PP104: How SocGholish Picks Locks to Let In Ransomware

A cryptographically relevant quantum computer is, at some point, going to emerge that can crack modern encryption. But we don’t know when, so it’s tempting to set this problem aside. On today’s sponsored episode, we talk about why ignoring Post-Quantum Cryptography (PQC) isn’t an effective strategy. Sponsor Cisco is here to make the case for... Read more »

For decades, network and security professionals have adapted to technology change in a piecemeal fashion: a new rule here, an upgrade there, a new product deployment over yonder. On today’s Packet Protector, co-host Jennifer ‘JJ’ Jabbusch makes the case for why several emerging technologies require IT pros to think about security at an architectural level.... Read more »

Threat actors are behaving more like professional organizations in an effort to launch more effective and profitable attacks. We explore this and other themes from the latest Threat Labs report from HPE, our sponsor for today’s Packet Protector episode. We also look at how older vulnerabilities are still contributing to today’s exploits, why security organizations... Read more »

In the cybercrime industry, initial access brokers specialize in break-ins. They pick digital locks and slide open electronic windows, and then sell that access to other threat actors who specialize in ransomware, exfiltration, and other crimes. SocGholish is a widely used tool in the access broker toolkit. Typically disguised as a legitimate software update, SocGholish... Read more »

Firewall policies are the heart of network security, but over time they can become a tangled mess. Rules might be outdated, or conflicting, or fail to address new applications, services, and risks. Add in remote locations and public cloud deployments, and you’ve got a serious headache for security and network teams. On today’s sponsored show... Read more »

Spending on SASE, which combines SD-WAN and cloud-delivered security, is forecast to nearly triple over the next few years, according to Dell’Oro Group. Today on Packet Protector we talk with that forecast’s author about what’s driving that spending. We also explore how SASE vendors are differentiating, architectural considerations for SASE deployments, pros and cons of... Read more »

On today’s news roundup we assess the White House’s new US cyber strategy (bellicose, bombastic, and boiler-plate), discuss a cyberattack attributed to Iran that used Windows to wipe thousands of devices, and dig into a Microsoft update on Entra passkeys. JJ isn’t impressed with new research that bypasses Wi-Fi client isolation, corporate spyware gets a... Read more »

Kyler Middleton, a software developer in the healthcare sector, builds and supports AI bots and AI agents that are now widely used inside the company where she works. Today on Packet Protector, Kyler stops by to talk about how and why she built these tools, how she (and her organization) address the risks these tools... Read more »

Today we’re going to learn about the care and feeding of a three-headed dog named Kerberos. Developed at MIT and released in 1989, Kerberos is a free, open source authentication protocol that uses cryptographic keys to protect identity data as it crosses a network. Today, Kerberos is the backbone of Windows authentication. We’ll dive into... Read more »

On today’s show, we pop the lid off of a firewall (figuratively speaking) to understand what’s inside. We talk about how a packet moves through various packet-processing elements inside a firewall, how header analysis and de-encapsulation work, which hardware component has the biggest impact on performance, why stateful inspection still matters in an age of... Read more »