The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups
The Small Business Cyber Security Guy
54 episodes
2 days ago
The Small Business Cyber Security Guy Podcast
Practical cybersecurity advice for UK small business owners who need enterprise-level protection without enterprise-level budgets, headaches, or PhD-level jargon.
Join hosts Noel Bradford and Mauven MacLeod as they translate complex cybersecurity threats into actionable solutions that actually work for businesses with 5-50 employees. Noel brings 40+ years of enterprise experience from Intel, Disney, and the BBC, whilst Mauven adds government-level threat intelligence from her time as a UK Government Cyber Analyst. Together, they bridge the gap between knowing you need better security and actually implementing it without breaking the bank.
Why This Podcast Works:
Real experts who’ve chosen to focus on underserved small businesses
Practical advice tested in actual SMB environments
British humour that makes serious topics engaging (not intimidating)
Budget-conscious solutions that acknowledge your real constraints
Perfect For:
Business owners who believe they’re ”too small to be targeted”
Anyone who needs cybersecurity knowledge but lacks time for complex solutions
Those seeking enterprise-quality protection at corner shop prices
UK businesses (though principles apply globally)
Each episode delivers concrete, actionable advice you can implement immediately. No theoretical discussions, no vendor nonsense, no academic waffle. Just two experts who genuinely care about helping small businesses survive and thrive digitally.
Regular Features:
Current threat analysis with real-world context
Implementation guides within realistic budgets
Human factor solutions (because your biggest vulnerability makes excellent tea)
Government framework explanations that actually make sense
New episodes weekly. Subscribe now and join thousands of business owners who’ve discovered that proper cybersecurity isn’t just for Fortune 500 companies.
Like what you hear? Subscribe, leave a review mentioning your biggest cybersecurity concern, and visit our blog for detailed implementation guides on everything we discuss.
Stay secure, stay practical, and remember - if your security wouldn’t survive a curious teenager with too much time, it needs work.
All content for The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups is the property of The Small Business Cyber Security Guy and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
The Small Business Cyber Security Guy Podcast
Practical cybersecurity advice for UK small business owners who need enterprise-level protection without enterprise-level budgets, headaches, or PhD-level jargon.
Join hosts Noel Bradford and Mauven MacLeod as they translate complex cybersecurity threats into actionable solutions that actually work for businesses with 5-50 employees. Noel brings 40+ years of enterprise experience from Intel, Disney, and the BBC, whilst Mauven adds government-level threat intelligence from her time as a UK Government Cyber Analyst. Together, they bridge the gap between knowing you need better security and actually implementing it without breaking the bank.
Why This Podcast Works:
Real experts who’ve chosen to focus on underserved small businesses
Practical advice tested in actual SMB environments
British humour that makes serious topics engaging (not intimidating)
Budget-conscious solutions that acknowledge your real constraints
Perfect For:
Business owners who believe they’re ”too small to be targeted”
Anyone who needs cybersecurity knowledge but lacks time for complex solutions
Those seeking enterprise-quality protection at corner shop prices
UK businesses (though principles apply globally)
Each episode delivers concrete, actionable advice you can implement immediately. No theoretical discussions, no vendor nonsense, no academic waffle. Just two experts who genuinely care about helping small businesses survive and thrive digitally.
Regular Features:
Current threat analysis with real-world context
Implementation guides within realistic budgets
Human factor solutions (because your biggest vulnerability makes excellent tea)
Government framework explanations that actually make sense
New episodes weekly. Subscribe now and join thousands of business owners who’ve discovered that proper cybersecurity isn’t just for Fortune 500 companies.
Like what you hear? Subscribe, leave a review mentioning your biggest cybersecurity concern, and visit our blog for detailed implementation guides on everything we discuss.
Stay secure, stay practical, and remember - if your security wouldn’t survive a curious teenager with too much time, it needs work.
November Patch Tuesday Storm: Zero‑Days, Exchange Exploits & WSUS Emergency
The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups
17 minutes
1 month ago
November Patch Tuesday Storm: Zero‑Days, Exchange Exploits & WSUS Emergency
Graham Falkner delivers an authoritative deep dive into November 2025's Patch Tuesday updates, covering the most critical security vulnerabilities affecting businesses of all sizes. This month brings a perfect storm of actively exploited zero-days, critical Exchange Server flaws, and hundreds of patches across Microsoft, Adobe, Oracle, SAP, and third-party vendors. From Windows kernel exploits to e-commerce platform takeovers, November's vulnerability landscape demands immediate attention from IT teams.
