{"podcast":{"title":"Enterprise Security Weekly (Video)","slug":"enterprise-security-weekly-video-787162","podcast_index_feed_id":787162,"rss_url":"https://eswvideo.libsyn.com/rss","website_url":"https://securityweekly.com/esw","image_url":"https://static.libsyn.com/p/assets/a/2/6/6/a266fc65a1c096a427a2322813b393ee/ESW_Cover_1920x1920.png","author":"Adrian Sanabria","episode_count":1142,"summary":"News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/enterprise-security-weekly-video-787162"},"episode":{"title":"Breaking in with CrashFix, supply chain security, and CMMC phase 1 - Anna Pham, David Zendzian, Jacob Horne - ESW #449","slug":"breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449","published_at":"2026-03-09T09:00:00+00:00","page_url":"https://stenobird.com/podcast/enterprise-security-weekly-video-787162/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449","show_page_url":"https://stenobird.com/podcast/enterprise-security-weekly-video-787162","url":"https://eswvideo.libsyn.com/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449","audio_url":"https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/eswvideo/ESW_449_1--0437c7b4-5698-45f0-be11-c1f4a65b5907--sd-converted--41092ca3-b618-40c7-a11b-b9a8d97cfc89.mp4?dest-id=376667","summary":"Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new ClickFix variant they've discovered, which they've dubbed CrashFix. This technique was developed by KongTuke to serve as the primary lure within a new custom malicious browser extension also created by the group. In short, the team observed the threat actors using KongTuke's malicious browser extension to display a fake security warning, claiming the browser had \"stopped abnormally\" and prompting users to run a \"scan\" to remediate the threats. Upon \"running the scan,\" the user is presented with a fake \"Security issues detected\" alert and instructed to manually \"fix\" the issue by opening the Windows Run dialog, pasting from their clipboard, and pressing Enter. The malicious extension silently copies a PowerShell command to the clipboard, disguised as a legitimate repair command. From there, they execute the malicious command. Segment Resources: BLOG - Dissecting CrashFix: KongTuke's New Toy Interview with David Zendzian Continuous compliance and real security lifecycle management Supply chain attacks are not just on the rise; attackers are learning from the past, making these attacks even more effective and dangerous than before. It was just over a month ago when the Shai-Hulud attack first impacted NPM packages, forcing enterprises around the world into lockdown. While only 187 packages were compromised in that initial incident, it served as a wake-up call for many: an accurate inventory of systems is good, but a clear, real-time Software Bill of Materials (SBOM) for applications is non-negotiable. In this world of manifest based infrastructure and container based applications with (real) \"devsecops\", the dream of conti…","meta_description":"Interview with Anna Pham Breaking in with ClickFix: Anatomy of a modern endpoint attack Cybersecurity company Huntress just published a report on a new Cl…","key_points":[],"chapters":[],"topics":[],"duration_seconds":5673,"processing_state":"not_requested","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-video-787162/episodes/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/enterprise-security-weekly-video-787162/breaking-in-with-crashfix-supply-chain-security-and-cmmc-phase-1-anna-pham-david-zendzian-jacob-horne-esw-449.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}