Year of the (Clandestine) Linux Desktop, topic, and the news – Rob Allen – ESW #433
Segment 1: Interview with Rob Allen
It’s the Year of the (Clandestine) Linux Desktop!
As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.
In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.
Segment Resources:
- Pro-Russian Hackers Use Linux VMs to Hide in Windows
- Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs
- Qilin ransomware abuses WSL to run Linux encryptors in Windows
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Segment 2: Topic - Threat Modeling Humanoid Robots
We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance...
Resources
- https://www.unitree.com/H2 (watch the video!)
- China’s humanoid robots get factory jobs as UBTech’s model scores US$112 million in orders
- The big reveal: Xpeng founder unzips humanoid robot to prove it’s not human
- Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability
- 100-page Paper: The Cybersecurity of a Humanoid Robot
- 5-page Paper: Cybersecurity AI: Humanoid Robots as Attack Vectors
- Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! The Day My Smart Vacuum Turned Against Me
Segment 3: Weekly News
Finally, in the enterprise security news,
- A $435M venture round
- A $75M seed round
- a few acquisitions
- the producer of the movie Half Baked bought a spyware company
- AI isn’t going well, or is it?
- maybe we just need to adopt it more slowly and deliberately?
- ad-blockers are enterprise best practices
- firewalls and VPNs are security risks, according to insurance claims
- could you power an entire house with disposable vapes?
All that and more, on this episode of Enterprise Security Weekly.
Rob Allen, Chief Product Officer of ThreatLocker, is an IT Professional with three decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by businesses today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customers’ needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks.
Adrian Sanabria
- FUNDING/M&A: Courtesy of the Security, Funded newsletter, issue #219 – Thirty-Two Billion Reasons
VIBE CHECK
Question: How often do you feel like you're winging it in security?
Most said "Weekly (some days are better)" The rest said "Daily (we're all making it up)"
FUNDING
- Armis, a United States-based agentless IoT security platform, raised a $435.0M Venture Round from Goldman Sachs Growth Equity.
- Tenzai, an Israeli-based autonomous agentic pentesting vendor, raised a $75 Million seed round led by Greylock Partners, Battery Ventures, and Lux Capital.
- Daylight Security, an Israel-based automated managed detection and response (MDR) platform, raised a $40.0M Series A from Craft Ventures.
- Teleskope, a United States-based data security posture management (DSPM), raised a $25.0M Series A from M13.
- Truffle Security, a United States-based platform that finds and remediates leaked software credentials, raised a $25.0M Series B from Intel Capital and Andreessen Horowitz.
ACQUISITIONS
- SplxAI, a United States-based AI agent vulnerability testing and monitoring platform, was acquired by Zscaler for an undisclosed amount. SplxAI had previously raised $9.0M in funding.
- UpSight Security, a United States-based endpoint detection and response (EDR) platform focused on ransomware prevention, was acquired by Arctic Wolf for an undisclosed amount. UpSight Security has had previous funding, but has not disclosed any deal terms.
- Wirespeed, a United States-based managed detection and response (MDR), wasacquired by Coalition for an undisclosed amount. Wirespeed has not previously disclosed any funding events.
- DUMPSTER FIRE: Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation
The producer of the movie Half Baked, and most of Adam Sandler's hits is now a majority owner of one of the world's most notorious spyware companies.
What?
- REGULATIONS: Defense Contractors Are Silencing Their Cybersecurity Watchdogs
- ESSAYS: The AI Wildfire Is Coming. It’s Going to be Very Painful and Incredibly Healthy.
$1B shorts, Softbank dumping over $5B, there are signs that the fire has started to burn.
- ESSAYS: Have you tried AI?
Beehiiv founder: It's not going well.
A clip from the essay:
These investors insisted that we were living in the stone ages, and that AI could entirely relieve us of our duties. The hope was that we could guarantee near-instant responses to our customers and free up some bandwidth on the support side to focus on other initiatives.
We took their recommendation and spoke to a dozen of the hottest, most highly recommended AI support tools on the market. We selected 4 finalists who each built an entire POC for us, fine tuned the model based on our internal data and support docs, and pretty much guaranteed success.
The results were total shit. None of them could handle a fraction of the complexity of inquiries from our users, nor the simplest tickets.
After this exercise, I actually think that entire industry is a house of cards. Perhaps those tools can handle a simple return request for a D2C startup, but there’s a long way to go before they can troubleshoot our users’ automation journeys or bespoke integrations with third parties.
- ESSAYS: The GenAI Divide – State of AI in Business 2025, by MIT Nanda
MIT Nanda: It's not going well.
Lots of adoption, very little transformation.
- ESSAYS: Threat Modelling Isn’t a Security Exercise — It’s a Design Discipline
- ESSAYS: AI Trust Paradox: Overcome Fear Auto Cyber Remediation
From ex-cohost Tyler Shields!
"The biggest barrier to leveraging AI in cybersecurity isn't the technology itself, it's our ability to trust AI with the execution of tasks."
I'd have an easier time getting on board with this if the technology was consistent and/or reliable. Or if anyone told me they were successful with it at scale in any significant task.
- ESSAYS: Human-in-the-Loop Is Just the Starting Line
Like Tyler, Craig is saying we need to approach AI in a phased way to work out the kinks and gain confidence, towards full automation.
- HARDENING: Why ad blockers are a top security and privacy defense for everyone
I've heard this from a LOT of folks, this is not a niche thing. Ads are how the Internet pays for itself. But it has become best practice for all enterprises and individuals to block ads. This is fine.
- ACTUAL SECURITY GUIDANCE: Next-gen firewalls, VPNs can increase security risks: At-Bay
In non-AI news, companies are getting hacked through their security products.
AI isn't helping.
Your mom told me to tell you to stop screwing around with AI and get back to foundational security work.
- ACTUAL SECURITY GUIDANCE: What are the “top” ATT&CK techniques? – Cyentia Institute
- SQUIRREL: I Powered My House Using 500 Disposable vapes
This is a PSA. Disposable vapes have rechargeable lithium ion batteries in them. They're not disposable and you shouldn't put them in the trash.
But you also probably shouldn't disassemble 1500 of them to build a DIY Telsa Powerwall
This guy did though