicious Go modules found on GitHub. The Venom Spider threat group targets HR professionals with fake resume submissions. The Luna Moth group escalates phishing attacks on U.S. legal and financial institutions. The U.S. Treasury aims to cut off a Cambodia-based money laundering operation. Our guest is  Monzy Merza, Co-Founder and CEO of Crogl, discussing the CISO's conundrum in the face of AI. Malware, mouse ears, and mayhem: Disney hacker pleads guilty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Monzy Merza, Co-Founder and CEO of Crogl, who is discussing the CISO's conundrum—the growing challenge of securing organizations in a world where AI rapidly expands both the number of users and potential adversaries.Selected Reading Samsung MagicINFO Vulnerability Exploited Days After PoC Publication (SecurityWeek) Trump would cut CISA budget by $491M amid ‘censorship’ claim  (The Register) New ClickFix Attack Mimics Ministry of Defense Website to Attack Windows & Linux Machines (Cyber Security News) Critical Vulnerability in AI Builder Langflow Under Attack (SecurityWeek) Linux wiper malware hidden in malicious Go modules on GitHub (Bleeping Computer) Malware scammers target HR professionals with Venom Spider malware (SC Media) Luna Moth extortion hackers pose as IT help desks to breach US firms (Bleeping Computer) US Readies Huione Group Ban Over Cybercrime Links (GovInfo Security) Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the CyberWire Network, powered by N2K. And now a word from our sponsor, Spy Cloud. Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware, and phishing to neutralize identity-based threats like account takeover, fraud, and ransomware.
Starting point is 00:00:40 Don't let invisible threats compromise your business. Get your free corporate dark net exposure report at spycloud.com slash cyberwire and see what attackers already know. That's spycloud.com slash cyberwire. A critical flaw in Samsung's CMS is being actively exploited. President Trump's proposed 2026 budget aims to slash funding for CISA. ClickFix malware targets both Windows and Linux systems through advanced social engineering. CISA warns of a critical Langflow vulnerability actively exploited. A new supply chain attack targets Linux servers using malicious Go modules found on GitHub.
Starting point is 00:01:33 The Venom Spider Threat Group targets HR professionals with fake resume submissions. The Lunamoth Group escalates phishing attacks on US legal and financial institutions. The Treasury aims to cut off a Cambodia-based money laundering campaign. Our guest is Manzi Mirza, co-founder and CEO of Krogel, discussing the CISO's conundrum in the face of AI. And malware, mouse ears, and mayhem. A Disney hacker pleads guilty. It's Tuesday, May 6, 2025.
Starting point is 00:02:11 I'm Dave Vintner and this is your CyberWire Intel Briefing. Thanks for joining us here today, great to have you with us. A critical flaw in Samsung's Magic Info 9 server CMS is being actively exploited just days after a proof of concept code went public, Arctic Wolf warns. With a CVSS score of 8.8, the vulnerability allows unauthenticated attackers to upload and execute malicious files with system-level privileges. The flaw stems from improper input validation, enabling arbitrary file rights through crafted Java server pages. remote code execution is possible. Though Samsung patched the bug in a version released in August of 2024, Arctic Wolf detected exploitation starting April 30th of this year following public disclosure.
Starting point is 00:03:17 With an easy path to exploitation and public proof-of-concept code available, experts expect continued targeting. Organizations using magic info are urged to update immediately to avoid potential attacks. Turning to Washington, President Trump's proposed 2026 budget aims to slash funding for the Cybersecurity and Infrastructure Security Agency by $491 million, that's about 17%. The cuts, currently symbolic and requiring congressional approval, are framed as an effort to dismantle what the administration calls the censorship industrial complex. The White House accuses CISA of prioritizing misinformation policing over its core mission
Starting point is 00:04:03 of protecting critical infrastructure and election security. The budget would eliminate programs related to misinformation, international outreach and public engagement, accusing them of violating free speech and mismanaging resources. The move follows Trump's long-standing, unfounded claims that the 2020 election was stolen. CISA's minimal presence at this year's RSA conference and a surprise keynote by Homeland Security Secretary Kristi Noem signaled the agency's shifting status.
Starting point is 00:04:36 While CISA faces cuts, the Department of Homeland Security would see a $43 billion increase for border security and deportations. TSA and FEMA are also targeted for reductions, sparking early resistance from lawmakers. A new malware campaign, dubbed ClickFix, is targeting both Windows and Linux systems through advanced social engineering. Hackers have created convincing Ministry of Defense website clones in multiple countries, tricking defense workers into downloading fake security updates. The malware, first seen in April of this year, spreads via spear-phishing emails and uses
Starting point is 00:05:17 spoofed domains with slight misspellings to appear legitimate. Once installed, it exploits system-specific vulnerabilities, using a hidden PowerShell task on Windows and a fake service on Linux to maintain access and steal data. ClickFix's realism and cross-platform design make it hard to detect. Researchers at Hunt.io uncovered the campaign after spotting suspicious traffic from defense contractor networks. Security agencies have since confirmed breaches at several mid-level contractors and two government agencies.
Starting point is 00:05:53 Attribution is still unknown, but the operation shows hallmarks of a well-funded threat actor. Experts recommend stricter verification of official communications and improved endpoint defenses. CISA has issued an alert about a critical Langflow vulnerability actively exploited in the wild. Langflow, an AI development framework, is affected by a code injection flaw in its validation endpoint, allowing remote code execution without authentication. The bug, present in versions before 1.3.0, was detailed by Horizon 3.ai, which released proof-of-concept exploit code. While recent versions add authentication, full mitigation may require restricting network access.
Starting point is 00:06:43 Agencies must patch by May 26th per federal directives. A recent supply chain attack targets Linux servers using malicious Go modules found on GitHub which deliver a disk wiping bash script named done.sh. The attack uses three obfuscated Golang modules, Proto Transform, Go MCP, and TLS Proxy, to fetch and execute a payload that verifies it's on a Linux system before running a destructive DD command. This command overwrites the entire primary storage volume with zeros, rendering the system unbootable and all data unrecoverable. Researchers at Socket discovered the campaign in April of this year. The malicious modules impersonated legitimate developer tools to trick users.
Starting point is 00:07:34 Because Go's decentralized ecosystem allows similar module names, attackers can sneak destructive code into unsuspecting projects. Once the script is downloaded, it runs immediately, leaving no time to respond. All three malicious modules have since been removed from GitHub, but developers are urged to vet dependencies carefully to avoid catastrophic damage. The Venom Spider threat group is targeting HR professionals with malware disguised as fake resume submissions. According to Arctic Wolf, attackers are sending phony job applications and links to fake personal websites.
Starting point is 00:08:13 These sites display a CAPTCHA to appear legitimate, then prompt the user to download a resume, which is actually a malicious zip file. This file contains the More Eggs malware, a JavaScript-based remote access tool that steals credentials and gives attackers backdoor access. Historically focused on e-commerce and payment platforms, Venom's Spider has now shifted to targeting HR portals and job boards like LinkedIn,
Starting point is 00:08:42 putting nearly every industry at risk. The group uses cloud infrastructure, anonymous domains, and evasive communication methods to avoid detection. The campaign is especially dangerous because HR staff are expected to open emails and files from unknown sources, making them ideal targets under high-volume hiring pressures. The Lunamoth Group, also known as Silent Ransom Group, is escalating its callback phishing attacks on U.S. legal and financial institutions. These campaigns impersonate IT support staff via email and phone, tricking victims into calling fake help desk numbers. Victims are then persuaded to install remote monitoring tools like AnyDesk or Zoho Assist,
Starting point is 00:09:29 granting attackers direct access to their systems. Lunamoth avoids malware, relying entirely on social engineering. Once inside, they search for sensitive data and exfiltrate it using tools like WinSCP or R-Clone. The attackers then extort victims, threatening to leak stolen data unless ransoms are paid. The group has registered dozens of typo-squatted domains to support this scheme and remains difficult to detect due to its use of legitimate software. Organizations are advised to restrict unused RMM tools and block known lunamoth infrastructure. The US Treasury has begun the process of cutting off
Starting point is 00:10:12 Cambodia-based Huion Group from the dollar financial system, citing its role in laundering billions for North Korea and Southeast Asian cyber criminal groups. Huion facilitated scams and laundered over $4 billion from 2021 to early 2025, including $37 million tied to North Korean cyber activities. The company operates Huion Guarantee, a massive illicit online marketplace that, according to Chainalysis and Elliptic, has processed up to $49 billion in crypto transactions, far surpassing past darknet markets like Hydra. Huion's network includes crypto and payment services that support scams and money laundering.
Starting point is 00:10:59 The U.S. aims to disrupt Huion's financial operations, with Treasury officials labeling it a central hub for global cybercrime. The move follows a broader crackdown on cyber scams in East and Southeast Asia, where organized crime thrives amid weak enforcement and systemic corruption. Coming up after the break, my conversation with Manzi Mirza, co-founder and CEO of Krogel, we're discussing the CISO's conundrum in the face of AI, and malware, malsiers, and mayhem a Disney hacker pleads guilty. Stick around. Traditional pen testing is resource-intensive, slow, and expensive,
Starting point is 00:12:02 providing only a point-in in time snapshot of your application's security, leaving it vulnerable between development cycles. Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities. Outpost24's continuous pen testing as a service solution offers year-round protection with recurring manual penetration testing conducted by Crest certified pen testers allowing you to stay ahead of threats and ensure your web applications are always secure. And now a word from our sponsor, BlackKite. If third-party risk is keeping you up at night, you're not alone.
Starting point is 00:12:51 It's a constant battle. BlackKite's third-party cyber risk platform is built on real-world threat intelligence, straight from their research team's ongoing breach analysis, dark web monitoring, and attacker tactics. That means you get a hacker's eye view of your supply chain to proactively spot risks. And speaking of research, they just dropped their 2025 third-party breach report, breaking down last year's biggest trends and what's coming next. Grab the report now at www.blackkite.com. At last week's RSAC conference in San Francisco, I caught up with Manzi Merca, co-founder and
Starting point is 00:13:42 CEO of Krogel. In today's sponsored interview, we discuss the CISO's conundrum in the face of AI. And we are here at RSAC 2025 and joining me, I feel like it's old home week. Nice to speak once again with Manzi Mirza. Today you are with Krogel. You're the CEO and co-founder of that company. We spoke, of course, in the past, you were with Splunk for many, many years CEO and co-founder of that company. We spoke of course in
Starting point is 00:14:05 your past, you were with Splunk for many many years. It's great to have you back. Yeah great to be back, good to see you. So let's start off just for folks who may not be familiar with the new company, how do you describe it? Krogl works on tickets. It's a autonomous analyst, it's a knowledge engine that investigates alerts, executes threat hunts, and documents all of its work. So when you have thousands of alerts coming in, you need someone or something to look at those alerts
Starting point is 00:14:34 and operate on them so the analysts can really focus on things that are important. Well, take me through the journey here. I mean, as you and your colleagues were thinking about starting this up, and is this a thing, would this work? Like, what was the problem that you thought you could solve? What was the itch that you thought you could scratch?
Starting point is 00:14:54 So I was an executive at Databricks for many years, and then I had this idea to do something. So instead of starting a company, I actually went and worked for one of the largest banks in the world. And to... I really wanted to feel the pain of security operators, because I thought surely, you know, by 2023 these problems have been resolved.
Starting point is 00:15:15 And two big surprises, which caused us to really focus Krogl in the way that we did. The first big one was, analysts told us over and over again that the tools were in their way. And leaders said, well, I don't have enough people. So we found like that's like an interesting juxtaposition. And we said, what if we created a product
Starting point is 00:15:34 that would make every security analyst as effective as the entire team? Now for the analyst listening in the room, right? They know that's a ridiculous proposition. But then the question is what would have to happen? So that was the nexus point to start to create Krogl to say, what would we have to build to really enable and empower the analysts
Starting point is 00:15:54 to really exercise their intuition and be as good as they want to be without creating a tool that actually impedes them? And that's how we started to work on Krogl and we started two years ago. Well, so help us understand, when you say the tool's getting in the way for the analysts, what does that look like day to day?
Starting point is 00:16:13 What's that frustration there? Yeah, so I learned this firsthand because I went into a very sophisticated organization as an analyst. So when an alert comes in, usually you have lots and lots of tools at your disposal to go and investigate the alert. You might have something sitting in a data lake, you might have something sitting in your EDR system. So
Starting point is 00:16:32 just within those two capacities, now I have to know how to write a query against my data lake, and then I have to extract that out, and then I have to know how to write a query against my EDR system, and now I got to connect these two. We're just at two right now. Average organization has like 45 plus security technologies and tooling, so I have to, so the tool is in the way in the sense that now I have to know all the schemas,
Starting point is 00:16:55 I have to know where all the data sits, where the different types of data sits, and then I have to integrate the results that I'm getting, even though I know what to do. I know how to investigate a malware alert, but what I don't, or can't remember as a human, is where is the data? Where do I go first?
Starting point is 00:17:11 Where do I go next? How do I write the query? And so the tools are actually getting in my way to do my job. Okay, and so what does the other side of that look like? What sort of things are you all providing to get rid of those barriers? So we sat down and we said, okay, if you want to make every analyst as effective as the entire team,
Starting point is 00:17:32 what laws of physics will we have to break? So the first one we said, okay, if you really want to do this, you have to have a system that says you don't have to normalize your schema. Because every analysis system says you have to normalize your schema, and then you can start to work on it. But we know from experience from all these prior companies that nobody's data is normalized across, even within one tool, let alone across multiple data lakes.
Starting point is 00:17:59 And so that was number one. So we said, okay, we have to build a system that does, so we build a knowledge graph that creates a semantic layer on top of the enterprise data lakes. So that if something is called source IP over here or sashimi over there, it doesn't matter. We can still help the analyst execute that query without having to write the query language
Starting point is 00:18:21 for those two systems because we now have understanding. The second thing that we focused on was process. So first is data problem, the second is a process problem. What do analysts know? Well, they know what to do, but they want it to be repeatable, because Bob wants to share his work with Alice, and between the two of them as a team, they do better work. So create a mechanism to learn a process from Bob's work
Starting point is 00:18:47 and learn a process from Alice's work, such that when the third person comes in, they can benefit from the work of those two people. So data and process, and those are the two building blocks on which the whole system that we created is built. Let's shift gears from the analyst to the CISO. How is this sort of thing a lifestyle upgrade for the CISO? Yeah, so I think from a CISO point of view,
Starting point is 00:19:14 when I talk to CISOs and our customers, they are telling us their biggest challenge is they're looking at a bandwidth problem. And what they mean by that is that yesterday, let's say before the emergence of AI in the general context, they had, let's say, a thousand users or 5,000 users in their organization. And so the security teams were doing work to protect those 5,000 users or those 20,000 customers.
Starting point is 00:19:39 Now that AI is a part of the equation, the amount of work that any given user can do or the amount of expectation and work that any given user can do, or the amount of expectation and work that any given customer is doing, has increased by a very large order of magnitude. So, it's almost analogous to what they're saying, is I have 10 times more customers, I have 10 times more users.
Starting point is 00:19:57 So now I have to protect in that environment. And these CISOs were already encumbered by not being able to respond to alerts, I mean the thousands of alerts that they were receiving before. Now all of a sudden there's a whole bunch more. So now they have this bandwidth issue of how do I respond to this increase?
Starting point is 00:20:14 Their budgets are not increasing, but they want to respond to this. So they're saying, well I need something to actually do the job. So when I go and talk to them, they're like, don't talk to me about AI. It's fine, you have AI, everybody has AI them, they're like, don't talk to me about AI. It's fine, you have AI, everybody has AI, it's all good. Don't talk to me about AI.
Starting point is 00:20:29 Talk to me, what are you actually going to do? And so our mantra is very simple, Krogel works on tickets. And so that the analysts can focus on things that are really important, and the work can actually be done for you. And so it's that bandwidth issue. Now why is that a bigger, broader issue?
Starting point is 00:20:50 So when I ask them, okay, so what are your choices then? So they're telling us their choices are one, well, I could try to build this capability in-house. And they understand if they're in a manufacturing business or the government agency, their job is not to build products and maintain products over their life cycle. They're like, well, I tried, and then I asked them, well, why are you trying this by yourself?
Starting point is 00:21:10 And they say, well, my SIM experiment failed, or my SOAR experiment failed. I'm not really trusting the industry to see the path forward, so I'm going to do this on my own because I haven't seen anything that actually works. And then the second part of that is, okay, well, then why don't you go do it? And they say, no, we don't really anything that actually works. And then the second part of that is, okay, well, then why don't you go do it? And they say, no, we don't really want to do it.
Starting point is 00:21:28 We need a system to do this for us. Okay, well, what do you need? And that's where we got the interest of them telling us, we need a system that appreciates the fact that data is not normalized, and we need a system that creates reproducible outcomes that is rooted and anchored in processes. And so that's what we're building.
Starting point is 00:21:48 You mentioned a couple of times the benefit of sort of separating yourself from the need to have the data normalized. Can we dig into that a little bit? Yes. Explain that to me. So, as an analyst, when I go, if I'm working on something,
Starting point is 00:22:05 I have to touch lots and lots of systems. Each system has a different schema, and a different query language. And so I have to learn that, and I have to memorize that. And so the conventional wisdom has always been, whether you look, anyone who's selling a data lake or has a data lake product says, well just put all your data in this one data lake.
Starting point is 00:22:29 Now what we are experiencing now is, that's not true. People are living in cloud, multi-cloud hybrid. So that's the problem statement. So now the question is, okay, how are you going to learn this? So we built a system that essentially builds this knowledge graph across all these different data lakes. And the way we do that is we're essentially emulating
Starting point is 00:22:49 the way the analysts work. Because the analysts doesn't say, oh data's not normalized, sorry, can't work here anymore. Right, right, sure. They work through the problem. And so we talk to tons and tons of analysts, say how do you work through the problem? And so they explain to us,
Starting point is 00:23:03 and we essentially patent this ability now, we have a patent for this, to go in and connect to a system and learn what kind of data is in that system, and learn how that data is related to another data set in another system. And so we are creating this semantic layer of knowledge across,
Starting point is 00:23:21 so that the analyst now doesn't have to remember anything. I see. So this is work that the analysts were already doing maybe without even realizing it, all of these adapting to all these different systems. So you take that burden off of them and so they can cross talk. That's really interesting.
Starting point is 00:23:41 Well, it is RSA, it is 2025. You said the magic word, AI. Is there- Hopefully I didn't say it too many times. No, no, right? Is there an AI component that folks should know about? Yes. I think the biggest thing that we learned
Starting point is 00:23:59 as we started the company is we like to call it a compound AI system. There is no singular, there is no singular sort of mechanism here. So as an example, our technology uses an LLM. We use a retrieval augmented generation capability. We have an agentic workflow. We even use a relational database.
