chuvakinthumb

How EDR was supposed to help with alert overload

doncoxthumbnail

Patch management in the age of work-from-home

Endpoint/Device Security

Smart home router glowing with firewall hologram

Network Security

Firewalls, Routers

Exposure management

News

Cyberattacks on legacy firewalls continue. What security teams can do

Resource

Tanium

Tanium and Microsoft target alert overload in the SOC with AI-powered triage agents

IMG_0255

AI/ML

AI-driven endpoint expansion and a deepened ServiceNow partnership: News from Tanium Converge 2025

<body><h3>Segment 1: Interview with Rob Allen</h3>

<p>It’s the Year of the (Clandestine) Linux Desktop!</p>

<p>As if EDR evasions weren’t enough, attackers are now employing yet another method to hide their presence on enterprise systems: deploying tiny Linux VMs. Attackers are using Hyper-V and/or WSL to deploy tiny (120MB disk space and 256MB memory) Linux VMs to host a custom reverse shell and reverse proxy.</p>

<p>In this segment, we’ll discuss strategies and mitigations to battle this novel technique with Rob Allen from Threatlocker.</p>

<p>Segment Resources: </p>

<ul>
<li><a rel="noreferrer noopener" target="_blank" href="https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows">Pro-Russian Hackers Use Linux VMs to Hide in Windows</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/">Russian Hackers Abuse Hyper-V to Hide Malware in Linux VMs</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://www.bleepingcomputer.com/news/security/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows/">Qilin ransomware abuses WSL to run Linux encryptors in Windows</a></li>
</ul>

<p>This segment is sponsored by ThreatLocker. Visit <a rel="noreferrer noopener" target="_blank" href="https://securityweekly.com/threatlocker">https://securityweekly.com/threatlocker</a> to learn more about them!</p>

<h3>Segment 2: Topic - Threat Modeling Humanoid Robots</h3>

<p>We're entering the age of human-shaped robots, so it seems like a good time to talk about the fact that they ALREADY HAVE CVEs assigned to them. I guess this isn't a terrible thing - John Connor might have had an easier time if he could simply hack the terminators from a distance...</p>

<p><strong>Resources</strong></p>

<ul>
<li><a rel="noreferrer noopener" target="_blank" href="https://www.unitree.com/H2">https://www.unitree.com/H2</a> (watch the video!)</li>
<li><a rel="noreferrer noopener" target="_blank" href="https://www.scmp.com/tech/tech-trends/article/3332372/chinas-humanoid-robots-get-factory-jobs-ubtechs-model-scores-us112-million-orders">China’s humanoid robots get factory jobs as UBTech’s model scores US$112 million in orders</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://www.scmp.com/tech/article/3331958/big-reveal-xpeng-founder-unzips-humanoid-robot-prove-its-not-human?module=inline&amp;pgtype=article">The big reveal: Xpeng founder unzips humanoid robot to prove it’s not human</a></li>
<li><a rel="noreferrer noopener" target="_blank" href="https://spectrum.ieee.org/unitree-robot-exploit">Exploit Allows for Takeover of Fleets of Unitree Robots - Security researchers find a wormable vulnerability</a></li>
<li>100-page Paper: <a rel="noreferrer noopener" target="_blank" href="https://arxiv.org/pdf/2509.14096">The Cybersecurity of a Humanoid Robot</a></li>
<li>5-page Paper: <a rel="noreferrer noopener" target="_blank" href="https://arxiv.org/pdf/2509.14139v3">Cybersecurity AI: Humanoid Robots as Attack Vectors</a></li>
<li>Amazingly, $300 smart vacuums have some of the same exact vulnerabilities and backdoors built into them as the $16,000 humanoid robots! <a rel="noreferrer noopener" target="_blank" href="https://codetiger.github.io/blog/the-day-my-smart-vacuum-turned-against-me/">The Day My Smart Vacuum Turned Against Me</a></li>
</ul>

<h3>Segment 3: Weekly News</h3>

<p>Finally, in the enterprise security news, </p>

<ol>
<li>A $435M venture round</li>
<li>A $75M seed round</li>
<li>a few acquisitions</li>
<li>the producer of the movie Half Baked bought a spyware company</li>
<li>AI isn’t going well, or is it?</li>
<li>maybe we just need to adopt it more slowly and deliberately?</li>
<li>ad-blockers are enterprise best practices</li>
<li>firewalls and VPNs are security risks, according to insurance claims</li>
<li>could you power an entire house with disposable vapes?</li>
</ol>

<p>All that and more, on this episode of Enterprise Security Weekly.</p></body>

Featured image for {“vendor”:”ppworks”,”type”:”segment”,”id”:”14257″} podcast from PPWorks

AI benefits/risks

Acquisition

Year of the (Clandestine) Linux Desktop, topic, and the news – Rob Allen – ESW #433

The Cisco logo is seen on an office building

Cisco logo

Vulnerability Management

Patch/Configuration Management

Government Regulations

Cisco ASA firewalls still under attack; CISA issues guidance for patch

New Samsung Galaxy mobile smartphones is shown on retail display inside electronics store.

111125_samsung_galaxy

Breach

Identity

Samsung flaw added to CISA list after spyware uncovered on devices

Microsoft Teams website on a tablet. Teams is a unified team communication and collaboration platform with workplace chat, video meetings, and file storage.

Microsoft Teams website on a tablet.

Application security

Microsoft Teams flaws let attackers impersonate execs, manipulate messages

Cisco sign near Cisco headquarters campus in Silicon Valley.

Cisco sign near Cisco headquarters campus in Silicon Valley. The red and blue logo depicts the two towers of the Golden Gate Bridge. – San Jose, California, USA – 2020

Threat Intelligence

China-linked Storm-1849 spent October targeting Cisco ASA firewalls