Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec Defensive Security Podcast Episode 337
Jan 26, 2026
Discussion of QR-code phishing campaigns and the rise of 'quishing' targeting mobile devices. Practical hiring security: live technical interviews, proctoring tricks, and spotting fraud signals like VPNs and odd timezones. Deep dive into a long-exploited ESXi VM escape, hypervisor trust risks, and how commoditized exploit toolkits amplify ransomware threats. CISO turnover, succession problems, and the impact on security programs.
AI Snips
Chapters
Books
Transcript
Episode notes
Adopt Phishing-Resistant Authentication
- Deploy phishing-resistant authentication like FIDO/passkeys to reduce credential theft via quishing.
- Enforce SSO support for SaaS to centralize strong auth and reduce shadow accounts.
Shadow Admins Create Security Gaps
- Shadow administration creates weaker local accounts when teams bypass IAM for speed.
- Consistent controls across assets matter more than one-off deployments to prevent credential gaps.
Harden Hiring With Live Verification
- Use live technical interviews and require candidates to explain their work to verify skills and identity.
- Correlate multiple signals (time, VPN, audio) rather than relying on one suspicious indicator alone.
