Risky Business Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal
62 snips
Sep 10, 2025 
Toni de la Fuente, Founder of Prowler, dives into cloud security innovations and the new support for Microsoft 365 in Prowler. He discusses how the tool enhances security for services like OneDrive and SharePoint. The conversation highlights Apple's recent memory integrity enforcement, which complicates exploit attempts and fortifies device security. Toni also explores the rise of ransomware attacks and the importance of accountability in cybersecurity. With humorous insights into the complexities of NPM supply chain attacks, this episode is both informative and engaging.
AI Snips
Chapters
Transcript
Episode notes
Phishing Proxy Became A Reused Hook
- Attackers reused a proxied phishing site technique to capture 2FA codes and GitHub credentials across multiple payload campaigns.
- Similar tactics spread quickly once discovered, leading to variant payloads rather than a single persistent actor.
Be Subtle If You Want Persistence (Defensive Lesson)
- If attackers want persistence via package compromise, be subtle and avoid noisy behaviors that trigger rapid detection.
- Integrate changes slowly and avoid obvious destructive payloads to maximize the chance of long-term exposure.
GitHub Access = Supply-Chain Pivot
- Compromise of a vendor's GitHub account can lead to supply-chain pivots that expose build systems and tokens.
- Source repo access often yields key material or code changes that propagate into production via CI/CD.