But the real risk is getting locked out – of your cloud.

Your data may sit in Europe.

Your systems may run on trusted platforms.

But if access is restricted tomorrow – by a provider, a government, or a legal decision - what actually happens?

Can you still operate?

In this episode of Threat Talks, Lieuwe Jan Koning (co-founder and CTO at ON2IT Cybersecurity) speaks with Lokke Moerel (Professor of Global ICT Law at Tilburg University and leading expert in EU cybersecurity regulation) to break down what data sovereignty really means- beyond the illusion of control.

Because sovereignty doesn’t fail where you think it does.

It breaks in four places:

• Storage - where your data lives
• Access - who can reach it (and revoke it)
• Operations - whether you can keep running without your provider
• Jurisdiction - which laws override your control

Most organizations only solve the first - and that’s where the real risk starts: dependency on providers you don’t control.

As cloud and AI deepen that dependency, the question isn’t where your data sits, but who decides what happens to it tomorrow.

From sovereign cloud initiatives to European AI models like GPT-NL, this episode explores how regions are trying to regain control, and why relying entirely on big tech may not be sustainable.

Key Topics Covered

• What data sovereignty really means beyond data location 
• How dependency on cloud providers impacts AI data governance 
• Why jurisdiction, access, and control matter more than compliance 
• What organizations must do to regain control over data and infrastructure

Resources

• Threat Talks: https://threat-talks.com/ 
• ON2IT (Zero Trust as a Service): https://on2it.net/ 
• AMS-IX: https://www.ams-ix.net/ams    

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

That’s an uncomfortable reality.

But the truth is: your infrastructure runs on foreign technology.
Your data depends on external suppliers.

And if they fail – you feel it.

The EU has decided to step in. 

 
In this episode of Threat Talks, Lokke Moerel (Professor of Global ICT Law at Tilburg University and leading expert in EU cybersecurity regulation) breaks down how Europe’s new cybersecurity package is reshaping supply chain security.

Because this is not just about audits.

From Chinese components embedded in infrastructure to US-controlled cloud services, organizations are relying on suppliers that sit outside their control. And that creates a different kind of risk. Not just technical – but strategic.
 
The EU is now responding with a structural shift:

• One certification approach across Europe 
• Clearer rules for suppliers in critical functions 
• Separation of technical security and geopolitical risk 

This changes how supply chain security works.

For CISOs and security leaders, the message is clear:
If your cybersecurity risk mitigation strategies don’t account for dependency on external suppliers, you’re exposed.

Timestamps

00:00 – Your Vendor Passed the Audit—Why You’re Still Exposed
01:32 – The EU Cybersecurity Landscape: What’s Changing Now
04:06 – The Supply Chain Problem: Why Current Cybersecurity Risk Mitigation Strategies Fail
08:39 – What This Means: New Rules for Critical Suppliers and Infrastructure
17:13 – What Organizations Must Do Now to Strengthen Cybersecurity Risk Mitigation Strategies
20:34 – Geopolitics vs Security: Will Certain Suppliers Be Restricted?
25:07 – Innovation vs Regulation: Are We Heading for a Two-Speed Market?
28:36 – Practical Next Steps: How to Prepare Your Supply Chain Today
29:27 – Key Takeaways and Final Thoughts

Key Topics Covered

• Why dependency on China and the US creates new supply chain risk 
• How the EU cybersecurity package reshapes supplier accountability 
• Why security and geopolitics are now treated separately 
• What organizations must do to strengthen cybersecurity risk mitigation strategies

Resources

• Threat Talks: https://threat-talks.com/ 
• ON2IT (Zero Trust as a Service): https://on2it.net/ 
• AMS-IX: https://www.ams-ix.net/ams
• Threat Talks episode Bart Groothuis: https://www.youtube.com/watch?v=Vj5Z7RYMACY 
• EU Cybersecurity package: https://ec.europa.eu/commission/presscorner/detail/en/ip_26_105    

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Control systems ran independently, accessible only through dedicated workstations requiring physical presence. The factory floor and the IT department might as well have been on different planets.

That world is gone. 

Today’s OT environments are connected. Remote access from IT workspaces to control systems is routine. 

And this is just the start. 

And it changes everything about how to secure them.

In this episode of Threat Talks, Lieuwe Jan Koning and Rob Maas break down what happens when OT vs IT security models collide – and why IT/OT convergence is forcing organizations to rethink how they protect industrial environments.

Patching is difficult, availability is critical, and legacy models like the Purdue model leave gaps attackers can move through.

So, what does work?
Zero Trust.

If your organization relies on industrial systems, this is the shift you need to understand.

Timestamps

00:00 – OT vs IT Security Introduction and Key Differences

00:57 – IT OT Convergence Is Changing OT Security

04:49 – What OT vs IT Security Looks Like in Practice

10:13 – Why IT and OT Teams Struggle to Communicate

12:18 – How Zero Trust Applies to OT Environments

14:21 – How to Secure OT with Zero Trust and IT OT Convergence

Key Topics Covered

• How OT vs IT security requires a different approach in practice
• Why IT OT convergence is increasing risk across factory environments
• How limitations like patching and availability shape OT security decisions
• How Zero Trust segmentation can reduce risk without disrupting operations

Resources

• Threat Talks: https://threat-talks.com/ 
• ON2IT (Zero Trust as a Service): https://on2it.net/ 
• AMS-IX: https://www.ams-ix.net/ams
• Threat Talks episode on Hack the Boat: https://www.youtube.com/watch?v=Xa0TJ3eRTCw
• Blog: Purdue vs Zero Trust in OT security https://on2it.net/nl/blog/purdue-vs-zero-trust-in-ot-security/   

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

 React2Shell might be doing the same right now.

Across thousands of React apps, exposure is already baked in - accelerated by vibe coding and shipped without scrutiny.

In some cases, one request is all it takes.

React2Shell turns that exposure into remote code execution in React and Next.js environments -triggered by a single HTTP POST request.

In this episode of Threat Talks, host Rob Maas and SOC analyst Yuri Wit break down how React2Shell works, why it’s more serious than it looks, and what makes it so easy to exploit.

The risk is significant, and what makes it worse is how little attention it’s getting.

As developers increasingly rely on AI-generated code, applications are being shipped faster - but not always with full visibility into how components behave. That creates blind spots attackers can take advantage of, especially when serialization and deserialization flaws are involved.

We cover how React2Shell works, how attackers exploit serialization and deserialization flaws, and what actions you need to take now to reduce risk.

If your organization runs React or Next.js applications, assume exposure until proven otherwise - especially if this hasn’t been on your radar yet.

React2Shell isn’t making Log4j headlines.

That doesn’t mean the risk is smaller.

Timestamps

00:00 – React2Shell Introduction and Log4j Comparison

00:28 – What Is React and How Vibe Coding Introduces Security Risks

02:48 – How the React2Shell Vulnerability Enables Remote Code Execution

05:49 – How Attackers Exploit React2Shell with a Single POST Request

07:28 – Impact of React2Shell RCE on Server Privileges and Access

08:18 – How to Mitigate React2Shell and the Next.js Vulnerability

11:18 – Incident Response for React2Shell Exploitation

13:25 – Ongoing React2Shell Risk and Why Many Apps Remain Vulnerable

Key Topics Covered

• How the React2Shell and Next.js vulnerability expands the attack surface across modern web applications
• Why vibe coding security risks are accelerating exposure without developers realizing it
• Practical mitigation: patching, EDR detection, WAF limitations, and reducing attack surface

Resources

• Threat Talks: https://threat-talks.com/ 
• ON2IT (Zero Trust as a Service): https://on2it.net/ 
• AMS-IX: https://www.ams-ix.net/ams
• Threat Talks episode on Log4j: https://www.youtube.com/watch?v=CiqNmJaak5I   

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Security teams are entering an era where nothing can be trusted at face value.

In part two of our Zero Trust series with Dr. Zero Trust, Chase Cunningham, he and Lieuwe Jan Koning (Co-Founder and CTO at ON2IT Cybersecurity) explore what the future of Zero Trust looks like in an AI-driven world. 

How do you verify identity when voices and faces can be faked?
How do organizations defend against scams that scale to millions of targets?
And what happens when AI starts attacking AI?

They discuss real-world examples including deepfake fraud, “cyber-kidnapping” scams, prompt injection attacks, and the growing role of AI policy engines in defending modern systems.

One key takeaway: AI is accelerating a global trust crisis.

And this is what makes Zero Trust matters more than ever.

Simple Zero Trust principles like verification, passphrases, strict payment procedures, and continuous validation become essential safeguards for every organization.

Because in an environment where anything can be simulated, trust must always be verified.

Missed part one?
Watch “From Revolution to Reality”: https://www.youtube.com/watch?v=6reox4sqaUc&t

Timestamps

00:00 - Introduction: AI Security Threats and the Future of Zero Trust
01:07 - How Long Will Zero Trust Last? The Future of Zero Trust Strategy
01:54 - The Future of Zero Trust in an AI-Driven World
04:24 - Deepfakes, Fraud, and the Zero Trust Response to AI Security Threats
16:10 - AI Security Threats: Prompt Injection, AI Agents, and the Next Arms Race
21:55 - Final Thoughts on AI Security Threats and the Future of Zero Trust

Key Topics Covered

• How AI security threats like deepfakes are changing identity verification
• Why the future of Zero Trust depends on continuous verification
• How AI-driven attacks scale fraud and social engineering
• Why AI policy engines may become the next defensive layer in cybersecurity

Resources

• Threat Talks: https://threat-talks.com
• ON2IT (Zero Trust as a Service): https://on2it.net
• AMS-IX: https://www.ams-ix.net/ams
• Threat Talks playlist on AI and Cyber Trends: https://www.youtube.com/playlist?list=PLF5mXtEG4t5w_lz1wznTlcCuxFcsLDHox  

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Most organizations try to build it themselves.

Most underestimate the complexity.
Most get stuck in architecture diagrams instead of protecting what actually matters: data.

If execution determines success – should you really be doing it alone?

In this episode of Threat Talks, Lieuwe Jan Koning, Co-Founder and CTO at ON2IT Cybersecurity, sits down with Dr. Chase Cunningham, architect of the Zero Trust Extended (ZTX) framework, to break down what Zero Trust really requires in practice – not in theory.

Zero Trust isn’t a product. It’s not a checkbox.

It’s a decision about what you protect first – and how seriously you take execution.

If your job is to protect critical data without drowning in complexity, this episode will recalibrate your approach.

Because in the end, Zero Trust doesn’t fail on strategy.
It fails on execution.

Timestamps

00:00 – Introduction to Zero Trust Data Protection

00:50 – How Zero Trust Started at Forrester

03:19 – The ZTX Framework and Structuring Zero Trust

05:05 – Data at the Core of Zero Trust Data Protection

08:22 – Success Factors for Effective Zero Trust Data Protection

13:06 – Why Most Organizations Should Not DIY Zero Trust

15:36 – Breaches, Misconfiguration, and Market Reality

18:07 – How COVID Accelerated Zero Trust Adoption

19:25 – Closing Thoughts on Zero Trust Fundamentals

Key Topics Covered

• Where Zero Trust actually started – and how it evolved beyond network segmentation
• The shift from perimeter thinking to data-first protection
• Why most internal Zero Trust programs stall
• The operational discipline required to make Zero Trust work

Resources

• Threat Talks: https://threat-talks.com/
• ON2IT (Zero Trust as a Service): https://on2it.net/ 
• AMS-IX: https://www.ams-ix.net/ams
• Threat Talks playlist on Zero Trust:   https://www.youtube.com/playlist?list=PLF5mXtEG4t5wigSRB3fpyFfMYp3l1Ux2g
• Zero Trust Dictionary: https://on2it.net/resources/zero-trust-dictionary/

 Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

And the EU is done ignoring it.

In this exclusive first discussion of the upcoming EU Cybersecurity Act revision, Bart Groothuis, MEP, joins Lieuwe-Jan Koning, CTO and Co-Founder, to explain why vendor dependency is now a board-level security risk.

Groothuis breaks down how the revised EU Cybersecurity Act will shift Europe from soft guidance to hard enforcement - introducing formal “high-risk vendor” treatment inside critical infrastructure.

This isn’t about secret backdoors.

It’s about who controls the next update.
Who enters your data center.
And who can one day - switch off the grid.

The revision brings non-technical risk - state influence, intelligence laws, geopolitical leverage - directly into cyber certification decisions. That means supply chain risk is no longer theoretical. It’s regulatory.

And the impact goes far beyond telecom.
Energy. Cloud. Transport. Enterprise IT.

If your infrastructure depends on a vendor tied to a high-risk state, this conversation matters.

Timestamps
00:00 Opening & guest intro: MEP Bart Roos - rapporteur on EU legislation
01:23 What the CSA revision targets - certification, telecoms, cloud
09:11 Non-technical risk: intelligence laws, vendor-state ties, 5G implications
15:10 What’s new in the Security Act Revision, 4G vs 5G - why virtualisation changes the security model

17:17 Energy, inverters, and real-world dependency risks - blackouts
21:53 What organisations & buyers should do now (roadmaps, phasing out risk)
25:53 Final call to action & closing

Key Topics Covered
• Why the EU Cybersecurity Act revision treats non-technical vendor risk as policy, not just code review.
• The difference between technical vulnerabilities and vendor/state dependencies (intelligence laws, personnel access).
• 5G’s virtualised architecture: “winner takes all” risks and the limits of code audits.
• Practical next steps for CISOs: vendor inventory, risk-based roadmaps, procurement levers and phasing strategies.

Related ON2IT content & explicitly referenced resources
ON2IT website: https://on2it.net/
Threat Talks website: https://threat-talks.com/
European Commission - Cybersecurity Act overview: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act
Proposal for a Regulation for the EU Cybersecurity Act: https://digital-strategy.ec.europa.eu/en/library/proposal-regulation-eu-cybersecurity-act 

Subscribe and turn on notifications to stay ahead of emerging cyber policy, supply chain risk, and critical infrastructure security across IT and OT.
► YOUTUBE: /@threattalks
► Spotify / Apple Podcasts: 

OpenClaw connects an LLM directly to your terminal, browser, email, and chat.
 It runs with your permissions.
 It executes tasks without hesitation.

Days after launch, researchers found a One-Click RCE.

Cisco called it a security nightmare.

Gartner called it an unacceptable risk.

OpenClaw (formerly known as Clawdbot and Moltbot) represents a new phase of agentic AI: autonomous assistants operating inside your environment with almost no guardrails.

The headlines around OpenClaw have been clear: it’s a serious threat. But how should we handle agentic AIs like OpenClaw moving forward?

In this Threat Talks episode, Field CTO Rob Maas and SOC analyst Yuri Wit break down what OpenClaw actually does, where AI agent security breaks, and whether or not you should deploy OpenClaw.

OpenClaw is powerful. It’s useful.

It’s also proof that many of us are not ready for AI agents with this level of autonomy. 

Before you let an AI agent into your systems, understand what happens when it runs unchecked.

Timestamps

Key Topics Covered

·         How OpenClaw works and why agentic AI changes the security model

·         The One-Click RCE and what it reveals about AI agent security

·         Malicious skills, default allow design, and autonomous privilege abuse

·         Realistic mitigation strategies including sandboxing and controlled environments

Resources

·         Threat Talks: https://threat-talks.com/ 

·         ON2IT (Zero Trust as a Service): https://on2it.net/ 

·         AMS-IX: https://www.ams-ix.net/ams

 Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

Click here to view the episode transcript.
 

🔔 Follow and Support our channel! 🔔

 === 

 ► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Just normal protocol behavior, repeated at scale.

Each request leaks a little more MongoDB memory until something valuable shows up, even in environments that already follow network segmentation best practices.

Rob Maas (Field CTO, ON2IT) hosts Luca Cipriano (CTI & Red Team Program Lead) to dissect MongoBleed, an unauthenticated memory leak vulnerability in MongoDB, in this episode of Threat Talks.

They break down how MongoBleed exploits MongoDB’s wire protocol before authentication and why repetition matters more than a single request. 

MongoDB is everywhere: cloud platforms, scalable applications, and data-heavy environments where availability matters more than friction. If MongoDB is part of your environment, or you want to understand how this vulnerability is exploited in practice, the full breakdown is worth your time.

Timestamps

Key Topics Covered

·         How malformed compressed messages manipulate MongoDB memory allocation

·         Why BSON string parsing can expose unintended data

·         How repeated burst requests turn small leaks into valuable information

·         Why MongoDB deployments are attractive targets in the cloud

Resources

·         Threat Talks: https://threat-talks.com/ 

·         ON2IT (Zero Trust as a Service): https://on2it.net/ 

·         AMS-IX: https://www.ams-ix.net/ams

·         Threat Talks episode on Citrix Bleed: https://youtu.be/YwDpRPBfAzs

 Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

 ► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

The problem isn’t a lack of knowledge or skills.

It’s the disconnect between real-world security work, and certifications built around memorization, UI trivia, and version-specific details that will be obsolete in two months.

In this episode of Threat Talks, Rob Maas (Field CTO, ON2IT) and Nicholai Piagentini(Technical Enablement Engineer, ON2IT) break down why this happens, how certification exams are designed, and how to pass any cybersecurity certification without memorization or falling for trick questions. 

They explore how well-written exams validate real job tasks, while poorly designed ones drift into reading comprehension, UI trivia, and version-specific details that lose value the moment the product changes.

From blueprint-driven preparation to smart elimination tactics and knowing when not to overthink an answer, this is a grounded look at how to pass any certification for meaningful cybersecurity qualifications.

Timestamps

Key Topics Covered

·         Why many certification exams fail at measuring real-world cybersecurity skills

·         How to pass cybersecurity certification exams by focusing on concepts, not memorization

·         What makes a good vs bad exam (and how vendors design them)

·         Practical tactics for exam day, preparation strategies, and dealing with nerves

Resources

·         Threat Talks: https://threat-talks.com/ 

·         ON2IT (Zero Trust as a Service): https://on2it.net/ 

·         AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

🔔 Follow and Support our channel! 🔔

 === 

► YOUTUBE:    / @threattalks  

► SPOTIFY: https://open.spotify.com/show/1SXUyUE...

► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt

https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️

https://threat-talks.com

Any casualty is one too much.

That’s the reality of all airports, including DFW Airport. It’s a 28-square-mile operation, bigger than the island of Manhattan, functioning as a city with its own police, fire services, OT environments, and always-on digital infrastructure.

In this Threat Talks episode, Lieuwe-Jan Koning (Co-Founder and CTO, ON2IT) sits down with Eric Bowerman (CISO of DFW Airport), to unpack how cybersecurity actually works when IT, OT, and physical safety collide. 

From digital transformation security to real-world OT security and IT/OT convergence, this is a rare, grounded look at defending critical infrastructure where failure isn’t theoretical - it’s operational.

Timestamps

Key Topics Covered

• How a major airport functions as a digital city with IT, OT, and cyber-physical risk
• Practical OT security strategies when patching and downtime aren’t options
• Why IT/OT convergence changes threat modeling, segmentation, and detection

Resilience-first security: keeping passengers, planes, and operations moving

Click here to view the episode transcript.

Related ON2IT Content & Referenced Resources

Threat Talks website: https://threat-talks.com/
ON2IT website: https://on2it.net/

If you’re responsible for critical infrastructure, OT environments, or large-scale digital transformation, this episode is essential viewing.

🔔 Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

===
► YOUTUBE: / @threattalks
 ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E

► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

In this Threat Talks Deep Dive, Rob Maas (Field CTO, ON2IT) and Nicholai Piagentini (Technical Enablement Engineer, ON2IT) show how identity-based firewalling fixes that-by enforcing policy based on who the user is, not where they connect from.The result: stronger network access control, cleaner zero trust firewall enforcement, and better enterprise security decisions. 

• (00:56) - Intro - Detection fails without identity
• (01:02:07) - Identity signals - users, devices, tags
• (02:15:43) - Why identity-based firewalls win - zero trust & threat detection
• (04:48:01) - Why teams skip it -“as-is” migrations & fear of complexity
• (07:08:13) - Terminal servers - a network access control blind spot
• (08:17:11) - NAT & service accounts - who is the real identity?
• (10:15:12) - When user ID feels impossible - the wireless workaround
• (11:12:12) - How to start safely - turn it on, validate, tighten policy
• (14:16:30) - Not optional anymore - zero trust firewall due diligence
• (15:30:01) - Best advice - start imperfect, identity data wins
• (17:09:58) - Wrap - stop guessing, know who’s acting

Related ON2IT content & explicitly referenced resources
https://threat-talks.com/
https://on2it.net/
https://www.ams-ix.net/ams

Threat Talks connects cyber threats to operational reality-so CISOs and architects can make decisions faster.

Subscribe, follow, and turn on notifications to stay ahead of what changes enterprise security next.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

The question that actually matters is:
 “Will we still be operating when things go wrong?”

In this Threat Talks episode, Lieuwe Jan Koning speaks with Jasper Nagtegaal about what NIS2 is really trying to change - and why cyber resilience fails when organizations treat it as a policy exercise instead of a business risk.

This isn’t about regulators.
It’s about how digital risk is explained, understood, and acted on - from technical teams to the boardroom - and why organizations that meet NIS2 in practice think very differently from those that end up explaining them.

• (00:15) - Fine or resilience: the question that changes everything
• (02:20:26) - Why cyber incidents are business failures, not IT failures
• (05:30:35) - NIS2 in plain terms: resilience over compliance
• (06:35:31) - Building resilience before incidents — not after fines
• (13:31:12) - Risk-based focus: you can’t protect everything
• (16:12:37) - Why consequences still matter - and when they appear
• (18:37:18) - What cybersecurity can learn from aviation, energy & healthcare
• (18:18) - Why digital risk is still treated as a compliance burden
• (05:18:14) - Why cyber regulation works differently across countries
• (09:14:13) - What to do tomorrow: risk, boards, and real accountability
• (21:13:28) - Wrap: resilience first, compliance follows

Click here to view the episode transcript.

In maritime cybersecurity, the risk isn’t that the ship is autonomous.
It’s that you no longer know who’s steering.

Lieuwe Jan Koning (Co-Founder & CTO, ON2IT) joins Stephen McCombie (Professor of Maritime IT Security, NHL Stenden) and Hans Quivooij (CISO, Damen Shipyards) to expose the illusion of control in autonomous shipping - where technology moves fast, responsibility blurs, and regulation lags behind.

• (00:05) - No captain, just code: the Port Control dilemma
• (02:05:15) - Autonomous shipping is here - and it’s remote by design
• (06:15:48) - When it crashes: who owns the blame (and the bill)?
• (07:38:12) - Ready or not: why “keeping watch” breaks at sea
• (10:12:49) - Predictable = steerable: the risks most teams miss
• (13:49:46) - Visibility vs compromise: when the ship becomes a weapon
• (18:46:10) - The mindset shift: from castles to constant compromise
• (20:10:45) - Regulation gap: high impact, low control
• (21:45:50) - Too late? Only if you stay blind to real threats
• (01:50:19) - Stop splitting IT and OT: defend vessels like HQ
• (05:19:42) - Put it on the agenda: ask better questions, run scenarios
• (09:42:22) - Wrap: make it tangible, build security into autonomy

Related ON2IT content & explicitly referenced resources
Before the Mayday: Cyber Attacks at Sea: https://www.youtube.com/watch?v=4rxWUmjbYOo 
Hack the Boat episode: https://www.youtube.com/watch?v=Xa0TJ3eRTCw 
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Threat Talks connects cyber threats to operational reality - every week.
Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

In this Threat Talks episode, host Lieuwe Jan Koning sits down with Professor Stephen McCombie, global expert in maritime cybersecurity, to unpack real-world cyber attacks on critical infrastructure and why the maritime sector is dangerously exposed.

From GPS spoofing and insider threats to aging ship systems and state-sponsored attacks, this conversation reveals how maritime cyber risk is no longer theoretical - it’s already disrupting global trade, safety, and geopolitics.

If your organization depends on shipping, ports, or industrial OT environments, this is an episode you really shouldn’t ignore.

• (00:00) - – 01:15 Why Cyber Attacks at Sea Matter
• (01:15) - – 04:01 What Makes the Maritime Industry Uniquely Vulnerable
• (04:01) - – 07:15 Legacy Ships vs. Modern Ships: Where the Real Risk Lies
• (07:15) - – 13:17 Stuxnet and the Blueprint for Physical Cyber Attacks
• (13:17) - – 14:17 Today’s Biggest Maritime Cyber Threats
• (14:17) - – 17:04 Learning from Real Incidents: The MCAT Database
• (17:04) - – 23:19 Real Attacks at Sea: Insider Threats & GPS Spoofing
• (24:34) - – 33:11 From Awareness to Action: Solutions That Actually Help
• (33:11) - – 37:25 The Ship Honeynet: Detecting Attacks Before the Mayday
• (37:25) - – 38:24 End Key Takeaways & What Comes Next

Related ON2IT Content & Referenced Resources
Threat Talk episode - Hack the Boat: https://youtu.be/Xa0TJ3eRTCw?si=oQPhu4iyfVJEh0CQ 
Threat Talk episode - Maritime Cyber Attack Database: https://maritimecybersecurity.nl/ 
Threat Talk website: https://threat-talks.com/
ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams
https://www.mcatdatabase.org/
https://www.nhlstenden.com/
https://www.marinetraffic.com/

Click here to view the episode transcript.

Subscribe and turn on notifications to stay ahead of emerging cyber threats across IT, OT, and critical infrastructure.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

OT systems were hit with real-world consequences. AI stopped being just a productivity tool and became an attacker. And SOCs discovered - often painfully - that speed alone still means reacting too late.
In this special end-of-year Threat Talks episode, Lieuwe Jan Koning is joined by Luca Cipriano, Yuri Wit, and Rob Maas, all in ugly Christmas sweaters, to unpack why the cybersecurity trends of 2025 represent a structural break, not a gradual evolution.
They trace how attackers scaled faster than defenders, why SOC automation became unavoidable, and how preemptive security and Zero Trust execution are emerging as the only way to regain control.
This isn’t a recap for curiosity.
It’s a map of how we got here - and what must change in 2026 to stay ahead.

• (00:00) - Introduction: why 2025 felt fundamentally different
• (01:31) - - 05:12 The threat landscape shifts: OT security and real-world impact
• (05:12) - - 07:27 A new normal: how AI changed daily security work
• (07:27) - - 09:31 The most surprising attacks of 2025
• (09:31) - - 20:00 Inside the SOC: scale, speed, and analyst fatigue
• (20:00) - - 22:15 “There are protections against AI… right?”
• (22:15) - - 20:23 Zero Trust redefined: can it handle AI-driven attacks?
• (30:23) - - 32:04 Why prevention matters more than ever
• (32:04) - - 41:06 Looking ahead: predictions for cybersecurity in 2026

Related ON2IT Content & Referenced Resources
I-Soon episode
https://www.youtube.com/watch?v=Rkp4OWOcCeU&t=1s

Salesloft supply chain attack episode
https://www.youtube.com/watch?v=_asJ2AN7cbA

PromptLock malware episode
https://www.youtube.com/watch?v=lKcUwLPBC8k

MCP security episode
https://www.youtube.com/watch?v=IkV6jkuYz5g

Zero Trust episodes playlist
https://www.youtube.com/playlist?list=PLF5mXtEG4t5wigSRB3fpyFfMYp3l1Ux2g

Zero Trust infographic (PDF)
https://on2it.s3.us-east-1.amazonaws.com/250429_Infographic_ZT.pdf

Threat Talks is built for CISOs and security leaders navigating real trade-offs—not vendor promises.
Subscribe for grounded insight on Zero Trust execution, AI-driven threats, SOC automation, and preemptive security from practitioners in the field.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

A new “BGP Vortex” claim says yes  - by abusing route oscillation and BGP communities to trigger endless update loops and exhaust router CPU. So we check what actually holds up in the real world.
In this Threat Talks Deep Dive, Rob Maas, Field CTO at ON2IT, sits down with Eric Nghia Nguyen Duy, Network Engineer at AMS-IX, to understand what BGP (short for Border Gateway Protocol) actually does, how the proposed Vortex mechanism works (route oscillation + community behavior), and why real-world internet operators are far more resilient than the headline suggests.
Yes, it’s an attention-grabbing claim.

No, it’s not a “break the whole internet tomorrow” button.

• (00:00) - – 02:29 Introduction: The BGP Vortex Claim
• (02:29) - - 06:35 What is BGP?
• (06:35) - - 13:13 BGP Vortex: How it works
• (13:13) - - 15:02 What an Attacker Would Actually Need
• (15:02) - - 19:08 What can we do to prevent this
• (19:08) - - 19:56 What role AMS-IX plays
• (19:56) - – 22:01 Conclusion

Resources
• BGP Vortex research paper: https://www.usenix.org/system/files/usenixsecurity25-stoeger.pdf 
• BGP Vortex presentation video: https://www.youtube.com/watch?v=dd6L1mdQLmk
• Threat Talks: https://threat-talks.com/
• ON2IT (Zero Trust as a Service): https://on2it.net/
• AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

One weak crypto key and a broken deserialization function let attackers hit your WSUS server with unauthenticated SYSTEM-level code execution. Chinese APT groups are already exploiting it to drop malware in memory, blend into legitimate WSUS traffic, and pivot deeper into the network.

Yes WSUS patch exists, but even if you patch it today, the real problem remains:
Your WSUS server is a high-value target with high-trust pathways - and most environments expose it far more than they think.

Watch host Lieuwe Jan Koning - with Blue Team expert Rob Maas and Red Team lead Luca Cipriano - break down how the exploit works, how attackers chain it into real-world intrusions, and the Zero Trust fixes that actually matter.

• (00:00) - Intro
• (01:03) - What is a WSUS server?
• (02:48) - The WSUS vulnerability
• (05:49) - What is deserialization?
• (08:17) - What to do about this vulnerability
• (10:52) - How attackers are exploiting it
• (18:42) - Real-world harm
• (19:16) - Final advice & defense strategy

Episodes Mentioned
• China Nexus Barracuda Hack: https://www.youtube.com/watch?v=4X9AmBhOmSA
• APT Sand Eagle: https://youtu.be/U5qdERmvEwg?si=kdsCJDNkGjs6Lklz
• APT 44 / Seashell Blizzard: https://youtu.be/JqA0Irspxrc?si=nnJpz7VnLtz38LN4
• APT Handala: https://youtu.be/XYf-SMhQdDc?si=WpIE0h9Q-pokz0MD

Guest & Host Links
Rob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/
Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/

Additional Resources
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

They called it Bad Successor (A.K.A. CVE-2025-53779).

A new “secure by design” feature in Windows Server 2025 -DMSA -was supposed to fix service account hygiene. Instead, it introduced a loophole where attackers could claim successor status, skip password requirements, and silently inherit elevated rights from any target account.

Including domain admin.

Even after Microsoft patched the issue, the deeper risk remains:
Service accounts are over-privileged, under-monitored, and dangerously trusted -and adversaries know it.

This isn’t a niche AD misconfiguration.

It’s a privilege-escalation design flaw hiding inside a security feature, and a warning shot for every environment leaning on default trust in the identity layer.

Watch host Rob Maas, Field CTO at ON2IT, and Luca Cipriano, CTI & Red Team Lead at ON2IT break down how Bad Successor works, how attackers exploited it, and what a Zero Trust AD strategy actually looks like in 2025.

• (00:00) - Intro & why service accounts still matter
• (00:46) - What are service accounts really for?
• (01:31) - DMSA explained: Microsoft’s new managed service account
• (02:56) - How DMSA migration works (the phone-migration analogy)
• (04:40) - What is Bad Successor & why it matters
• (08:00) - How widespread is this vulnerbility?
• (11:42) - – Microsoft’s patch & post-patch stealth paths – is the patch working?
• (14:03) - Defending AD: patching, OU permissions & logging
• (15:23) - Is Bad Proccessor the biggest active directory attack in your tool box?

Got your attention?
Subscribe to Threat Talks and turn on notifications for deep dives into the world’s leading cyber threats and trends.

Guest and Host Links:
Rob Maas (Field CTO, ON2IT): https://threat-talks.com/the-hosts/
Luca Cipriano (CTI & Red Team Lead, ON2IT): https://threat-talks.com/the-hosts/

Additional Resources
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

In this Threat Talks episode, Lieuwe Jan Koning and former FBI Supervisory Special Agent William McKean (founder of The Redirect Project) explore how young digital natives go From Hacker to Hero.

They chart the journey from gaming and online communities to risky first hacks and real-world intrusions. Then they show how to redirect that curiosity away from cybercrime and into ethical hacking, cyber defense, and a Zero Trust mindset at home and at work.

You’ll get practical questions to ask kids, simple “safe word” tactics, and concrete steps security leaders can use to grow defenders instead of future attackers.

Key Topics Covered
From gamer to attacker: How curiosity, gaming communities and digital “mentors” funnel kids into cybercrime, and how to redirect that path toward ethical hacking.

Psychology of recruitment: Why belonging, status and rewards override an undeveloped moral compass, and how grooming patterns mirror terrorism and gang recruitment.

Parent & educator playbook: Practical ways to talk about online life, spot early warning signs, use “safe words,” and apply a Zero Trust mindset at home.

Diversion, not destruction: How programs like The re_direct Project, HackShield, re_B00TCMP, Hack_Right, and The Hacking Games turn justice-involved kids into defenders instead of life-long offenders.

• (00:00) - - Introduction
• (01:25) - - What does FBI’s cyber division do
• (05:40) - - Children as hackers
• (08:14) - - From hacker to helper
• (10:31) - - It all starts with curiosity
• (17:56) - - What about AI development
• (21:27) - - Other mechanisms to worry about
• (22:32) - - 27:17 What can we do to help
• (27:17) - - The re_direct Project
• (33:45) - - What should the consequences be for child hackers
• (37:09) - - Recommendations for parents
• (42:02) - - What can organizations do

Episode Guest & Projects Mentioned
• The re_direct Project (youth cyber diversion & mentorship): https://www.redirectproject.org/ 
• HackShield (elementary school cyber game): https://www.hackshieldgame.com/ 
• Dutch Police re_B00TCMP “Reboot Camp”: https://www.politie.nl/informatie/re_b00tcmp.html 
• Hack_Right juvenile cyber program: https://www.om.nl/onderwerpen/cybercrime/hack_right 
• The Hacking Games (ethical hacker esports): https://www.thehackinggames.com/ 

If this episode helped you rethink your From Hacker to Hero strategy for your family or your workforce, don’t forget to hit Like, subscribe to Threat Talks.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔 === 
► YOUTUBE: https://youtube.com/@ThreatTalks 
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E 
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 
👕 Receive your Threat Talks T-shirt https://threat-talks.com/ 
🗺️ Explore the Hack's Route in Detail 
🗺️ https://threat-talks.com 🕵️
 Threat Talks is a collaboration between @ON2IT and @AMS-IX

They called it Shai Hulud.

It didn’t just infect one package. It infected developers themselves.

When a maintainer got phished, the worm harvested credentials, hijacked tokens, and created new CI/CD workflows to keep spreading - automatically.

No command-and-control. No manual uploads. Just a chain reaction across the npm registry.

And while the world was busy shouting about “2.6 billion downloads affected,” this real threat was quietly exfiltrating GitHub, cloud, and npm secrets - right under everyone’s nose.

This isn’t just another npm story.

It’s the first-ever self-replicating supply chain worm - and a wake-up call for every developer and security team building in the open.

Watch host Rob Maas (Field CTO, ON2IT) and Yuri Wit (SOC Analyst, ON2IT) 

break down how it started, how it spread, and how to make sure your pipeline isn’t the next one to go viral.

• (00:00) - Intro, welcome & what npm is
• (00:01) - Crypto drainer: how it worked, maintainer phish & real impact
• (00:05) - “Shai Hulud” worm: credential harvesting & package spread
• (00:07) - Hype vs reality: the “2.6 billion downloads” myth & media reaction
• (00:10) - Defenses: dependency strategy & CI/CD workflow alerts
• (00:14) - Secrets hygiene, OS targeting (Windows exit), end-user/EDR tips & takeaways

• How a maintainer phish and TOTP capture led to a crypto drainer in npm.
• Why Shai Hulud’s credential harvesting + CI/CD persistence makes it high-impact.
• Practical defenses: pin/review dependencies, CI/CD change alerts, secret rotation, egress monitoring.
• What developers vs. end users can (and can’t) do in supply-chain attacks.

Got your attention? 

Subscribe to Threat Talks and turn on notifications for more content on the world’s leading cyber threats and trends.

Guest and Host Links: 

Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/  

Yuri Wit (SOC Analyst, ON2IT): https://www.linkedin.com/in/yuriwit/  

Additional Resources
 Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
npm: https://www.npmjs.com/
Node.js: https://nodejs.org/
GitHub Docs: Actions & Workflows: https://docs.github.com/actions
MetaMask: https://metamask.io/
OWASP Dependency Management: https://owasp.org/www-project-dependency-check/
SLSA Supply-chain Levels for Software Artifacts: https://slsa.dev/

Click here to view the episode transcript.

They trace how vishing calls, trojanized Salesforce tools, and GitHub-to-AWS pivots gave attackers OAuth access and drained CRMs without a single alert. You’ll hear how Drift integrations and bulk SOQL queries quietly moved data out of sight, while audit trails and API metadata disappeared.
If you need provable control over data exfiltration and a narrative your board will understand, this is your playbook.

Turn Zero Trust from slogan to stop - with IP allowlists, app inventories, token telemetry, and shared responsibility that actually blocks abuse at the source.

• (00:00) - Cloud first did not mean data safe.
• (00:45) - What Salesforce is and why attackers target it.
• (02:00) - Campaign one. Vishing and a trojanized data loader to OAuth access.
• (04:15) - Campaign two. Salesloft and Drift path from GitHub to AWS to Salesforce tokens.
• (07:00) - Impact and cover up. 700 plus orgs hit and API job metadata removed.
• (09:10) - Who was involved. ShinyHunters, Scattered Spider, Lapsus, and legal fallout.
• (11:00) - Zero Trust actions. IP allowlisting, app inventory, token monitoring, staff education, shared responsibility.

Found value and want outcome focused guidance every week? 
Subscribe to Threat Talks, turn on notifications and add your questions for the next deep dive

Guest and Host Links: 
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 
Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT): https://www.linkedin.com/in/luca-c-914973124/

Click here to view the episode transcript.

Additional resources:
Threat Talks https://threat-talks.com/
ON2IT https://on2it.net/?
AMS IX https://www.ams-ix.net/ams
Salesforce https://www.salesforce.com/
Salesloft https://www.salesloft.com/
Drift https://www.drift.com/
Okta https://www.okta.com/
Have I Been Pwned https://haveibeenpwned.com/

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE:  / @threattalks  
► SPOTIFY: https://open.spotify.com/show/1SXUyUE...
► APPLE: https://podcasts.apple.com/us/podcast...

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Host Lieuwe Jan Koning with RobMaas (Field CTO, ON2IT) explain the app storenightmare in plain language. A new system (MCP) lets AI tools like ChatGPT, Claude, and Gemini do tasks for you - sometimes too much. When a bad tool or a sneaky document gets in, it can read, send, or delete things without you noticing.

Real cases, real damage:

• Postmark MCP backdoor - secretly BCC’d emails (email copies)
• Shadow Escape - “zero-click” data theft from a hidden prompt
• kubectl chaos - a command mistake that can wipe servers

Your quick fix: keep a list of every AI tool and give each only the access it needs. Example: let your document bot read just the “Policies” folder—not your whole drive. For more fixes, watch the full episode.

Key topics covered:

·       The app storenightmare: a new AI app store you don’t control

·       How a tricked document can make your AI act against you

·       A simple ZeroTrust plan anyone can start today

·       How to cut tool sprawl, cost, and risk—without slowing the team

If you use ChatGPT, Claude, or Gemini at work, this is your survival brief.
Subscribe for more Threat Talks and ON2IT’s Zero Trust guidance.

Guest and Host Links: 

Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 

Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/ 

Click here to view the episode transcript.

Additional Resources:
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
Anthropic MCP announcement: https://www.anthropic.com/news/model-context-protocol
OpenAI Tools/Connectors/MCP: https://platform.openai.com/docs/guides/tools-connectors-mcp
Kubernetes (kubectl): https://kubernetes.io/docs/reference/kubectl/
Reported Postmark MCP backdoor: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Shadow Escape zero-click research: https://www.globenewswire.com/news-release/2025/10/22/3171164/0/en/Operant-AI-Discovers-Shadow-Escape-The-First-Zero-Click-Agentic-Attack-via-MCP.html

If this saved you a breach, subscribe to Threat Talks and follow ON2IT for weekly Zero Trust moves. New episode next week.

In this episode of Threat Talks, Lieuwe Jan Koning (CTO & co-founder of ON2IT) sits down with Ernst Noorman, Ambassador at Large for Cyber Affairs for the Kingdom of the Netherlands. They reveal how backchannel talks, sanctions, and shared rules define what countries can and can’t do in cyberspace, and what CISOs can learn from a diplomat’s playbook. This isn’t patch management. It’s peacekeeping in real time.

What You’ll Learn (From Real-Life Example Discussions)

• What a cyber ambassador actually does – and why every nation needs one.
• How diplomacy helps prevent cyber conflicts between world powers.
• Why UN-backed cyber norms matters even when nations ignore them.
• How global collaboration builds cyber resilience, from Ukraine to Asia.
• What businesses can learn from diplomats about cooperation and intelligence sharing.

• (00:00) - - 02:29 - Intro
• (02:29) - - 03:46 - What is the role of a cyber ambassador?
• (03:46) - - 09:13 - What diplomacy achieves
• (09:13) - - 10:07 - The US and cyber diplomacy
• (10:07) - - 11:51 - Asian countries and their approach to cyber crime
• (11:51) - - 15:47 - The five ‘don’t’s and eight ‘do’s’ at UN level
• (15:47) - - 19:52 - What happens if someone violates a rule?
• (19:52) - - 21:09 - Helping Ukraine with cyber resilience + the Tallinn mechanism
• (21:09) - - 23:01 - Efforts against disinformation
• (23:01) - - 26:22 - How to ensure information integrity
• (26:22) - - 29:12 - What is the Brussels Effect?
• (29:12) - - 30:13 - Common ground on worldwide subjects
• (30:13) - - 30:35 - Treasure hunt
• (30:35) - - 34:51 - Diplomacy and skepticism
• (34:51) - - 37:59 - A European Splinternet - how realistic is this?
• (37:59) - - 39:07 - The Cyber Resilience Act and China
• (39:07) - - 47:23 - Initiatives to look forward to
• (47:23) - - 48:53 - Outro

• ON2IT: https://on2it.net/
• Threat Talks: https://threat-talks.com/
• AMS-IX: https://www.ams-ix.net/ams
• Lieuwe Jan Koning: https://www.linkedin.com/in/lieuwejan/ 
• Ernst Noorman: https://www.linkedin.com/in/ernst-noorman-b630ab6/ 

If this episode gave you a new view on global cybersecurity, subscribe to Threat Talks. Share it with your team – because in a connected world, every company plays a role in cyber peace.

Click here to view the episode transcript.

• (00:00) - 01:11 - Intro
• (01:11) - - 02:28 - Reality check #1: Not everything can be patched
• (02:28) - - 05:02 - Reality check #2: Patches are scary
• (05:02) - - 08:45 - The solution: Patch in phases
• (08:45) - - 10:36 - How Zero Trust enables patch management
• (10:36) - - 11:23 - Prioritization matters
• (11:23) - - 14:50 - Patching tips and tricks
• (14:50) - - 16:21 - Guidelines for patching triage
• (16:21) - - 17:37 - Practical advice
• (17:37) - - END - Outro

Key Topics Covered

·       Why “patch everything immediately” fails; availability vs. security

·       Staged deployments and rollback safety for crown-jewel services

·       Zero Trust segmentation to reduce urgency and shrink attack surface

·       Priority signals that matter: asset criticality, exposure, KEV, CVSS

Related ON2IT content & explicitly referenced resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks (site): https://threat-talks.com/
CVSS (FIRST): https://www.first.org/cvss/
CISA guidance – Citrix/NetScaler (Citrix Bleed example): https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed
Crowdstrike episode: https://youtu.be/IRvWVg1lSuo?si=f8Sj6WYG0KNxlkJD 

Click here to view the episode transcript.

Additional Resources
• Threat Talks Episode on SSL Decryption – https://youtu.be/Xv_jVHVsD9w
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• ACME protocol (RFC 8555): https://datatracker.ietf.org/doc/rfc8555/
• Let’s Encrypt / ACME protocol – https://letsencrypt.org
• DigiNotar case study background – https://en.wikipedia.org/wiki/DigiNotar
• Mozilla CA Program (trusted root store): https://wiki.mozilla.org/CA
• infographic about encryption  https://on2it.s3.us-east-1.amazonaws.com/20250304_Infographic_Encryption.pdf

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Key Topics Covered
•  Why root certificates must never be online—and how intermediates provide a safe fallback.
•  Real-world PKI failure: DigiNotar compromise and lessons for CISOs.
•  How ON2IT built a secure, low-cost PKI with offline key bearers and ACME automation.
•  The hidden risks of training employees to ignore certificate warnings—and how Zero Trust demands the opposite.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Rob Maas (Field CTO, ON2IT) and Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT) reveal how poor cyber hygiene erodes trust, endangers partners, and weakens enterprise defenses.
CISOs, CIO and IT managers remember: in a Zero Trust world, your weakest link might not even be inside your organization.

• (00:00) - Why your cyber hygiene affects others
• (00:28) - Meet the speakers (Rob Maas, Luca Cipriano)
• (00:47) - Cyber hygiene defined for CISOs
• (03:00) - Unlocked phone → passwords in notes, WhatsApp fraud, ID photos
• (05:53) - SOC case: contractor email compromise → remote tool drop (ConnectWise)
• (09:40) - OSINT: 19 breaches + iterative password reuse
• (17:01) - What to fix now: MFA, vaults, device lock, breach monitoring
• (20:24) - Final takeaways & resources

Click here to view the episode transcript.

Related ON2IT Content & Referenced Resources
• ON2IT: https://on2it.net/
• Threat Talks: https://threat-talks.com/
• AMS-IX: https://www.ams-ix.net/ams
• WatchYourHack: https://watchyourhack.com
• Have I Been Pwned: https://haveibeenpwned.com

Guest and Host Links: 
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ 
Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/

If this helped, subscribe to Threat Talks. Share this episode with your partners and contractors—stronger cyber hygiene across your ecosystem protects everyone. 

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Real examples you’ll hear:
• The neighborhood chat stuck on WhatsApp—and how switching to Signal breaks dependency.
• How your address book upload leaks other people’s data to platforms.
• Why secure doesn’t mean private on platforms that profit from your data.
• Age checks done right: passport chip + selective disclosure instead of oversharing.
• Patient groups and municipalities using PubHubs for private, verified rooms (no ads).
• Continuity risk in the real world: federated login outages, US-dependent authenticators, transatlantic cable cuts, and a court moving email to ProtonMail to stay operational.

• (00:00) - – Free vs. monetized internet
• (02:22) - – Facebook: secure ≠ private
• (05:31) - – WhatsApp vs. Signal trade-offs
• (07:05) - – Metadata & social graph risk
• (11:58) - – Attribute-based auth (Yi)
• (19:55) - – Decentralized login; split keys
• (28:11) - – PubHubs: private, verified rooms
• (49:54) - – Continuity: vendor/cable risk
• (56:01) - – Close & takeaways

Guest and Host Links: 
Lieuwe Jan Koning (ON2IT Co-Founder): https://www.linkedin.com/in/lieuwejan/ 
Bart Jacobs: http://www.cs.ru.nl/~bart/

If this helped you strengthen your Zero Trust policy, subscribe, like, and share. New episodes weekly. Follow Threat Talks on YouTube, Spotify, and Apple Podcasts.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

• (00:00) - — Welcome & Zero Trust Step 5B
• (00:57) - — Five steps: fast recap
• (03:12) - — Maintain = policy validation
• (05:31) - — Vendor updates, hidden features
• (08:46) - — Traffic flows vs. reality
• (10:19) - — Behavior analytics, baselines
• (11:56) - — Cloud/K8s/service-mesh shifts
• (16:32) - — Wrap-up & next actions

Zero Trust Series
Step 1: https://youtu.be/mC66i-tEEFs
Step 2: https://youtu.be/wp0q9aZHuXc
Step 3: https://youtu.be/eGsw2JCnrac
Step 4A: https://youtu.be/qT_nqbBEkVw
Step 4B: https://youtu.be/fnKyMITZes8
Step 5A: https://youtu.be/N7pWXLxI6kY

Guest and Host Links:
Lieuwe Jan Koning (ON2IT Co-Founder): https://www.linkedin.com/in/lieuwejan/ 
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 

If this helped you strengthen your Zero Trust policy, subscribe, like, and share. New episodes weekly. Follow Threat Talks on YouTube, Spotify, and Apple Podcasts.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

• (00:00) - - 01:40 - Introduction
• (01:40) - - 02:27 - What is APT Handala?
• (02:27) - - 05:27 - Kill Chain Step 1: Reconnaissance
• (05:27) - - 06:43 - Kill Chain Step 2: Weaponization
• (06:43) - - 10:39 - Kill Chain Step 3: Delivery
• (10:39) - - 14:37 - Kill Chain Step 4: Exploitation
• (14:37) - - 17:34 - Kill Chain Step 5: Installation
• (17:34) - - 23:39 - Kill Chain Step 6: Command and control
• (23:39) - - 26:40 - Kill Chain Step 7: Act on objectives
• (26:40) - - 29:35 - How to respond to being hacked
• (29:25) - - 30:22 - Closing notes

Additional Resources
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• Lockheed Martin Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Tor Project (onion services): https://www.torproject.org/
• Threat Talks hub: https://threat-talks.com/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

This episode strips away sci-fi hype. You’ll see the psychology of an adversary that thinks mid-attack—and the Zero Trust defenses that box it in. When AI runs inside the kill chain, malware doesn’t just evolve. It crosses into super-malware.

• (00:00) - — Cold open: “What if malware could think?”
• (00:18) - — Welcome: Rob Maas & Yuri Wit
• (00:41) - — First reaction to PromptLock
• (01:02) - — How attackers already use AI (phishing, coding, negotiations)
• (03:02) - — Why PromptLock is different: AI during execution
• (03:35) - — How it works: Go → Ollama → LLM → Lua
• (06:36) - — Proof-of-concept tells (the Satoshi wallet)
• (07:55) - — Defense shift: hashes die, behavior wins
• (10:40) - — Detecting LLM calls: SSL inspection realities
• (11:26) - — Quick wins: block interpreters (Lua/Python/PowerShell)
• (12:23) - — Zero Trust moves: default-deny egress & segmentation
• (12:41) - — What’s next: dynamic exploits & on-demand EDR bypass
• (16:21) - — Timelines & hardware: why adoption could accelerate
• (18:21) - — Wrap-up & CTA

Key Topics Covered
• The first documented case of AI inside the breach — why Promptlock changes the game
• Promptlock’s core loop: calling an LLM mid-attack to generate fresh payloads.
• Why hash-based detection breaks against AI-powered malware detection, ever-changing scripts.
• Behavioral defense over signatures: EDR/XDR, sandboxing, and SSL inspection.
• Zero Trust in practice: block script interpreters, restrict egress, and shrink blast radius.

