A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how open source software is inherently vulnerable to malicious ‘good samaritan’ attacks and what to do about it.

They also talk about a recent breach at data analytics company Sisense, how dependency on Microsoft is a strategic risk, and US Cyber Command’s view of the world.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Palo Alto’s firewalls have a ../ bad day
• Sisense’s bucket full of creds gets kicked over
• United Healthcare draws the ire of congress
• FISA 702 reauthorisation finally moves forward
• Apple warns about “mercenary exploitation” but what’s the India link?
• And much, much, more

This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at Google’s review of 0days in 2023. They discuss what this kind of information tells us and how Google’s perspective influences the report.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to Daniel Schell and David Cottingham, the CTO and CEO of Airlock Digital. They discuss the security standard that drove innovation and the genesis of Airlock Digital and also how to make sure that standards don’t become box-checking exercises.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here

In this podcast Patrick Gray and Tom Uren talk about how different states are transgressing what we want to be norms of online behaviour. They also look at the framing around new bipartisan privacy legislation and why vendors should have positive security obligations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Ransomware: down but not out
• Zero day prices on the rise…
• … and what it means for enterprise software
• Geopolitical conflict comes to computers in Palau
• Ukraine cyber chief Illia Vitiuk suspended
• More x86 microarchitectural bad times
• And much much more

Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the tradecraft used in the compromise of the XZ open source data compression project.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder Andrew Morris about last year’s vulnerability exploitation trends, how the company’s AI system works, and Catalin makes a fool of himself because he can’t pronounce ‘abnormalities.’

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this edition of Snake Oilers you’ll hear pitches from three companies:

• Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.)
• ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte
• Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the weighty tome of CISA’s critical infrastructure reporting legislation, CIRCIA, and compare different approaches to defining regulation.

They also look at moves to better protect customers from being tracked by the telco protocol Signalling System 7.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• The SSH backdoor that dreams (or nightmares) are made of
• Microsoft gets a solid spanking from the CSRB
• Ukraine uses an old Russian WinRAR bug to hack Russia
• Push-notifications and social-engineering combined-arms vs Apple
• And much, much more.

We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.

This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how states have very different views about manipulating the information environment aka ‘information warfare’.