Risky Biz News: Two arrests in Operation Magnus

PLUS: CSRB to look at China's telco hack; Japanese man sentenced for developing ransomware with AI; major hack at Canada's Revenue Agency.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Biz Soap Box: Thinkst Canary's decade of deception

A long chat with Thinkst's founder Haroon Meer...

In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including:

  • A history of Thinkst Canary including a recap of what they actually do
  • A look at why they’re still really the only major player in the deception game
  • A look at what companies like Microsoft are doing with deception
  • Why security startups should have conference booths

Risky Biz News: Russia sends REvil gang members to prison

PLUS: Delta sues CrowdStrike; Chinese telco hack also targeted Trump and Harris phones; Satya Nadella asks for a pay cut after cybersecurity failures.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Biz News: Fortinet bungles another zero-day disclosure

PLUS: US offers reward for suspected Tortoiseshell APT members; Linux removes Russian maintainers; Georgian authorities raid two Atlantic Council disinfo researchers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: EU lobs software liability hand grenade

PLUS: the journey of the idealist

In this podcast Tom Uren, Patrick Gray and Adam Boileau talk about an EU directive that will make vendors liable for software defects. The directive sets a very high bar but is also limited in scope. It only applies to individuals and doesn’t cover professional use so it is a very practical way to start changing expectations about liability.

They also talk about Session Messenger app which has decamped from Australia and set up a foundation in Switzerland. The encrypted and metadata-resistant app is catnip for criminals, so we expect that it is on a collision course with state power.

This episode is also available on Youtube.

Risky Biz News: Apple wants a 45 day limit on TLS certificates

PLUS: Russian government forgets about Operation Triangulation; Japan police trace Monero transactions to detain suspects; SEC fines four companies over SolarWinds hack disclosures.

This episode previously referred to a 10 day limit, but we read the wrong bit of a table. This has been corrected in the title to 45 days, but the podcast audio still refers to the incorrect 10 day maximum age. Sorry!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Business #767 – SEC fines Check Point, Mimecast, Avaya and Unisys over hacks

PLUS: We gotta hand it to 'em. North Korea has game.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • SEC fines tech firms for downplaying the Solarwinds hacks
  • Anonymous Sudan still looks and quacks like a Russian duck
  • Apple proposes max 10 day TLS certificate life
  • Oopsie! Microsoft loses a bunch of cloud logs
  • Veeam and Fortinet are bad and should feel bad
  • North Koreans are good (at hacking)
  • And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish.

This episode is also available on Youtube.

Between Two Nerds: Measuring cyber power

PLUS: One pew-pew map to rule them all

In this edition of Between Two Nerds Tom Uren and The Grugq talk about a new attempt to measure cyber power, the International Institute for Strategic Studies Cyber Power Matrix.

Risky Biz News: The EU will make vendors liable for bugs

PLUS: Wiper attacks hit Israel via fake ESET email; Microsoft loses weeks of security logs; DOD looks to buy deepfake tech.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Sponsored: How serious attackers drive MFA adoption

Okta's Brett Winterford on shutting the gate after the horse has bolted

In this Risky Business News sponsored interview, Tom Uren talks to Brett Winterford, Okta’s APAC Chief Security Officer. Brett has mined Okta’s data and finds strong evidence that organisations invest in phishing-resistant authentication methods once they know they’ve been targeted by groups that excel at social engineering (such as Scattered Spider).

Brett discussed this research at Okta’s conference, Oktane, which was held in Las Vegas on 15 to 17 October 2024.

Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious

PLUS: Iranian hackers sell access to US critical infrastructure; North Korea hacked ad platforms to deploy an Internet Explorer zero-day; hacker "USDoD" arrested in Brazil.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: When thuggery is your cyber talent pipeline

PLUS: AI is no gift to malicious actors

In this podcast Tom Uren and Patrick Gray talk about the evolving relationship between Russian intelligence services and the country’s cybercriminals. The GRU’s sabotage unit, for example, has been recruiting crooks to build a destructive cyber capability. Tom suspects that GRU thugs are not so good at hands-on-keyboard operations, but excellent at coercing weedy cybercriminals to hack for the state.

They also talk about OpenAI’s report into malicious actor’s use of its models, and how Australia’s proposed cyber security law looks pretty sensible.

Risky Business #766 – China hacks America's lawful intercept systems

PLUS: Microsoft's chart crimes...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including:

  • Chinese spooks all up in western telco lawful intercept
  • Jerks ruin the Internet Archive’s day
  • Microsoft drops a great report with a bad chart
  • The feds make their own crypto currency and get it pumped
  • Forti-, Palo- and Ivanti-fail
  • And much, much more.

This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs.

This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE)

Risky Biz News: Verizon call logs breached

PLUS: Firefox zero-day targeted Tor Browser users; hacked vacuums spew out slurs; hackers leak data from Pokemon gaming studio.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Sponsored: Trail of Bits on post-quantum cryptography

PLUS: The shocking truth behind triple encryption

In this Risky Business News sponsored interview, Tom Uren talks to Dan Guido, CEO of Trail of Bits, about post-quantum cryptography. The pair dive into what it is, why it is needed now and how organisations are dealing with its adoption.

Srsly Risky Biz: How Telegram turbocharges organised crime

PLUS: China wants to watch the watchers

In this podcast Tom Uren and Adam Boileau talk a new UN report that spells out the role Telegram plays as a massive enabler for transnational organised crime.

They also discuss China’s hacking of US telcos to possibly target of lawful intercept equipment and a remarkably entertaining account of North Korean IT workers being employed by over a dozen cryptocurrency firms.

This episode is also available on Youtube.

Risky Biz News: EU adopts new sanctions framework to cover Russia's cyber warfare and disinformation

PLUS: Largest US water utility provider hit by a cyberattack; hackers wipe servers at Russian state TV company; EU government orgs targeted with air-gap jumping malware.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.


SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: