Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants

And what you can do to protect yourself...

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

Sponsored: Breaking apart OT protocols

runZero's Rob King on the how and why of reverse engineering for active discovery

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero’s Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.

Risky Biz News: US takes down GRU/APT28 botnet

PLUS: Volt Typhoon expands to Africa; Poland's spyware abuse was far worse than previously thought; and Microsoft discloses new Exchange zero-day.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: The spyware ecosystem

PLUS: Ukraine's destructive cyber attacks

In this podcast Patrick Gray and Tom Uren talk about what to do about commercial spyware. A new Google TAG report is a great primer on the ecosystem.

They also talk about Ukraine’s shift in cyber strategy. It is now carrying out and publicising that it is launching destructive cyber operations.

Finally, they look at all the reasons why banning ransomware payments is a bad idea.

Risky Business #736 -- Azure misconfigurations are 2024's looming threat

PLUS: Broadcom is killing VMWare...

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Somehow there are still more Ivanti and Fortinet exploits
  • Volt Typhoon have been at it for years
  • Starlink in Ukraine gets complicated
  • Canadians hate poor Flipper
  • Much, much more…

In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.

Between Two Nerds: The cyber magic bullet

Why authoritarian states focus on information warfare

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.

Soap Box: How to dismantle Volt Typhoon-style relay networks

A terrific conversation with Greynoise's Andrew Morris...

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about:

  • Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action
  • How vendors are using Greynoise as an early warning system to identify exploitation of their products
  • How he’s using large language models to reverse exploitation attempts into actual exploits

It truly is a great conversation, we hope you enjoy it!

Sponsored: North Korea's DMARC spoofing tricks

When espionage is just asking nicely over email

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.

Risky Biz News: Ransomware passed $1 billion mark in 2023

PLUS: Volt Typhoon breached US government networks for five years; security researcher charged for hacking Apple; and a large Chinese disinfo network discovered operating in 30 countries.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: Beating back Volt Typhoon

PLUS: When everything becomes a cyber knife fight

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict.

They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.

Risky Business #735 -- AnyDesk fails the transparency test

PLUS: CISA's executive assistant director for cybersecurity drops by...

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Thought eels were slippery? Check out AnyDesk’s PR!
  • Why Microsoft’s 365 is a nightmare to secure
  • Cloudflare’s needlessly hostile blog post
  • US Government introduces “Disneyland ban” for spyware peddlers
  • Much, much more…

This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles.

This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!

Risky Biz News: Two Iranian cyber groups doxed in a week

PLUS: CIA Vault7 leaker gets prison time; Gen. Haugh takes over as NSA and Cyber Command lead; AnyDesk grapples with security breach.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Risky Biz News: Ivanti finally releases zero-day patches

PLUS: Hackers steal data on hundreds of Mexican journalists; State Farm sued because of a ransomware gang's lies; and Proofpoint and Okta lay off staff.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.