The Adversarial Podcast Ep. 11 - Incoming Trump administration, Microsoft's leaked SaaS creds, and software liability policy
The Adversarial Podcast - En podcast af Jerry Perullo, Sounil Yu, Mario Duarte
 
   Introduction:The episode opens with a discussion on securing devices for employees traveling to high-risk countries, like China, as a way to protect corporate data and maintain customer trust.Hosts Jerry, Sounil, and Mario welcome listeners and discuss recent events, including the FS-ISAC Fall Summit in Atlanta and geopolitical implications of the recent election.Key Topics:Geopolitical Risks:The group explores China's espionage activities and Russia's geopolitical maneuvers, predicting shifts in attacker strategies depending on U.S. political leadership.Concerns about China's possible invasion of Taiwan and its implications for global tech, particularly chip manufacturing, are highlighted.Cybersecurity and Crypto:The hosts discuss the post-election stock market bump, particularly in the tech and crypto sectors, and note the growing reliance on platforms like Coinbase.They debate the perception and reality of cryptocurrency stability.Travel Security Policies:The panel critiques outdated views on China-focused security policies and suggests broadening these policies to apply to all non-extradition countries.Anecdotes on “burner laptops” and espionage myths are shared, emphasizing a need for realistic threat modeling.InfoStealers and SaaS Security:Rising threats from InfoStealer malware, which targets stored credentials, are explored.A specific case involving Snowflake and ServiceNow platforms highlights vulnerabilities tied to single-factor authentication and API misuse.Debate on whether such findings should be within the scope of bug bounty programs arises.Shift Toward Hybrid and On-Prem Models:Discussion on whether critical applications are moving back on-premises due to high cloud costs, especially for AI workloads.The hosts argue the shift is likely economic rather than security-driven.EU Product Liability Directive:The EU’s new directive introduces potential liability for software developers and companies, even extending to individual coders.The implications for open source and global software markets are debated, with concerns about increased costs for doing business in the EU.CrowdStrike vs. Delta Lawsuit:The CrowdStrike-Delta legal battle is analyzed, focusing on issues like the discovery of risk registers and internal chats, and how this might expose Delta's cybersecurity weaknesses.Potential ripple effects for CrowdStrike's reputation and customer base are considered.Closing Thoughts:The episode ends with reflections on regulatory landscapes, including GDPR and how enforcement levels shape software innovation and compliance strategies.The hosts tease ongoing developments in the CrowdStrike case as a topic to watch closely.This episode combines high-level geopolitical discussions with detailed analysis of pressing cybersecurity trends, offering a mix of technical insights and industry perspectives.
 
 