Risky Business Risky Business #814 -- It's a bad time to be a scam compound operator
50 snips
Nov 12, 2025 Haroon Meer, Founder of Thinkst Canary, emphasizes the need for transparency in vendor security practices. He argues that companies must demonstrate how they secure their architecture instead of relying on vague assurances. The discussion touches on the importance of accountability, with Meer advocating for pen tests and ongoing audits from vendors. They also explore innovative security designs like allowlisting and honeypots, highlighting recent updates to Thinkst Canary's cloud platforms.
AI Snips
Chapters
Transcript
Episode notes
SonicWall Incident Points To Systemic Failure
- SonicWall breach suggests either credential brute-force or platform bug leading to full backup compromise.
- The scale of impact implies a systemic failure rather than isolated account compromises.
Protect Slack And Other SaaS Chat Data
- Treat SaaS chat history as sensitive and protect access controls and credentials tightly.
- News organizations must assume Slack leaks expose sources, unpublished notes, API keys, and internal secrets.
Employee Used NAS To Evade USB Controls
- An Intel engineer facing termination bypassed USB restrictions by plugging a NAS into the corporate network.
- Intel detected the exfiltration, illustrating both creative insider threat tactics and the value of controls.