Starting point is 00:24:22 And so AI is not just like a singular entity. It is a combination of things working together to produce an outcome. In our case, the outcome being work on tickets in a responsible way such that it's documented, it is inspectable, and it is auditable. And that's really the thing around AI that is most important for, I think,
Starting point is 00:24:48 most people to understand. And I think the other piece, which a lot of folks are not talking about, which I think we are sort of the, we're proving that to be true, which is not conventional wisdom, is, so for example, we have a customer today that's running Krogol in an internet disconnected environment,
Starting point is 00:25:05 fully functional, so it's a self-contained, customer managed system. So even that is possible, just like, you know, so there's two big physics things that we broke, right? The first thing we broke was, oh, you don't have to normalize your data, how dare you even say that out loud, right? But yes, you don't have to normalize your data,
Starting point is 00:25:23 there's a way to solve that problem and solve outcomes. The other one was, there's no way that you can package this system up, this compound AI system up, to make it customer managed and fully private and completely in the customer's control. So we solved that problem. So it's possible to do it. We have customers who are using it.
Starting point is 00:25:40 And so that's the thing I think about AI that I think it would be really cool for more people to understand. Well before I let you go, let's go back up to the 50,000 foot view here. As you're walking around here at RSAC, what gives you hope? What are you optimistic about? What are the positive things you're seeing from this industry? Well first, I see still a lot of interaction,
Starting point is 00:26:05 a committed community that is yet at another inflection point. Like we have the mobile inflection point, the high speed networks inflection, big data inflection point. We're at this AI inflection point. And this community has always been ready to take on the unknown.
Starting point is 00:26:21 And there's so many people that have had so many conversations in meetups and on panels and different discussions. The community is ready to work and to look forward, both from the perspective of what will AI be used for to help protect, but also what will AI be used for to build,
Starting point is 00:26:36 bring together a new environment and a new ecosystem for us. So that is very energizing for me. And I see that that's very energizing to a lot of people. Yeah. All right. Well, Manzi Mirza is CEO and co-founder of Krogel. Manzi, thank you so much for taking the time for us.
Starting point is 00:26:52 Thanks for having me, Dave. It's a pleasure talking to you. Yeah, take care. Yeah, thank you. Let's be real, navigating security compliance can feel like assembling IKEA furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you've done it right. That's where Vanta comes in.
Starting point is 00:27:23 Vanta is a trust management platform that automates up to 90% of the work for frameworks like SOC 2, ISO 27001, and HIPAA, getting you audit ready in weeks, not months. Whether you're a founder, an engineer, or managing IT and security for the first time, Vanta helps you prove your security posture without taking over your life. More than 10,000 companies, including names like Atlassian and Quora, trust Vanta
Starting point is 00:27:51 to monitor compliance, streamline risk, and speed up security reviews by up to five times. And the ROI? A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get $1,000 off Vanta at vanta.com slash cyber. That's v-a-n-year-old Californian Ryan Kramer, alias NullBulge, pled guilty to hacking into Disney's Slack and stealing 1.1 terabytes of internal data, with a malware-laced AI image generator disguised as a legit program on GitHub.
Starting point is 00:28:55 One unsuspecting Disney employee downloaded the malware, unknowingly handed over his digital keys, including those stored in one password. Kramer used them to sneak into Disney's Slack like a tech-savvy Ursula, grabbing data from nearly 10,000 channels. Then with the flair of a B-movie hacker, Kramer posed as a Russian hacktivist group, threatening the employee to stay quiet or face the public dump of Disney's secrets. When the employee didn't bite, Kramer made good on the threat and posted the massive haul on breach forums.
Starting point is 00:29:30 Kramer now faces up to 10 years in prison, proving once again that trying to blackmail a mouse never ends well. And that's the CyberWire. For links to all of today's stories, check out our daily briefing at the cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey and the show notes or send an email to cyberwire at n2k.com.
Starting point is 00:30:22 N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iben. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Music What's the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets. With bad directory hygiene and years of technical debt, identity attack paths are easy targets for threat actors to exploit but hard for defenders to detect.
Starting point is 00:31:39 This poses risk in active directory, Entra ID, and Hybrid configurations. Identity leaders are reducing such risks with Attack Path Management. You can learn how Attack Path Management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by SpectorOps. Head to spectorops.io today to learn more.
Starting point is 00:32:03 SpectorOps, see your attack paths the way adversaries do.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.