In this edition of Between Two Nerds Tom Uren and The Grugq look at how criminals – and spies – try to protect themselves from state adversaries.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on how the company has been tapping into CISA’s KEV database for insights on vulnerability management and vulnerability prioritization.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll.

They talk about all sorts of things, like:

• How the ransomware ecosystem is evolving into “ma and pa” operations
• Some killer detections they’ve figured out
• What separates the good networks from the bad ones
• Why EDR is of limited value if you’re not actually monitoring it
• Why not letting MDRs do the R part of their job is really, really, really dumb

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the FBI’s overenthusiastic use of foreign intelligence data collected with the Foreign Intelligence Surveillance Act’s Section 702 powers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Germans charge FinFisher executives
• The got FBI busted misusing 702 data
• Special guest Chris Krebs talks China
• New research breaks Android fingerprint auth
• Much, much more

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the concept of cyber “pinch points”, a place of vulnerability that can be targeted to bring an opponent to their knees. These points of vulnerability must surely but Tom and The Grugq wonder how easy they are to identify beforehand.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren asks Thinkst Canary’s Haroon Meer about Mandiant CEO Kevin Mandia’s seven tips for cyber defenders. Honeypots appear at position number three, but Tom wonders what they actually achieve and how mature your security program needs to be before they it can take advantage of them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this edition of the Seriously Risky Biz podcast Patrick Gray and Tom Uren talk about the trajectory of crimephones from criminals’ best friend to greatest liability.

These devices were bad for police at the beginning, but they’ve become a net positive for law enforcement efforts, leading to hundreds of arrests, tonnes of seized drugs and deeper insight into criminal operations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Wazawaka charged, sanctioned
• PlugwalkJoe extradited, pleads guilty
• BlackBerry thinks Cuba ransomware is a front for Russian intelligence
• Anonymous Sudan pops up in Israel
• Microsoft’s Outlook patch fail
• Much, much more

This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this edition of Between Two Nerds Tom Uren and The Grugq look at last week’s Snake malware joint cybersecurity advisory and dive into what it tells us about the FSB.

In this Risky Business News sponsor interview Tom Uren asks Proofpoint’s Selena Larson about how threat actors reacted en masse after Microsoft blocked various types of macros.

Cyber criminals used a variety of different techniques to evade these blocks. In part this happened quickly because of knowledge sharing by the cyber threat intelligence community.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.