Misconfigurations are one of the most overlooked areas in terms of security program quick wins. Everyone freaks out about vulnerabilities, patching, and exploits.

Meanwhile, security tools are misconfigured. Thousands of unused software packages increase remediation effort and attack surface. The most basic misconfigurations lead to breaches. Threatlocker spotted this opportunity and have extended their agent-based product to increase attention on these common issues.

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more!

AI and the case for toxic anthropomorphism. When Wendy coined this phrase on Mastodon a few weeks ago, I knew that she had hit on something important and that we needed to discuss it on this podcast.

We were lucky to find some time for Wendy to come on the show!

Quick note: while this was not a sponsored segment, 1Password IS currently a sponsor of this podcast. That doesn't really change the conversation any, except that I have to be nice to Wendy. But why would anyone ever be mean to Wendy???

Finally, in the enterprise security news,

1. Dozens of funding rounds over the past two weeks
2. Windows is becoming an Agentic OS? We talk about what that actually means.
3. Some great free tools
4. the latest cyber insurance trends
5. we analyze some recent breaches
6. the stop hacklore campaign
7. some essays worth reading
8. and a how a whole country dropped off the internet, because someone forgot to pay a GoDaddy invoice

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-436

Toilet Cams, North Korea, Brickstorm, MCP, India, React2Shell, Proxmox, Metaverse, Josh Marpet, and More, on the Security Weekly News.

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn-535

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news:

• Oh Asus
• Dashcam botnets
• Weird CVEs being issued
• CodeRED, but not the worm
• Free IP checking
• Internet space junk and IoT
• Decade old Linux kernel vulnerabilities
• Breaking out of Claude code
• Malicious LLMs
• Hacker on a plan gets 7 years
• Putting passwords into random websites
• NPM supply chains strike again
• LLMs will never be intelligent

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-903