Key Topics Covered
Microsoft Security Updates
89 total vulnerabilities patched (12 critical, 4 zero-days)
CVE-2025-0445: Windows Kernel privilege escalation (actively exploited)
CVE-2025-0334: Chrome V8/Edge JavaScript engine RCE (actively exploited)
CVE-2025-0078: Exchange Server unauthenticated RCE (CRITICAL - affects Exchange 2016/2019/2022)
CVE-2025-1789: MSHTML remote code execution via Office documents
CVE-2025-59287: WSUS vulnerability (9.8 CVSS, actively exploited, required re-release)
23 remote code execution vulnerabilities across Windows, Office, and developer tools
Adobe Security Updates
35+ vulnerabilities patched across multiple products
CVE-2025-54236: Adobe Commerce/Magento input validation flaw (9.1 CVSS, actively exploited, Priority 1)
CVE-2025-49553: Adobe Connect XSS vulnerability (9.3 CVSS)
Patches for Illustrator, FrameMaker, Photoshop, InDesign, Animate, Bridge, Substance 3D
Oracle Critical Patch Update (October 2025)
374 new security patches addressing ~260 unique CVEs
CVE-2025-61882: Oracle E-Business Suite zero-day (exploited by ransomware groups)
73 patches for Oracle Communications (47 remotely exploitable without authentication)
20 patches for Fusion Middleware (17 remote unauthenticated)
18 fixes for MySQL
Updates for PeopleSoft, JD Edwards, Siebel, Oracle Commerce, Database Server
SAP Security Updates
18 new security notes plus 1 updated note
CVE-2025-42890: SQL Anywhere Monitor hardcoded credentials (10.0 CVSS - PERFECT SCORE)
CVE-2025-42887: SAP Solution Manager code injection (9.9 CVSS)
CVE-2025-42944: NetWeaver Java insecure deserialisation (updated patch)
CVE-2025-42940: CommonCryptoLib memory corruption
Mozilla Firefox Updates
Firefox 145.0 released November 11th
15 security vulnerabilities fixed (8 high impact)
New anti-fingerprinting measures halving trackable users
Memory safety and sandbox escape prevention
Apple Security Updates
iOS/iPadOS 17.1 and macOS 14.1 released
100+ vulnerabilities patched across iPhones, iPads, Macs
Critical kernel and WebKit bugs fixed
Zero-click exploit prevention
Google Security Updates
Chrome 142 with 5 security bug fixes
Android November 2025 bulletin (patch level 2025-11-01)
CVE-2025-48593 and CVE-2025-48581 affecting Android 13-16
Third-Party Critical Vulnerabilities
WordPress Post SMTP plugin: CVE-2025-11833 (9.8 CVSS, actively exploited, 200,000+ sites affected)
WatchGuard Firebox: CVE-2025-9242 (critical out-of-bounds write, 75,000 devices exposed)
Cisco IOS/XE routers: CVE-2025-20352 (SNMP service, actively exploited for rootkit deployment)
Critical Action Items for Businesses
IMMEDIATE (Deploy Within 24-48 Hours)
Microsoft Exchange Server - Apply CVE-2025-0078 patch or isolate internet-facing servers
Adobe Commerce/Magento - Deploy CVE-2025-54236 hotfix immediately if running Magento
Windows Kernel - Patch CVE-2025-0445 zero-day exploit
Edge/Chrome - Update browsers to address CVE-2025-0334
Oracle E-Business Suite - Verify CVE-2025-61882 patch deployed
WordPress Post SMTP - Update to v3.6.1 or remove plugin
Cisco routers - Apply CVE-2025-20352 patches and check for compromise
HIGH PRIORITY (Deploy Within 1 Week)
SAP systems - Apply critical patches for CVE-2025-42890 and CVE-2025-42887
WSUS servers - Verify CVE-2025-59287 patch installed correctly
Adobe Connect - Update to version 12.10
Firefox, Chrome, Edge - Deploy browser updates organisation-wide
Android devices - Deploy November 2025 security bulletin
WatchGuard
The Small Business Cyber Security Guy | Cybersecurity for SMB & Startups
The Small Business Cyber Security Guy Podcast
Practical cybersecurity advice for UK small business owners who need enterprise-level protection without enterprise-level budgets, headaches, or PhD-level jargon.
Join hosts Noel Bradford and Mauven MacLeod as they translate complex cybersecurity threats into actionable solutions that actually work for businesses with 5-50 employees. Noel brings 40+ years of enterprise experience from Intel, Disney, and the BBC, whilst Mauven adds government-level threat intelligence from her time as a UK Government Cyber Analyst. Together, they bridge the gap between knowing you need better security and actually implementing it without breaking the bank.
Why This Podcast Works:
Real experts who’ve chosen to focus on underserved small businesses
Practical advice tested in actual SMB environments
British humour that makes serious topics engaging (not intimidating)
Budget-conscious solutions that acknowledge your real constraints
Perfect For:
Business owners who believe they’re ”too small to be targeted”
Anyone who needs cybersecurity knowledge but lacks time for complex solutions
Those seeking enterprise-quality protection at corner shop prices
UK businesses (though principles apply globally)
Each episode delivers concrete, actionable advice you can implement immediately. No theoretical discussions, no vendor nonsense, no academic waffle. Just two experts who genuinely care about helping small businesses survive and thrive digitally.
Regular Features:
Current threat analysis with real-world context
Implementation guides within realistic budgets
Human factor solutions (because your biggest vulnerability makes excellent tea)
Government framework explanations that actually make sense
New episodes weekly. Subscribe now and join thousands of business owners who’ve discovered that proper cybersecurity isn’t just for Fortune 500 companies.
Like what you hear? Subscribe, leave a review mentioning your biggest cybersecurity concern, and visit our blog for detailed implementation guides on everything we discuss.
Stay secure, stay practical, and remember - if your security wouldn’t survive a curious teenager with too much time, it needs work.
