Feature interview: ASIO Director General Mike Burgess on encryption and access

ASIO's chief talks about the challenges involved in accessing extremists' group chats...

Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO.

Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content.

So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.

Risky Biz News: Telegram founder Pavel Durov detained in France

PLUS: The identity of a major hacker leaks from a private CrowdStrike report; Meta takes down APT42 WhatsApp accounts; threat actors can use stolen credit cards via digital wallet apps.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey

You can find the newsletter version of this podcast here.

Risky Biz News: Fraud tactics evolve with NFC card cloning malware

PLUS: Karakurt member faces the music; US semiconductor company disrupted by cyberattack; Xiaomi deployed patch before hacking contest, removed it after.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast here.

Australia's National ID System Will Be Awful... And Then Great

PLUS: What's a Little Spying Between Friends?

In this podcast Tom Uren and Patrick Gray discuss an Australian government effort to bridge the gap between online and real identity across the whole economy. It addresses a real need, but Tom doesn’t think it will go smoothly.

They also discuss ongoing Chinese cyber espionage focussed on Russian targets. They may have a ‘no limits’ friendship, but spying between allies is remarkably common.

This episode is also available on Youtube.

Risky Business #760 – Microsoft to make MFA mandatory

PLUS: Florida man exposes hundreds of millions of social security numbers...

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:

  • Microsoft did a good thing! Soon all Azure admins will require MFA
  • The three billion row National Public Data breach mess, courtesy Florida Man
  • US govt confirms that it was Iran that hacked the Trump campaign
  • Is TP-Link the next Huawei, or just not very good at computers?
  • Major Chinese RFID card maker has hardcoded backdoors
  • And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.

Wide World of Cyber: 2024 election interference, the media and Iran's hack and leak

We’ve come a long way since 2016…

In this conversation Risky Business host Patrick Gray speaks with SentinelOne’s Chris Krebs and Alex Stamos about what sort of cyber enabled interference we can expect in the 2024 US presidential race.

Alex was the CISO at Facebook during the 2016 election, and Chris Krebs was responsible for US election security as the director of CISA in 2020.

Watch the video version of this episode on Youtube.

Risky Biz News: Hardware backdoors found in Chinese key card

PLUS: US House wants TP-Link investigated as a national security threat; major RCE bug discovered in OpenBMC; OpenAI takes down Iranian influence op.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Sponsored: How Pfizer uses Island's enterprise browser

Brian A. Coleman is definitely a fan!

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Brian A. Coleman, Senior Director at Pfizer for Insider Risk, Information Security, Digital Forensics Expert. Brian goes over all the Island features that have made the browser a favorite tool to secure older corporate apps, either by blocking insecure features or adding logging capabilities where they didn’t exist.

Risky Biz News: Ransom campaign hits cloud servers

PLUS: Iranians also targeted the Harris campaign; Germany wants to limit Windows kernel access; 2024 set to be highest-grossing year for ransomware.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Srsly Risky Biz: The US Government's cyber insurance plans are silly

PLUS: Winning against hack and leak

In this podcast Tom Uren and Patrick Gray discuss a US government policy initiative to cover cyber insurance gaps while also improving security across the economy. Lofty goals, but Tom wonders if it is a difficult way to address security gaps.

They also talk about what appears to be a hack and leak operation targeting the Trump campaign and a recent US federal court decision which ruled that geofence warrants are unconstitutional.

You can watch the video version of this episode here.

Risky Business #759 – Why Iran's hack and leak will amount to naught

PLUS: A wrap up of all the best research from Black Hat and DEFCON...

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover:

  • Iran tries an election hack’n’leak like its still 2016
  • Crowdstrike takes home the Pwnie for Epic Fail at DEF CON
  • UK healthcare SaaS faces six million pound fine for lack of MFA
  • US circuit courts disagree on geofence warrants
  • Our roundup of juicy Blackhat/DEF CON research
  • And much, much more.

This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through into the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems.

You can also watch this week’s show on Youtube.

Risky Biz News: FBI seizes Dispossessor ransomware servers

PLUS: US charges Angler exploit kit member; hacker leaks upcoming Netflix shows; UK explores nationwide cyber-deception network.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Soap Box: Making security tech more people friendly

Proofpoint's Ryan Kalember joins the show...

In this sponsored Soap Box edition of the show we talk to Proofpoint’s Chief Strategy Officer Ryan Kalember about making security tech more people centric.

We often talk about how we can use signals from users to drive some of our security tech. But what about using our security tech to drive user behaviour?

Ryan thinks there are some opportunities here, particularly around identity security.

Sponsored: What CISA's advisories really mean for defenders

Corelight CEO Brian Dye

In this Risky Business News sponsored interview, Tom Uren talks to Brian Dye, CEO of Corelight about a string of recent CISA advisories. These advisories address specific technical issues, but when examined together Brian says there is an underlying message about addressing security holistically.

Risky Biz News: SEC drops MOVEit hack investigation

PLUS: Windows downgrade attack revealed at Black Hat; ICO fines contractor behind NHS ransomware attack; State Dept puts $10 million bounty on IRGC-CEC hackers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.


SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: