Sign up to save your podcasts
Or
Share How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401
You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise.
Segment Resources:
- This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
- This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
- Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
- and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs
Show Notes: https://securityweekly.com/esw-401
View all episodes
By Security Weekly Productions
4.7
33 ratings
You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise.
Segment Resources:
- This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
- This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
- Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
- and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs
Show Notes: https://securityweekly.com/esw-401
More shows like Enterprise Security Weekly (Video)
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
Click Here
415 Listeners
Cybersecurity Today
176 Listeners
Hacking Humans
315 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
91 Listeners
Defense in Depth
73 Listeners
Threat Vector by Palo Alto Networks
37 Listeners