213.7K
Downloads
72
Episodes
The UK's leading small business cybersecurity podcast, helping SMEs protect against cyber threats without breaking the bank.
Join cybersecurity veterans Noel Bradford (CIO at Boutique Security First MSP) and Mauven MacLeod (ex-UK Government Cyber Analyst) as they translate enterprise-level security expertise into practical, affordable solutions for UK small businesses.
🎯 WHAT YOU'LL LEARN:
- Cyber Essentials certification guidance
- Protecting against ransomware & phishing attacks
- GDPR compliance for small businesses
- Supply chain & third-party security risks
- Cloud security & remote work protection
- Budget-friendly cybersecurity tools & strategies
🏆 PERFECT FOR:
- UK small business owners (5-50 employees)
- Startup founders & entrepreneurs
- SME managers responsible for IT security
- Professional services firms
- Anyone wanting practical cyber protection advice
Every episode delivers actionable cybersecurity advice that you can implement immediately, featuring real UK case studies
Episodes
Wednesday Jan 14, 2026
Wednesday Jan 14, 2026
Hosted by Graham Falkner, this episode is a rapid, no‑nonsense January Patch Tuesday breakdown aimed at small businesses and IT owners. Graham walks listeners through Microsoft’s unusually large release of 114 security updates, explains the essential jargon (CVE and CVSS), and highlights why severity scores don’t replace real‑world risk assessments.
The show covers the one vulnerability already being actively exploited (CVE‑2026‑2805 in Desktop Window Manager) and two other high‑risk items used in targeted attacks, plus three zero‑day bugs. Graham takes a deep dive into the critical on‑premises SharePoint emergency (Toolshell campaign, CVE‑2025‑53‑700‑70 and related issues), urging immediate patching and incident response for exposed servers. He also explains the severe Kestrel/ASP.NET Core HTTP request smuggling flaw (CVE‑2025‑55315) and the practical impact on web apps and deployment teams.
The episode reviews other major vendor fixes: SAP’s 16 security updates (including four critical vulnerabilities), Apple’s two WebKit zero days, Adobe’s 32 patches (eight critical affecting Acrobat, Reader and creative apps), HPE OneView’s unauthenticated RCE (CVE‑2025‑37164), and ongoing VMware ESXi risks. Graham calls out long‑delayed Fortinet SSL‑VPN vulnerabilities (including CVE‑2020‑12812) and newer FortiCloud SSO bypasses, stressing that overdue patching still causes widespread compromises.
Practical guidance and priorities are clear and actionable: patch Windows cumulative updates, exposed SharePoint servers, Fortinet edge devices and HPE OneView within 24 hours; address .NET/web app fixes and SAP critical patches within the next 72 hours to one week; then continue with routine maintenance for browsers, Adobe, Cisco and other software. The episode also flags upcoming deadlines and logistics—Oracle’s critical patch update on January 20 and the end of Windows 10 support—so listeners can plan maintenance windows and migrations.
Key takeaways: assume compromise if you haven’t patched exposed services, verify systems after applying updates, assign owners who can patch and redeploy quickly, and treat cumulative Windows updates as all‑or‑nothing. There are no external guests—this episode is hosted solo by Graham Faulkner and aimed at helping small organizations act fast and reduce risk in the wake of an intense Patch Tuesday.
No comments yet. Be the first to say something!