Risky Biz News: 1,000 detained in scam compound raid

PLUS: Okta's long username whoopsie; Microsoft to charge home users $30 for Windows 10 extended security updates; crypto-exchange reimburses users hours after major hack.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Sponsored: Nucleus Security on partners and integrations

Adam Dudley says C-suites are now interested and inquiring about vulnerability management more than practitioners.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Adam Dudley, Senior Director for Strategic Initiatives & Alliances at Nucleus Security, on how the company works with partners and customers to constantly improve its service. Adam also touches on how executives are now inquiring about vulnerability management more than low-level practitioners.

Risky Biz News: Sophos doxes Chinese exploit development centers

PLUS: US removes Sandvine from sanctions list after pinky promise; Vodafone fined for insecure wiretapping system; supply chain attack targets crypto-wallet users.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Business #768 -- CSRB will investigate China's Wiretap Hacks

PLUS: Crypto thieves return stolen US government crypto-booty...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • CSRB to investigate China’s telco-wiretapping hacks
  • Euro law enforcement takes down the Redline infostealer
  • Someone steals Fed crypto… and then tries to quietly sneak it back in
  • Russia sentences REvil guys to … jail? Really?
  • Apple private cloud compute gets a proper bug bounty program
  • And much, much more.

This week’s episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and Material Security’s Rajan Kapoor to talk about how to wrangle securing data that ends up in corporate cloud email and file stores.

This episode is also available on Youtube.

Risky Biz News: Two arrests in Operation Magnus

PLUS: CSRB to look at China's telco hack; Japanese man sentenced for developing ransomware with AI; major hack at Canada's Revenue Agency.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Biz Soap Box: Thinkst Canary's decade of deception

A long chat with Thinkst's founder Haroon Meer...

In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including:

  • A history of Thinkst Canary including a recap of what they actually do
  • A look at why they’re still really the only major player in the deception game
  • A look at what companies like Microsoft are doing with deception
  • Why security startups should have conference booths

Risky Biz News: Russia sends REvil gang members to prison

PLUS: Delta sues CrowdStrike; Chinese telco hack also targeted Trump and Harris phones; Satya Nadella asks for a pay cut after cybersecurity failures.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Biz News: Fortinet bungles another zero-day disclosure

PLUS: US offers reward for suspected Tortoiseshell APT members; Linux removes Russian maintainers; Georgian authorities raid two Atlantic Council disinfo researchers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: EU lobs software liability hand grenade

PLUS: the journey of the idealist

In this podcast Tom Uren, Patrick Gray and Adam Boileau talk about an EU directive that will make vendors liable for software defects. The directive sets a very high bar but is also limited in scope. It only applies to individuals and doesn’t cover professional use so it is a very practical way to start changing expectations about liability.

They also talk about Session Messenger app which has decamped from Australia and set up a foundation in Switzerland. The encrypted and metadata-resistant app is catnip for criminals, so we expect that it is on a collision course with state power.

This episode is also available on Youtube.

Risky Biz News: Apple wants a 45 day limit on TLS certificates

PLUS: Russian government forgets about Operation Triangulation; Japan police trace Monero transactions to detain suspects; SEC fines four companies over SolarWinds hack disclosures.

This episode previously referred to a 10 day limit, but we read the wrong bit of a table. This has been corrected in the title to 45 days, but the podcast audio still refers to the incorrect 10 day maximum age. Sorry!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Business #767 – SEC fines Check Point, Mimecast, Avaya and Unisys over hacks

PLUS: We gotta hand it to 'em. North Korea has game.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • SEC fines tech firms for downplaying the Solarwinds hacks
  • Anonymous Sudan still looks and quacks like a Russian duck
  • Apple proposes max 10 day TLS certificate life
  • Oopsie! Microsoft loses a bunch of cloud logs
  • Veeam and Fortinet are bad and should feel bad
  • North Koreans are good (at hacking)
  • And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish.

This episode is also available on Youtube.

Between Two Nerds: Measuring cyber power

PLUS: One pew-pew map to rule them all

In this edition of Between Two Nerds Tom Uren and The Grugq talk about a new attempt to measure cyber power, the International Institute for Strategic Studies Cyber Power Matrix.

Risky Biz News: The EU will make vendors liable for bugs

PLUS: Wiper attacks hit Israel via fake ESET email; Microsoft loses weeks of security logs; DOD looks to buy deepfake tech.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Sponsored: How serious attackers drive MFA adoption

Okta's Brett Winterford on shutting the gate after the horse has bolted

In this Risky Business News sponsored interview, Tom Uren talks to Brett Winterford, Okta’s APAC Chief Security Officer. Brett has mined Okta’s data and finds strong evidence that organisations invest in phishing-resistant authentication methods once they know they’ve been targeted by groups that excel at social engineering (such as Scattered Spider).

Brett discussed this research at Okta’s conference, Oktane, which was held in Las Vegas on 15 to 17 October 2024.

Risky Biz News: Anonymous Sudan's Russia Links Are (Still) Obvious

PLUS: Iranian hackers sell access to US critical infrastructure; North Korea hacked ad platforms to deploy an Internet Explorer zero-day; hacker "USDoD" arrested in Brazil.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: When thuggery is your cyber talent pipeline

PLUS: AI is no gift to malicious actors

In this podcast Tom Uren and Patrick Gray talk about the evolving relationship between Russian intelligence services and the country’s cybercriminals. The GRU’s sabotage unit, for example, has been recruiting crooks to build a destructive cyber capability. Tom suspects that GRU thugs are not so good at hands-on-keyboard operations, but excellent at coercing weedy cybercriminals to hack for the state.

They also talk about OpenAI’s report into malicious actor’s use of its models, and how Australia’s proposed cyber security law looks pretty sensible.

Risky Business #766 – China hacks America's lawful intercept systems

PLUS: Microsoft's chart crimes...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including:

  • Chinese spooks all up in western telco lawful intercept
  • Jerks ruin the Internet Archive’s day
  • Microsoft drops a great report with a bad chart
  • The feds make their own crypto currency and get it pumped
  • Forti-, Palo- and Ivanti-fail
  • And much, much more.

This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs.

This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE)


SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: