ShadowTalk: Powered by ReliaQuest
Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research.
Threat Intelligence Analyst John Dilgen brings extensive expertise in cyber threat intelligence and incident response, specializing in researching threats impacting ReliaQuest customers. John and his guests provide practical perspectives on the week’s top cybersecurity news and share knowledge and best practices to help businesses mitigate the most pertinent cyber threats.
With over 1,000 customers worldwide and 1,200 teammates across six global operating centers, ReliaQuest delivers security outcomes for the most trusted enterprise brands in the world. Learn more at www.reliaquest.com.
ShadowTalk: Powered by ReliaQuest
SonicWall, MFA Bypass, IABs: Why Patched Devices Are Still Handing Attackers Initial Access
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Your team patches the device. The firmware version matches the advisory. The ticket closes. The device comes off the remediation queue. What your workflow never tracked is that the advisory also required six manual LDAP configuration steps — and without them, the authentication bypass still works. An initial access broker authenticated through the VPN, reached a domain-joined file server, and was gone in under 40 minutes. Your dashboard still showed a clean queue.
With initial access brokers operating on disciplined, sub-hour timelines and patch-management workflows built around a single completion step, defenders are closing tickets on devices that are still wide open.
Join hosts Tehman and John as they discuss:
- How a firmware update can still leave a device fully exploitable
- How initial access brokers progressed their attack in under 40 minutes
- Why teams that prioritize from a single vulnerability score alone are behind
Two questions your organization should be asking right now:
- Does your patch-management workflow include a separate item for post-patch manual configuration requirements?
- When CISA, NVD, and the vendor publish different CVSS scores for the same CVE, does your vulnerability-management policy specify which authority takes precedence — and does it supplement static scoring with a dynamic signal like EPSS?
Tune in for expert insights, practical takeaways, and the full threat report: https://linktr.ee/ReliaQuestShadowTalk
Tehman Tariq: Sr. Manager of Cyber Operations at ReliaQuest. He has spent a majority of my career leading our Incident Response, Security Architecture, and Detection teams. As well has working hand in hand with CISOs to introduce automation allowing for the maturity of their security programs.
John Dilgen: John Dilgen is a Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.