ShadowTalk: Powered by ReliaQuest

Author: ReliaQuest

Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.Threat Intelligence Analyst Kim Bromley brings over 15 years of experience in threat intelligence across the public and private sectors. Kim and her guests provide practical perspectives on the weeks top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats.  With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers security outcomes for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.
Be a guest on this podcast

Language: en

Genres: News, Tech News, Technology

Contact email: Get it

Feed URL: Get it

iTunes ID: Get it

Trailer:

Get all podcast data

Listen Now...

SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access
Wednesday, 3 June, 2026

Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — and without them, the authentication bypass still works. An initial access broker authenticated through the VPN, reached a domain-joined file server, and was gone in under 40 minutes. Your dashboard still showed a clean queue.With initial access brokers operating on disciplined, sub-hour timelines and patch-management workflows built around a single completion step, defenders are closing tickets on devices that are still wide open.Join hosts Tehman and John as they discuss:How a firmware update can still leave a device fully exploitableHow initial access brokers progressed their attack in under 40 minutesWhy teams that prioritize from a single vulnerability score alone are behind Two questions your organization should be asking right now:Does your patch-management workflow include a separate item for post-patch manual configuration requirements?When CISA, NVD, and the vendor publish different CVSS scores for the same CVE, does your vulnerability-management policy specify which authority takes precedence — and does it supplement static scoring with a dynamic signal like EPSS? Tune in for expert insights, practical takeaways, and the full threat report: https://linktr.ee/ReliaQuestShadowTalkTehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.John Dilgen: John Dilgen is a Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.