This week, we're joined by Guru Chahal, a seasoned investor, and founding member of multiple successful startups, currently a partner at Lightspeed Venture Partners, one of the leading venture capital firms in Silicon Valley.
Early on in his career, he was Manager and then Director of product management at Nuova Systems, later acquired by Cisco. Then he made strategic investments in companies like Zscaler, Avere Systems, and Avi Networks, the latter of which he joined as a co-founder and helped grow to serve over 20% of Fortune 50 businesses. Guru joined Lightspeed after VMware acquired Avi Networks in 2019 where he uses his deep understanding of technology, product expertise, and extensive network to invest in Enterprise sectors such as security, DevOps, observability/ops tools, cloud infrastructure, and application development.
We discuss how to approach cloud security as an SMB, the shared responsibility model, the autonomous SOC (security operations center), six trending threats, and more.
Barracuda email security appliances hacked via zero-day vulnerability (06:04)
A critical remote command injection vulnerability has been discovered in Barracuda Networks’ Email Security Gateway (ESG) appliances. The vulnerability arises from incomplete input validation of user-supplied .tar files, allowing remote attackers to execute system commands.
Zyxel patches vulnerability in NAS devices (08:25)
Zyxel has reported and patched a theoretical vulnerability affecting some network attached storage (NAS) devices that could lead to remote code execution (RCE). This vulnerability also requires an attacker to have admin privileges in order to successfully compromise a device.
Hackers exploit critical Zyxel firewall flaw in ongoing attacks (09:53)
Zyxel has recently issued software updates to tackle two critical security vulnerabilities affecting certain firewall and VPN products. These flaws are buffer overflow vulnerabilities and if exploited, attackers could achieve remote code execution.
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (10:50)
Apple has recently addressed a theoretical vulnerability, dubbed Migraine, that allows attackers with root privileges to bypass System Integrity Protection (SIP) and install “undeletable” malware while accessing the victim’s private data by circumventing security checks.
GitLab Released Emergency Fix For Critical Vulnerability (12:30)
GitLab has released an emergency update to address a critical path traversal vulnerability. The vulnerability allowed a remote unauthenticated attacker to access files in a public project, potentially enabling them to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
New OT Malware Possibly Related To Russian Emergency Response Exercises (15:07)
Mandiant has identified a new operational technology (OT) malware called COSMICENERGY, which targets industrial control systems (ICS) and is designed to cause electric power disruption. The discovery of COSMICENERGY highlights the lowering barriers to entry for developing offensive OT capabilities and poses a plausible threat to affected electric grid assets.
