Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack

We're back, and there's plenty to cover…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Twitter bluechecks face phishing barrage
  • Australian government goes berserk on Medibank hack response
  • Former WSJ journalist sues law firm over email hack and info op that got him fired
  • OpenSSL bug lands with a whimper
  • Apple macOS Ventura update breaks security tools
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka.

Between Two Nerds: When Small is Beautiful

Why do some states use small separate dispersed groups such as contractors?

In this edition of Between Two Nerds Tom Uren and The Grugq discuss why some states seem to favour small dispersed groups that are contractors rather than large centralised organisations like the NSA and GCHQ. Do they see positive benefits in that approach? Or do they use contractors out of necessity?

Risky Biz News: GitHub aflood with fake and malicious PoCs

PLUS: Iran nuclear agency hacked; $60 million ransom demanded from UK car dealership Pendragon; and DormantColors spreads malicious Chrome and Edge extensions.

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu.

You can find the newsletter version of this podcast here.

Snake Oilers: Truffle Security, KSOC and Snyk

If you are "extremely online" you'll like this edition...

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  • Truffle Security talks secrets discovery
  • KSOC builds Kubernetes security tools
  • Snyk has a new product to better secure Infrastructure as Code

Between Two Nerds: Cyber Operations on the Battlefield

Can cyber operations be integrated with tactical conventional warfare?

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether destructive cyber effects can be integrated effectively with tactical conventional warfare. There are some wrinkles: how do soldiers on the ground know what cyber ops can be used for, can you execute them fast enough and what can they even do anyway?

Snake Oilers: Tines, Code42 and Kroll

Roll up roll up, three pitches for youuuuu…

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  • Tines, the no code security automation solution that people are going absolutely nuts over
  • Code42, the insider threat detection solution maker
  • Kroll talks about its MDR offering

Seriously Risky Biz: Biden's SIGINT EO Doesn't Change Much

PLUS: No, Article 5 invocation over cyber won't cause world war three...

In this edition of Seriously Risky Business Patrick Gray and Tom Uren talk about US President Joe Biden’s Executive Order on SIGINT collection and why Albania almost invoking Article 5 over a cyberattack probably isn’t a gigantic big deal.

Risky Business #682 -- Starlink goes dark on Ukraine's front line

PLUS: Why Joe Sullivan's conviction isn't a "CISO witch hunt"...

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:

  • Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you
  • United States puts chipmaking restrictions on China, APT activity is coming
  • Elon blinks and Starlink goes dark on Ukraine’s front line
  • Master cyber criminal arrested in Australia
  • Much, much more

This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest.