Sign up to save your podcasts
Or
Share How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401
You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise.
Segment Resources:
- This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
- This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
- Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
- and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs
Show Notes: https://securityweekly.com/esw-401
View all episodes
By Security Weekly Productions
4.7
33 ratings
You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise.
Segment Resources:
- This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
- This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
- Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
- and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs
Show Notes: https://securityweekly.com/esw-401
More shows like Enterprise Security Weekly (Video)
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Grumpy Old Geeks
6,020 Listeners
Hacked
176 Listeners
CyberWire Daily
1,009 Listeners
Paul's Security Weekly (Audio)
16 Listeners
Smashing Security
312 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
189 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
91 Listeners
Defense in Depth
74 Listeners
Paul's Security Weekly (Video)
2 Listeners
Cloud Security Podcast
58 Listeners
Cyber Security Headlines
127 Listeners