Srsly Risky Biz: China hacking for more than just IP

PLUS: Why the US needs a Cyber Force

In this podcast Patrick Gray and Tom Uren talk about recent US and UK action including indictments and sanctions levied on PRC Ministry of State Security related hackers. In contrast to previous indictments, this one focuses a lot on the hacking of government officials and parliamentarians. That’s new.

They also look at a new report that lays out the case for a US Cyber Force.

Risky Biz News: China called out over hacks, again

PLUS: Germany has a major Microsoft Exchange problem; China blocks foreign technology on government networks; and new ZenHammer attack impacts AMD Zen CPUs.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop

Finally it really is the year of Linux on the desktop!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • FVEY protests China’s widespread hacking of western politicians
  • China bans western CPUs, Windows and databases
  • Apple’s leaky M-chip prefetcher
  • Nigeria holds ex-IRS investigator hostage in Binance stoush
  • Researchers bring Rowhammer to AMD Zen and DDR5
  • And much, much more.

This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.

Sponsored: Sublime Security on attack surface reduction for email

Sublime Security CEO Josh Kamdjou introduces the company's latest feature.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh describes how Sublime implemented the concept of attack surface reduction to email security last year, how it works, and what customers are saying about it.

Risky Biz News: EU bans anonymous crypto payments

PLUS: Russian cyber-spies go after German political parties; US to undertake airline privacy review; Apple chips leak secret keys via new side-channel attack.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Biz Soap Box: Why Azure vulns should get CVEs

PLUS: A look at NIST's NVD disaster...

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.

Risky Biz News: US sanctions Russian disinfo peddlers in LATAM

PLUS: US to establish water sector cybersecurity task force; Russia suspected of wiping more Ukrainian telcos; Glassdoor doxes users.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: Microsoft deserves the stick

PLUS: Ransomware disruption needs to be nastier

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick.

They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?

Risky Biz News: New DoS loop attack impacts 300,000 systems

PLUS: Russia sanctions WaPo cyber reporters; Trend Micro links another APT to i-SOON leak; Fujitsu discloses data breach.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Risky Business #741 -- The Mintlify breach and modern supply chains

PLUS: We were tricked! By the machines!!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Turns out AI is still bad code review after all,
  • Mintlify loses a bunch of Github tokens,
  • Everything old is new again with the UDP loop DoS,
  • Know-your-(recon satellite)-customer is hard,
  • Microsoft takes away Russia’s powershell, solving living off the land,
  • And much, much more

This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

Between Two Nerds: Russia's Taurus missile leak

A masterclass in polishing a turd

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.

Sponsored: Kroll on the DPRK's foray into enterprise gear

Kroll's George Glass talks about Kimsuky's exploitation of ScreenConnect devices.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.

Risky Biz News: Edge adds new sandbox escape protection

PLUS: Data breach impacts 43 million French citizens; E-Root admin sentenced to 3.5 years in prison; BlackByte ransomware returns.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: Does 'delete America' mean deleting China too?

PLUS: The Microsoft breach that won't end

In this podcast Patrick Gray and Tom Uren talk about ‘Document 79’, a PRC government document that calls for the Chinese companies in finance, energy and other sectors, to remove foreign software from their IT systems by 2027.

They also talk about the difficulties that Microsoft is facing in permanently removing SVR hackers from its systems.

Risky Business #740 -- Midnight Blizzard's Microsoft hack isn't over

PLUS: Why is the SEC action against Solarwinds making CISOs nervous?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Weather forecast in Redmond is still for blizzards at midnight
  • Maybe Change Healthcare wasn’t just crying nation-state wolf
  • Hackers abuse e-prescription systems to sell drugs
  • CISA goes above and beyond to relate to its constituency by getting its Ivantis owned
  • VMware drinks from the Tianfu Cup
  • Much, much more

This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director.

John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing.

Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t.

Sponsored: The Passkey juggernaut

Yubico's Derek Hanson on how and why organisations are rolling out Passkeys

In this Risky Business News sponsored interview, Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances. Derek covers the different reasons organisations are investing in Passkeys, what organisations need to know to deploy them successfully, and warns that too often current deployments are too focused on authorisation rather than looking at the end user holistically.

Risky Biz News: Russian hackers stole Microsoft's source code

PLUS: CISA had Ivanti servers, so of course they got hacked; China has been secretly removing American technology; Malta will strip citizenship from spyware exec.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.