Snake Oilers: Authentik, Dropzone and SlashID

An open source IDP, AI SOC agent and ITDR platform walk into a bar...

In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies:

  • Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs
  • Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst
  • SlashID, an identity security company that can crunch your logs to find attackers

You can watch this edition of Snake Oilers on YouTube here.

Srsly Risky Biz: Using Exploits to Steal Exploits Is as Old as Time

PLUS: Iran has a good idea

In this podcast Tom Uren and Patrick Gray discuss Russia’s use of exploits from commercial spyware vendors. Bought through a front, or stolen with other bugs?

The also discuss Iran’s counter-intelligence innovations - if you apply for a job thats very clearly an Israeli front, then perhaps you’re not that trustworthy after all?

This episode is also available on Youtube.

Risky Business #762 -- Brazil nukes X, Iranian APTs deploy ransomware

PLUS: North Korean Chrome 0day gets burned...

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

  • Brazil’s supreme court bans X-formerly-Twitter,
  • Iranian cyber teams cooperate with ransomware crews
  • While North Koreans wield chrome-windows 0-day
  • Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
  • The White House is coming for your unsigned BGP announcements
  • And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!

You can also watch this episode on Youtube.

Risky Biz News: China ramps up US election disinformation

PLUS: White House weighs in on BGP security; TfL tells staff to work from home after cyberattack; Russia wants to block foreign web crawlers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Between Three Nerds: How the MSS became a cyber juggernaut

All about China's Ministry of State Security with Alex Joske

In this edition of Between Three Nerds Tom Uren and The Grugq talk to Alex Joske, author of a book about how the Chinese Ministry of State Security (MSS) has shaped Western perceptions of China. They discuss the MSS’s position in the Chinese bureaucracy, its increasing role in cyber espionage, its use of contractors and the PRC’s vulnerability disclosure laws.

Sponsored: GreyNoise launches private preview of Plasma sensors

Andrew Morris deploys one of the sensors while we're having a chat.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Andrew Morris, founder of security firm GreyNoise. Andrew introduces Plasma, a new GreyNoise product that can allow customers to deploy custom GreyNoise sensors anywhere they want—on perimeters, on internal networks, on DMZs, or anywhere else.

Srsly Risky Biz: Telegram's CEO released on bail, can't leave France

PLUS: Easy ways to identify North Korean job applicants...

In this podcast Tom Uren and Patrick Gray talk about Telegram’s founder and CEO Pavel Durov being bailed. They dive into the backstory behind the charges he’s facing and what it all might mean for other messaging platforms.

They also discuss a very handy list of straightforward ways to detect North Korean’s trying to sneak into remote work jobs.

Risky Business #761 – Telegram v frogs. Fight!

But muhhhh freeedommmsss!

On this week’s show, Patrick Gray and Adam Boileau discusses the week’s security news, including:

  • Telegram founder’s arrest in France
  • Volt Typhoon 0days some SD-WAN gear
  • Russia frets about Ukraine all up in Kursk’s webcams
  • Cybercriminals social engineer payment card NFC relay attacks in the wild
  • The slow burn of Active Directory name collisions
  • And much, much more.

This week’s episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly.

You can also watch this week’s show on Youtube.

Risky Biz News: Volt Typhoon returns with a new zero-day

PLUS: Pentagon runs Tinder info-op; Seattle airport still crippled by major cyberattack; evolved malware can wipe security tools off a victim's disk.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Feature interview: ASIO Director General Mike Burgess on encryption and access

ASIO's chief talks about the challenges involved in accessing extremists' group chats...

Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO.

Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content.

So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.

Risky Biz News: Telegram founder Pavel Durov detained in France

PLUS: The identity of a major hacker leaks from a private CrowdStrike report; Meta takes down APT42 WhatsApp accounts; threat actors can use stolen credit cards via digital wallet apps.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey

You can find the newsletter version of this podcast here.

Risky Biz News: Fraud tactics evolve with NFC card cloning malware

PLUS: Karakurt member faces the music; US semiconductor company disrupted by cyberattack; Xiaomi deployed patch before hacking contest, removed it after.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Australia's National ID System Will Be Awful... And Then Great

PLUS: What's a Little Spying Between Friends?

In this podcast Tom Uren and Patrick Gray discuss an Australian government effort to bridge the gap between online and real identity across the whole economy. It addresses a real need, but Tom doesn’t think it will go smoothly.

They also discuss ongoing Chinese cyber espionage focussed on Russian targets. They may have a ‘no limits’ friendship, but spying between allies is remarkably common.

This episode is also available on Youtube.

Risky Business #760 – Microsoft to make MFA mandatory

PLUS: Florida man exposes hundreds of millions of social security numbers...

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:

  • Microsoft did a good thing! Soon all Azure admins will require MFA
  • The three billion row National Public Data breach mess, courtesy Florida Man
  • US govt confirms that it was Iran that hacked the Trump campaign
  • Is TP-Link the next Huawei, or just not very good at computers?
  • Major Chinese RFID card maker has hardcoded backdoors
  • And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.


SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: