Crestvale Newsroom

EY grads accused of PM bank snooping

6 min · 1 jul 2026
aflevering EY grads accused of PM bank snooping artwork

Beschrijving

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Today's episode focuses on a quiet but critical failure point: access control. A real-world incident involving contractor access to sensitive financial data shows how authorization gaps, not external attackers, are often the weakest link. For security and IT leaders, this is a shift in where risk lives. Insider misuse, third-party exposure, and inherited liability from vendors are becoming more consequential than perimeter threats. From financial filings to endpoint security, the common thread is clear. If you do not tightly control who can access what, and when, you are carrying unseen risk. We also cover a major IRS liability ruling, active ransomware exploitation of a Windows privilege escalation flaw, and key signals from across the security landscape. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Reacties

0

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de Crestvale Newsroom community!

Probeer gratis

Probeer 14 dagen gratis

€ 9,99 / maand na proefperiode. · Elk moment opzegbaar.

  • Podcasts die je alleen op Podimo hoort
  • 20 uur luisterboeken / maand
  • Gratis podcasts

Alle afleveringen

162 afleveringen

aflevering ServiceNow unauth API bug exposed enterprise data artwork

ServiceNow unauth API bug exposed enterprise data

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A quiet fix to a ServiceNow API exposure is raising a louder question about trust in the SaaS control plane. When systems that power identity, tickets, and internal context leak without authentication, the blast radius extends far beyond a single tool. This episode breaks down why delayed disclosure changes your response window, and why you should treat core SaaS platforms and build systems as breach critical. It also looks at how autonomous ransomware is compressing attack timelines, and why internet exposed orchestration tools are becoming high value entry points. We also cover the NetNut proxy disruption, the rise of supply chain to ransomware pipelines, and signals from Alibaba, CISA, Visa, and Microsoft 365. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

4 jul 20266 min
aflevering CISA adds SharePoint RCE CVE-2026-45659 to KEV artwork

CISA adds SharePoint RCE CVE-2026-45659 to KEV

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A critical SharePoint vulnerability is now under active exploitation, while regulators are making it clear that inaccurate security claims can carry legal consequences. At the same time, attackers are turning edge device flaws into repeatable ransomware entry points, and major platforms are reshaping how security intelligence is delivered. This episode breaks down what these shifts mean in practice. From emergency patching decisions to the growing legal weight of compliance frameworks, the environment is changing from both sides. Security leaders are being pushed to move faster operationally while also proving that controls are actually in place. We also cover FortiBleed's role in ransomware campaigns, Visa's move into threat intelligence, and what it signals about the merging of fraud and cybersecurity. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Gisteren6 min
aflevering Tomcat auth bypass breaks security-constraint protections artwork

Tomcat auth bypass breaks security-constraint protections

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Authentication controls failing silently is a different kind of risk. Today's episode breaks down how newly disclosed Apache Tomcat vulnerabilities allowed attackers to bypass protections that teams believed were enforced, and why this changes how you validate access controls. For security and IT leaders, the shift is clear. Configuration is no longer proof of enforcement. You need to test real access paths, verify behavior, and assume gaps exist until proven otherwise. At the same time, active exploitation of an Oracle E-Business Suite flaw shows how quickly attackers move once patches are released, while new federal deadlines on post-quantum cryptography turn long-term planning into near-term operational work. We also cover Zscaler's move into AI agent control planes and what it signals about identity in autonomous systems, along with several other key developments shaping the threat landscape. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

2 jul 20266 min
aflevering EY grads accused of PM bank snooping artwork

EY grads accused of PM bank snooping

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Today's episode focuses on a quiet but critical failure point: access control. A real-world incident involving contractor access to sensitive financial data shows how authorization gaps, not external attackers, are often the weakest link. For security and IT leaders, this is a shift in where risk lives. Insider misuse, third-party exposure, and inherited liability from vendors are becoming more consequential than perimeter threats. From financial filings to endpoint security, the common thread is clear. If you do not tightly control who can access what, and when, you are carrying unseen risk. We also cover a major IRS liability ruling, active ransomware exploitation of a Windows privilege escalation flaw, and key signals from across the security landscape. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

1 jul 20266 min
aflevering ACSC warns FortiBleed: rotate creds, enforce MFA artwork

ACSC warns FortiBleed: rotate creds, enforce MFA

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Credential-based security is breaking in multiple directions at once. Old passwords are being reused to breach networks, unpatched ERP systems are getting exploited in the wild, and attackers are shifting toward token theft that bypasses traditional login defenses entirely. For security and IT leaders, this is a shift from protecting logins to continuously validating identity across sessions, systems, and now AI-driven actors. The common thread is clear: identity is the new control plane, and gaps in credential hygiene, patching, and token visibility are turning into real-world incidents. This episode also covers a major Oracle EBS vulnerability under active exploitation, the rise of device-code phishing attacks targeting Microsoft environments, and new funding aimed at rebuilding IAM for AI agents. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

30 jun 20266 min