Additional Resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks hub: https://threat-talks.com/
Ollama (referenced in episode): https://ollama.com/
The Rising Threat of Deepfakes: https://youtu.be/gmtZ_aYmQdQ

Guest & Host Links:
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ 
Yuri Wit, SOC Specialist, ON2IT: https://www.linkedin.com/in/yuriwit/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

• (00:00) - – Why your defenses aren’t enough
• (00:11) - – What is Data Bouncing?
• (01:22) - – How attackers exfiltrate data via DNS & headers
• (05:20) - – Live demo: DNS lookups & Burp Suite interception
• (10:48) - – Reassembling stolen files undetected
• (15:24) - – Can you defend against Data Bouncing?
• (19:20) - – Testing it in your own environment
• (21:00) - – Key takeaways & call to action

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/
• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/ 

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning (ON2IT Co-Founder) sits down with Rob Maas, Field CTO at ON2IT, to tackle the hard question: How can CISOs and security leaders embrace AI safely—without exposing their organization to destructive data leaks?

From Samsung’s ChatGPT ban to real-world AI hallucinations, we unpack why “AI, play it safe” doesn’t mean blocking innovation—it means controlling it.

• (00:00) - 00:00 – AI, play it safe introduction
• (00:00) - 00:41 – Customer fears: Ban AI or embrace it?
• (00:00) - 01:13 – Real case: $1 Chevrolet Tahoe & AI chatbots gone wrong
• (00:00) - 02:46 – Samsung’s ChatGPT ban: lessons for CISOs
• (00:00) - 06:50 – How AI transforms work & productivity (coding, translation, ops)
• (00:00) - 17:00 – Data exposure & AI governance: the #1 risk
• (00:00) - 30:21 – LLM on Prem
• (00:00) - 33:10 – AI hallucinations & unsafe outputs (dangerous examples)
• (00:00) - 40:50 – The CISO dilemma: Fall behind or take control

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

If you’re a CISO, CIO, or security leader navigating the AI storm, this episode is a must-watch.

Click here to view the episode transcript.

🔔 Follow and support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

• (00:00) - — Welcome & Step 5A (Monitor) setup
• (00:37) - — Steps 1–4 recap: protect surfaces, flows, architecture, policy
• (04:12) - — MDR vs protection: why “collect all logs” fails
• (07:28) - — Events vs logs: inspect every event & retention reality
• (10:22) - — Context from protect surfaces: mapping IPs to business systems
• (13:41) - — IoG vs IoC vs Unknown: triage model & beating alert fatigue
• (17:59) - — Rules of Engagement: automation, kill switch & blast radius (prevention first)

If this helped sharpen your Zero Trust monitoring strategy, subscribe to Threat Talks and turn on notifications—don’t miss Step 5B (Maintain).

Additional Resources
• https://on2it.net/zero-trust/
• https://on2it.net/managed-security/protect-surface-management/
• https://on2it.net/wp-content/uploads/2023/02/Zero-Trust-Dictionary-EN.pdf
• https://on2it.net/context-is-key-the-data-challenge-of-cybersecurity/
• https://threat-talks.com/
• https://www.ams-ix.net/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

In this Threat Talks deep dive, Lieuwe Jan Koning, Yuri Wit (Red Team), and Rob Maas (Blue Team) reveal exactly how these attacks unfold, why they’re so hard to stop, and how Zero Trust can tip the balance back to defenders.

• (00:00) - – Cyber warfare in the Ukraine conflict: setting the stage
• (01:10) - – Who is Seashell Blizzard? Names, aliases, and Russian GRU ties
• (04:00) - – NotPetya, Olympic Games, and high-profile disruption campaigns
• (07:31) - – Initial access: stealth exploits on edge devices
• (11:40) - – Privilege escalation via Living-off-the-Land (LOLBin) tactics
• (15:23) - – Weaponizing Group Policy Objects with “Tank Trap” for mass wipers
• (19:13) - – Objectives: disruption, damage, and public bragging rights
• (23:40) - – Zero Trust defenses, segmentation, and last-resort recovery

Related ON2IT Content & Referenced Resources
• ON2IT Threat Talks Playlist: https://www.youtube.com/@ThreatTalks/playlists ON2IT Zero Trust Resources: https://on2it.net/zero-trust
• MITRE ATT&CK – Sandworm Team (APT 44): https://attack.mitre.org/groups/G0034/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

In this episode of Threat Talks, ON2IT Field CTO Rob Maas speaks with security expert Jeroen Scheerder about the real risks of Recall. They break down how the tool works, what data it captures, and why the built-in protections may not be enough.

In this episode of Threat Talks:

🧠 How Recall works and what makes it so controversial

🔍 Why bolted-on security measures leave gaps

🎯 Which users and organizations are most exposed

Tune in to hear why Windows Recall is raising red flags and what you need to know to protect your organization.

He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what’s already happening and what needs to happen next.
They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.” 

Key topics:
✅ How to adopt your security and governance to the use of AI
🧠 Why applying existing IT risk frameworks is a smart starting point
⚖️ How to balance regulation, trust, and innovation
Can your organization keep up with AI that moves faster than human oversight?

Understanding how data travels to, from and around protect surfaces is your next logical movie. Why? Because if you don’t know how your systems talk to each other, you can’t secure them.

In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas discuss how to identify communication paths between protect surfaces and why this visibility is critical for both risk containment and policy validation.

They explore:

✅ How to identify communication paths

⛕The difference between inbound and outbound traffic (and why this matters)

🙋🏼‍♂️Why business owners and business context are essential

Get all the details and

insights on this second step of Zero Trust: mapping the transaction flows.

Additional Resources:

► Zero Trust Step One: https://youtu.be/mC66i-tEEFs

Additional Resources:

► Operational Technology for Dummies (Previous Episode): https://youtu.be/Pdp_OCf6npQ

► Inside Volt Typhoon: China’s Silent Cyber Threat: https://youtu.be/DSalzpj59RI

► Hack the Boat - cybersecurity on the high seas 🌊 - Threat Talks Cybersecurity Podcast: https://youtu.be/Xa0TJ3eRTCw

In this Deep Dive, Rob Maas sits down with Luca Cipriano to break down what OT is, why it’s different from IT, where the two overlap and how we can start securing both before it’s too late.

Key topics:

⚙️ What OT is (and isn’t)

📉 Why IT and OT often don’t speak the same language

🛠️ Real-life OT cyberattacks (hello, FrostyGoop and TRITON)

Welcome to OT 101: explained in plain language, with a healthy dose of practicality.

In this episode of Threat Talks, host Karin Muller is joined by TC Hoot (VP of Contracts at TAC) and Luca Cipriano (Threat Intel Specialist at ON2IT) to explore how airports, hospitals, ports, and even water systems can be compromised.

Key topics they tackle:

🛳️ Why are modern ships, airports, hospitals and even cities targeted?

🛡️ What makes OT so hard to secure compared to IT?

✈ What do real-world OT threats look like and how can we defend against them?

If you’ve ever asked “how could a fish tank lead to a casino breach?” or “can someone actually hack an airport’s baggage system?” this one’s for you.

In step one of Zero Trust: define your protect surface, we focus on how to prioritize what you want to protect, how to avoid common pitfalls, and how to kick off your Zero Trust journey from a solid, business-aligned foundation.

In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas get down to the basics of step one of Zero Trust: defining the protect surface.

They explore:

✅ Methods for defining protect surfaces

⛨ Establishing the relevance of each protect surface

📈 How to align your cybersecurity with business needs and goals

In this second episode of a multi-part deep dive on Zero Trust, Lieuwe Jan and Rob clarify where to start with Zero Trust implementation, discuss the importance of business and board involvement and explain why starting small is key.

In this kickoff episode of this Zero Trust series, Lieuwe Jan Koning and Rob Maas explore what Zero Trust actually is, how to think about it strategically, and why it’s not just about identity or buying new tools.

They discuss:

✅ Why Zero Trust isn’t a product, and what it actually is

🗺️ The five steps and four core principles of Zero Trust

🚧 Why business alignment – and not anything technical – is the hardest part of Zero Trust implementation

They debunk the most common myths, from “Zero Trust is identity” to “just buy a firewall,” and explain what it takes to embed Zero Trust into business operations. A must-watch, whether you’re just curious, are just starting your Zero Trust journey or are already well underway.

In this episode of Threat Talks, Lieuwe Jan Koning is joined by Rob Maas and Luca Cipriano to break down how these attackers operate and what their endgame might be.

💨 What makes “low and slow” attacks so hard to detect?

🔧 How do living-off-the-land tactics help attackers blend in?

📉 What motivations do threat actors like Volt Typhoon have?

Volt Typhoon isn’t just another cyber threat: it’s a sign that the game has changed. If you’re focused on national security, infrastructure, or advanced threat defense, you won’t want to miss this episode.

In this Deep Dive, host Rob Maas and special guest, cybersecurity researcher Michele Campobasso, discuss dark markets, and the rise of cybercrime-as-a-service.

Key questions answered in this Deep Dive:

🕶️ What are dark markets, and how do they work?

🔑        How do cybercriminals (or intrepid researchers) access these dark markets?

🎬        How is cybercrime becoming as accessible as a streaming service?

⚠️  What risks do businesses face from dark markets?

🔎        What role does threat intelligence plays in monitoring these markets?

With cybercrime as easy to access as a Netflix subscription, Rob and Michele explore how these underground marketplaces operate, how they’re changing the threat landscape, and what organizations can do to protect themselves.

Would you pay $10 for access to a corporate system? Because someone on the dark web already has. In this episode of Threat Talks, host Lieuwe Jan Koning talks to cybersecurity researcher Michele Campobasso about the business of cybercrime. From ransomware services to stolen credentials, the dark web is thriving.

💰 How much is YOUR data worth on the dark web?
🚨What’s for sale—and who’s buying?
🛒 How is hacking becoming a subscription-based service?

Cybercriminals operate like well-run businesses, offering hacking tools, stolen credentials, and even customer support. But if cybercrime is getting more sophisticated, what can individuals and businesses do to fight back?

Time synchronizationis an overlooked but essential part of cybersecurity. A few microseconds ofdrift can lead to failed transactions, inaccurate forensic logs, or evensecurity breaches.

In this episode of ThreatTalks, host Rob Maas (Field CTO, ON2IT) and guest Jan van Boesschoten(Innovation Manager, AMS-IX) discuss:

·      How does time impact cybersecurity, and whathappens when it drifts?

·      Why is NTP no longer sufficient for high-speeddigital transactions?

·      How does Precision Time Protocol (PTP) providemicrosecond accuracy (and why does that matter)?

·      Could time manipulation be an attack vector,and how do organizations mitigate this risk?

From financialtransactions to forensic log analysis, knowing exactly when an eventoccurs can make or break an organization’s security posture.

• Why is SSL decryption necessary, and what are the risks of ignoring encrypted traffic?
• How do modern malware and attacks leverage encryption to bypass traditional security measures?
• What are the top three things organizations must do to implement SSL decryption effectively?
• Why do only 3.5% of organizations have an active SSL decryption policy, and how can this change?

Rob Maas explains how decrypting SSL traffic allows security teams to detect and stop threats at an early stage, preventing malware downloads, phishing attempts, and web-based attacks before they reach endpoints.

•  How does the Intrusion Kill Chain flip the script on cyberattacks?
• The 250 active adversary campaigns that security teams must track
• How MITRE ATT&CK and the Diamond Model strengthen modern defense strategies
• Why global governments and intelligence agencies aren’t doing more to share cyber threat intelligence

Despite decades of talk about intelligence sharing, most information is still exchanged manually, often via spreadsheets. As Howard points out, a true global threat-sharing framework could give defenders the upper hand.

Don’t miss this deep dive into adversary strategies and what they mean for the future of cybersecurity.

👕 Receive your Threat Talks T-shirt via https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️ via https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

In this episode of Threat Talks, hostLieuwe Jan Koning is joined by Rick Howard – former Commander of the US Army’sComputer Emergency Response Team and former CSO of Palo Alto Networks – todiscuss the first principle of cybersecurity.

❓What’s the difference between cybersecurity strategy and tactics?

❓How come some random geezers are better at cybersecurity forecastingthan industry pros?

❓Is resilience the ultimate cybersecurity strategy?

❓Why does Rick Howard think Zero Trust is a passive strategy? 

And for the book lovers amongst us – over500 cybersecurity books are published each year. Wanna know which are worthyour time?

Rick Howard’s Cybersecurity Canon has gotyou covered: https://icdt.osu.edu/about-cybersecurity-canon

👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Deepfakes aren’t just for entertainment anymore: they’re now an increasingly powerful tool for cybercriminals. With AI advancing rapidly, attackers can clone voices, fake identities, and manipulate live video in real time.

In this episode of Threat Talks, we explore how deepfake scams have already cost companies millions.

From CEO voice fraud to bypassing identity checks, the risks are rising.

👥 How do deepfakes work?

👥 What makes them so dangerous?

👥 How can organizations protect themselves?

Join host Rob Maas and ON2IT SOC analyst Yuri Wit as they break down the latest deepfake threats and what you can do to stay ahead.

👕 Receive your Threat Talks T-shirt https://threat-talks.com/🗺️ Explore the Hack's Route in Detail

🗺️https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

In this episode of Threat Talks, Jeroen Scheerder from ON2IT delves into post-quantum cryptography and answers key questions:

• What is Quantum Computing?
• Why does it challenge RSA and other encryption standards?
• What is Q-Day, and when will it happen?
• How can companies prepare for the post-quantum era?

🎯 Key Takeaways

🛡 Data minimization and post-quantum cryptographic algorithms are essential.

📈 Start planning your migration strategy now.

🚨 Don’t procrastinate – quantum computing is coming sooner than you think.

💻 More Resources: Visit Threat-Talks.com to stay informed on quantum computing and its impact on cybersecurity.

📢 Like, Subscribe & Share – Help us spread the word about preparing for the quantum age!=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/post-quantum-threat-to-encryption/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com/downloads/🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

In this episode of Threat Talks – The Deep Dive, Rob Maas hosts Luca Cipriano, ON2IT’s Cyber Threat Specialist, to uncover the truth.

Learn✅ The differences between AVs, EDRs, and XDRs

✅ Common bypass techniques used by attackers

✅ Why defense-in-depth and Zero Trust are must-haves for any cybersecurity strategy

💡 Key Insights

• EDRs are essential but not invincible
• Combining smart tools with robust security practices is the winning strategy

📩 Have questions or thoughts?

Reach out at team@threat-talks.com!

🎙️ Follow Threat Talks for weekly cybersecurity insights.=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/breaking-the-defenses-edr-bypass/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com/downloads/🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

📌 What You’ll Learn:

• The psychology and strategies of hackers• How AI enhances attacks and its implications for defenders
• Common vulnerabilities organizations overlook
• Why Zero Trust is critical for modern security
• Building a proactive security culture in your organization

With over two decades of experience, Tom offers unique perspectives on staying one step ahead in the ever-evolving world of cybersecurity.

🎯 Don’t forget to like, share, and subscribe to stay informed on the latest cybersecurity insights. New episodes every Tuesday! === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirt https://threat-talks.com/inside-the-hackers-mind/

🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com/downloads/ 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

A sweeping cyberattack, known as Salt Typhoon, has exposed the vulnerabilities of nine major telcos, leaving sensitive communications and surveillance data in the hands of attackers. How did this happen, and what lessons can we learn?

In this Threat Talks Deep Dive, host Lieuwe Jan Koning teams up with ON2IT’s Rob Maas (Field CTO) and Jeroen Scheerder (Security Researcher) to dissect every aspect of this high-profile breach.

🔍 What you’ll learn:

• How attackers exploited known vulnerabilities in Exchange servers, VPNs, and firewalls to infiltrate systems.
• The risks associated with lawful interception systems and the exposure of call detail records (CDRs).
• Why legacy infrastructure remains a significant cybersecurity challenge for telecom providers.
• Actionable steps organizations can take to enhance defenses, including segmentation, behavioral monitoring, and Zero Trust frameworks.

This episode dives into the attack’s technical anatomy, discusses its implications for both governments and private organizations, and explores how individuals can secure their communications in an era of increasing surveillance.

Join us to understand how Salt Typhoon unfolded—and what it means for the future of telecom security.

🔔 Follow and Support our channel! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirt https://threat-talks.com/salt-typhoon-how-nine-telcos-were-compromised/ 🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com/downloads/

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

How can governments lead the charge in global cybersecurity efforts? In this compelling episode of Threat Talks, host Lieuwe Jan Koning sits down with returning guest Davis Hake, cybersecurity expert and advisor, to explore the critical role governments play in the cyber landscape.

👾 The ONCD’s mission and its role in U.S. cybersecurity.

👾 Lessons from the Biden administration’s approach to combating ransomware and cybercrime.

👾 Why global collaboration is key to countering modern threats.

Watch now to uncover how governments and businesses can work together to secure the digital future.

🔔 Follow and Support our channel! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirt 👕 https://threat-talks.com/oncd-the-cyber-catalyst/ 🗺️ Explore 2024's Hack's Routes in Detail 🗺️ https://threat-talks.com/downloads/ 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Cyber threats know no borders, and in the European Union, harmonizing cybersecurity efforts across 27 member states is no small feat. In this episode of Threat Talks, host Lieuwe Jan Koning speaks with Hans de Vries, Chief Cybersecurity and Operational Officer at ENISA, about the critical work being done to secure Europe’s digital future.

📌 Topics covered

• How ENISA supports EU member states in managing cyber incidents and crisis responses.
• The implementation of the NIS2 directive and upcoming Cyber Resilience Act.
• The role of trust and collaboration in cross-border cybersecurity.
• Why public-private partnerships are key to tackling cybersecurity challenges.

🎥 Watch now to explore how Europe is building a safer digital environment for its citizens and businesses.

👉 Don’t forget to like, subscribe, and share to help us spread the word!

Kick off 2025 with the latest insights from Threat Talks! In this episode, host Lieuwe Jan Koning sits down with Peter van Burgel, CEO of AMS-IX, to discuss how AI and cybersecurity are reshaping the landscape this year.

🚀 What’s inside this episode?

🔹 A sneak peek into AI advancements: Could we see virtual CEOs?

🔹 The rise of Zero Trust supply chain strategies.

🔹 Navigating the skills gap in an evolving digital world.

🔹 AI in cybersecurity: Opportunities, risks, and where to focus.

🔹 Power consumption and sustainability in AI’s rapid growth.

AMS-IX's role as a critical part of internet infrastructure and its cybersecurity responsibilities highlight the importance of collaboration and awareness in today’s complex geopolitical climate.

Follow and Support our channel! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirt https://threat-talks.com/cyber-outlook-2025-one-year-of-threat-talks/ 🗺️ Explore all 2024's Hack's in Detail 🗺️ https://threat-talks.com/downloads/ 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

🗺️ Explore all 2024's infographics 🗺️ https://threat-talks.com/downloads/ 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

What happens when a ransomware group attacks an entire country? In this Threat Talk, we dive deep into the Conti ransomware attack that crippled the Costa Rican government. From healthcare systems shutting down to unpaid government salaries and even tax collection grinding to a halt—this unprecedented cyberattack became a national emergency with global implications.

Join Lieuwe Jan Koning as he unpacks the timeline, impact, and lessons learned from this catastrophic event. Discover the vulnerabilities that allowed this to happen, the strategies used by Conti, and how governments and organizations worldwide can prepare for such sophisticated cyber threats.

💡 What You’ll Learn in This Episode

• ✔️ The inner workings of the Conti ransomware group
• ✔️ How critical infrastructure became a target
• ✔️ The economic and societal ripple effects of a national cyberattack
• ✔️ Best practices for defending against ransomware threats

🔒 Who Should Watch?

• ↠ Cybersecurity experts
• ↠ IT professionals
• ↠ Government leaders
• ↠ Business executives
• ↠ Anyone passionate about protecting digital assets and critical systems

🚀 Don’t miss this in-depth analysis of one of the most talked-about ransomware attacks in recent history! Subscribe now to Threat Talks for more cutting-edge discussions on cybersecurity, threat intelligence, and digital defense strategies.

👉 Support the channel: give us a like!

🎧 Available on all major podcast platforms.

► YOUTUBE: https://youtube.com/@ThreatTalks

► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E

► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

In this Threat Talk, we dive deep into a cybersecurity incident in 2023: the MGM Resorts ransomware attack by ALPHV/BlackCat and Scattered Spider. From sophisticated social engineering tactics to deploying a shadow identity provider for persistence, this attack demonstrates the capabilities of collaborating ransomware groups.

Join cybersecurity experts Lieuwe Jan Koning, Luca Cipriano (Threat Intel Specialist), and Rob Maas (Field CTO) as they break down:

• 🔒 How attackers exploited MGM’s Okta environment.
• 🎯 The role of phishing and advanced persistence techniques.

• 🚨 Lessons learned and actionable steps to prevent such attacks.

Key Insights

• ➡ Why Zero Trust and network segmentation are critical.
• ➡ The dilemma of paying ransoms vs. operational downtime.
• ➡ Practical steps to improve your organization’s ransomware defense strategy.

If you’re a cybersecurity professional or just curious about the latest in cyber threats, this episode is a must-watch. Stay informed, stay secure! 💻

 👉 Support the channel: don’t forget to LIKE, COMMENT, and SUBSCRIBE :).

🎧 Available on all major podcast platforms.

► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt 👕

https://threat-talks.com/prevent-pay-or-insure/

🗺️ Explore the Hack's Route in Detail 🗺️

https://on2it.s3.us-east-1.amazonaws.com/Threat-Talks-Prevent-Pay-or-Insure.pdf

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

Days before MGM’s computer systems were taken down in a cyberattack, fellow casino operator Caesars paid a $15 million ransom to attackers who infiltrated its systems.

MGM chose not to pay and dealt with different costs because of it - did the two casino giants wind up paying similar amounts down the line? And what role does cybersecurity insurance play in these scenarios?

In this episode of Threat Talks, host Lieuwe Jan Koning and special guest David Hake (co-founder of Resilience, professor of Cyber Risk Management at UC Berkeley and advisor at Venable LLP) discuss these cyberattacks on MGM and Caesars, exploring how organizations can better prepare for and respond to ransomware incidents.

Dialing in to the conversation, Threat Intel Specialist Luca Cipriano offers a preview of our Deep Dives into three critical threats relevant to these attacks, providing valuable technical insights.

The by now age-old dilemma remains: should companies pay ransom or refuse? But beyond that, how can they focus on prevention? And where does cybersecurity insurance fit into the equation?

If businesses insure their personnel, facilities, and revenue, isn’t it time to also insure their cybersecurity?

🔔 Follow and Support our channel! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt 👕 https://threat-talks.com/prevent-pay-or-insure/

🗺️ Explore the Hack's Route in Detail 🗺️https://on2it.s3.us-east-1.amazonaws.com/Threat-Talks-Prevent-Pay-or-Insure.pdf

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

“Hello! I’m a printer! Please let me enter, thank you!” – It may sound absurd, but this is how attackers can trick your Linux systems through the cups-browsed service..

In this latest Threat Talk, Lieuwe-Jan Koning reveals, with ON2IT’s Rob Maas and Luca Cipriano how a seemingly harmless printer can turn into a hacker’s gateway to your network.

With open ports and weak default configurations, your Linux environment could be more exposed than you think.

🔒 Tune in to learn how these vulnerabilities can be exploited and, more importantly, what steps you can take to secure your systems. Don’t wait until it’s too late!

📊 Bonus Resource: We’ve created an in-depth infographic breaking down these hacks in detailed illustrations—an invaluable tool for all security information professionals!

https://on2it.s3.us-east-1.amazonaws.com/Infographic-security-fallacies.pdf

🔔 Hit that subscribe button and show your support! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Receive your Threat Talks T-shirt https://threat-talks.com/breaking-the-illusion-exposing-security-fallacies/ 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX #CUPS #cybersecurityexperts #printers #threattalks eatTalks #techsafety #securitymatters #threatintelligence #cybersecurityexperts #unix

The user going by the name of ‘JIAT75’ spent almost three years infiltrating and contributing to a GitHub repo for one singular reason – access to release manager rights for the next XZ Utils update.

In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Thomas Manolis, Information Security Officer at AMS-IX, and Jeroen Scheerder, Security Specialist at ON2IT, to discuss this meticulously executed breach in the open-source community.

Using clever social engineering tactics, Jia Tan (JIAT75) built a credible reputation within said community, gaining trust and access to introduce malicious code undetected. The breach was only discovered by chance when Andres Freund, an engineer at Microsoft, traced unusual system latency back to XZ Utils and uncovered the backdoor.

What exactly happened?

How lucky did we get with Freund discovering the backdoor? And how do we know that something like this hasn’t happened before?

🔔 Follow to Support our channel! 🔔 ► YOUTUBE: https://youtube.com/@ThreatTalks

► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E

► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

🗾 Explore the XZ Utils Critical Backdoor Details 🗾

https://on2it.s3.us-east-1.amazonaws.com/Infographic-security-fallacies.pdf

Our exclusive infographic maps out the step-by-step tactics hackers use to exploit these vulnerabilities. Perfect for IT teams and Information Security Officers, it’s designed to help you stay one step ahead.

👕 Get your own Threat Talks T-shirt

https://threat-talks.com/breaking-the-illusion-exposing-security-fallacies/

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

===

#ThreatTalks #ON2IT #Cybersecurity #Fallacies #CrowdStrike #SecurityMatters

Did you know that last July’s CrowdStrike outage led to closed airports, inaccessible bank accounts and hospitals that were only delivering emergency care that did not require any computers?

In this Threat Talk, Lieuwe Jan Koning is joined by Rob Maas and Jeroen Scheerder as they discuss the CrowdStrike outage and, more importantly, what could have been done to prevent such an impactful event from happening in the first place.

What exactly are the inherent risks of automatic updates? And can they be set up in such a way that what happened with CrowdStrike won’t happen again?

🔔 Follow and Support our channel! 🔔 === ► YOUTUBE: https://youtube.com/@ThreatTalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E ► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520 👕 Get your own Threat Talks T-shirt

https://threat-talks.com/breaking-the-illusion-exposing-security-fallacies/

🗾 Explore the CrowdStrike Outage's Details 🗾
Our exclusive infographic maps out the step-by-step tactics hackers use to exploit these vulnerabilities. Perfect for IT teams and Information Security Officers, it’s designed to help you stay one step ahead.

https://on2it.s3.us-east-1.amazonaws.com/Infographic-security-fallacies.pdf 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Think you know the route a hacker might take? Think again! In this eye-opening Threat Talk, Lieuwe Jan Koning dives into the critical fallacies of cybersecurity with top experts Fleur van Leusden, CISO and host of CISO Praat, and Jeroen Scheerder.

✨ Fleur unpacks one of the industry’s biggest blind spots: the heavy reliance on user awareness as a defense mechanism. While user education has its place, she argues it’s not enough to withstand today’s sophisticated threats. Instead, Fleur and Jeroen explore the essential need for technical controls and resilient systems that go beyond awareness alone.

🔥 Rethink conventional strategies, dissect the recent CrowdStrike auto-update disaster, the XZ Utils backdoor (CVE-2024-3094), and a UNIX CUPS vulnerability 🖨️—revealing why proactive, layered defenses are the only way forward.

Don’t miss this essential discussion on the true foundations of cybersecurity! 🛠️🔒

===

🗺️ Explore the Hack's Route in Detail 🗺️ Our exclusive infographic maps out the step-by-step tactics hackers. Perfect for IT teams and Information Security Officers.

https://on2it.s3.us-east-1.amazonaws.com/Infographic-security-fallacies.pdf

👕 Receive your Threat Talks T-shirt https://threat-talks.com/breaking-the-illusion-exposing-security-fallacies/

#ThreatTalks #ON2IT #Cybersecurity #Fallacies #CrowdStrike #UNIXCUPS #XZUtils #SecurityMatters

🔍 Explore the Binance BNB Chain Attack, where attackers used cross-chain bridges to create crypto assets out of thin air.

👾 Dive into the exploit’s details, from blockchain’s cryptographic structures to vulnerabilities in cross-chain transfers. With breakdowns of Merkle trees and validation flaws, this discussion reveals how even minor misconfigurations can lead to massive security gaps.

🔍 Curious about blockchain risks and crypto asset security? Want to gain insight into safeguarding assets in a digital-first world? >> Check this episode!

=== 📈 Download the infographic

https://on2it.s3.amazonaws.com/Infographic-breaking-the-bank.pdf

👕 Request your own Threat Talks T-shirt

⁠https://threat-talks.com/breaking-the-bank/

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX.

It helps ships transmit their location and data to other vessels and satellites, preventing collisions and supporting rescue operations. 🛟 It’s a crucial technology for navigating 🗺️ the unpredictable oceans 🌊 —but it’s not without its vulnerabilities. 🏴‍☠️ Pirates can use AIS to track high-value ships, and hackers can manipulate the system. Picture this: your ship is safely docked, but hackers make it appear as if it’s entering dangerous, hostile waters. This tactic, known as spoofing, doesn’t just mess with a ship’s navigation—it can send out false reports to military or civilian observers, creating chaos and confusion. Just imagine the stakes in a situation with rising military tension – if it suddenly seems like your warships are showing up in enemy harbors, the risk of conflict skyrockets, to say the least. 🔥 In this Deep Dive, host Lieuwe Jan Koning, along with guests Rob Maas and Jeroen Scheerder, explore the potential dangers of AIS hacking and what steps can be taken to make this vital system more secure and trustworthy for the future. === 📈 Find our infographics and 👕 receive your own Threat Talks T-shirt: https://threat-talks.com

🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

The HTTP/2 Rapid Reset attack is a powerful new DDoS method that exploits weaknesses in the HTTP/2 protocol. By overwhelming web servers with rapid reset frames, attackers can disrupt services and cause significant downtime, making it a serious threat to organizations.

In our latest Deep Dive, host Lieuwe Jan Koning is joined by Rob Maas (Field CTO ON2IT) and Luca Cipriano (Threat Intel Specialist ON2IT) as they walk through the attack mechanism, what the impact on organizations can be, and how you can keep your head above water when facing this deluge of requests.

This attack method has been making waves for its ability to disrupt web servers quickly and efficiently. How exactly does it work? What makes it so effective?

Tune in for this Deep Dive to find out! ======== 👕 Find our infographics and request your own Threat Talks T-shirt: https://threat-talks.com/ 🕵️ Threat Talks is a collaboration between ON2IT and AMS-IX

How does a major financial institution like Capital One suffer a data breach that exposes over 100 million credit applications?
In August 2019, a former Amazon employee was arrested for orchestrating a data breach that exposed over 100 million consumer credit applications at Capital One. How was AWS left vulnerable to a Server-Side Request Forgery (SSRF) attack, and how were their internal security measures misled and circumvented?
In our latest Deep Dive, host Lieuwe Jan Koning is joined by Tim Timmermans (CISO ON2IT) and Luca Cipriano (Threat Intel Specialist ON2IT) as they go through all the steps the hacker took, and what could’ve been done to prevent this data breach from happening.

Curious who was behind the hack, and how they managed to pull it off despite Capital One being compliant with numerous regulations and frameworks? Tune in to learn more and make sure you don’t fall victim to a similar attack!

⁠#1password⁠ ⁠#cyberattack⁠ ⁠#cybersecurityexperts⁠ ⁠#threattalks⁠