@thegrugq and @tomatospy - I enjoyed your chat on Between Two Nerds about potential applications of AI for scams.

When you talked about possible market size limits for scammers I thought of the sales term for that (total addressable market, or TAM) which is when it clicked that this is the most adjacent job type in legitimate (?) work.

One obvious implication is that the scammers will need a good CRM for tracking prospects and when they identify real opportunities. So I assume they're all using Salesforce to manage their deals and to keep management aware of how close the deals are to completion. Will they close the scam in this quarter?!

I was also struck that the people working in the scam call centres are doing Inside Sales. For large or huge customers, vendors assign account managers (sales reps), or teams of them if the customer is large enough. For mid-market customers each account rep is assigned many customers and works remotely - it's all done using email, phone and conf calls.

Good discussion by @riskybusiness and @metlstorm about Crowdstrike's report on VMware ESXi risks.
In my view the key risks with classic VMware data centre environments are similar to the risks with classic Active Directory, and backup systems - these are all core IT infrastructure for a lot of places, and there's as much legacy in the access control to these services as in the services themselves.

The Crowdstrike post (https://www.crowdstrike.com/blog/hypervisor-jackpotting-lack-of-antivirus-support-opens-the-door-to-adversaries/) was quite good in their recommendations on what to do for vSphere environments - yes it needs to be patched, but start with tightening access to the control plane.