In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing.

He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq contrast between different cyber operations that occurred in 2016. In one, US Cyber Command used cyber operations to attack ISIS’ propaganda operations. In the other, Russian cyber operators interfered with US Presidential elections. US action was tightly scoped, measurable and an underwhelming success, whereas Russian activity was nebulous and hard to measure but could have changed the course of the election.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the a thought bubble floated by military cyber professionals that the US armed forces needs a US Cyber Force. The justification is a bit light on and Tom doesn’t really think the proposal makes sense.

They also discuss US Cyber Command’s “Hunt Forward” operations. In these operations partner countries invite CYBERCOM in to hunt for adversary activity. Access to networks is touchy stuff, though, so CYBERCOM spends a lot of time and effort in diplomatic efforts convincing potential partner agencies. We think these types of activities are great but in some parts of the world — think Asia — a warmer and fuzzier branding might be the go.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.

On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:

• The Biden White House’s executive order on spyware
• Why the infosec community writ large is wrong on TikTok
• Clop campaign: it’s time to ditch your file transfer gateways
• Major Android app booted from store because it was full of 0day privesc exploits lol
• More detail on the BreachForums admin arrest
• Much, much more

This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.

In this edition of Between Two Nerds Tom Uren and The Grugq look at what the real problems with TikTok are. Many people are focussing on risks we think are irrelevant or overblown, but it is a massively influential app under Chinese Communist Party control.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra.

They cover:

• Yevgeny Prigozhin’s entire enterprise got majorly owned
• Kremlin bans iPhones among President’s staff
• A look at those Android handset baseband bugs (woof)
• A discussion of the acropalypse issue
• Why you need to sort out your egress filtering in light of the latest Outlook bug
• Shanna Daly joins us on stage to talk about why the infosec industry sucks
• Plus much much more

This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the natural advantages that network defenders have. Despite this “home ground advantage” hackers still have a great deal of success and Tom and The Grugq look at what does work in favour of attackers.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the RESTRICT Act, proposed US legislation that tries to deal with the problems posed by technologies from foreign adversaries. RESTRICT gives the US government powers to deal with companies like Kaspersky, Huawei and now TikTok on an ongoing basis, rather than muddling through in an ad hoc way each time a problem company pops up. It also requires that the Secretary of Commerce come up with processes and procedures to deal with and mitigate these types of threats, rather than the current whack-a-mole approach.

They also discuss a draft Cambodian cyber security law and experts’ concerns that it could be abused by the Cambodian government to maintain its grip on power. This law has many similarities to Australian critical infrastructure law and Tom and Pat discuss the reasons behind the law in Australia. There’s a straight line between a serious ransomware incident in Australia and the resulting law, but still, Cambodia’s government remains authoritarian.

Finally, they look at a Carnegie report on Chinese manipulation of international standards setting organisations. It’s a good report and explains what is going on — Chinese manipulation does happen occasionally, but it is “largely unsuccessful”.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Threat actors are really enjoying home networks and BYOD these days…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why our LastPass/DPRK hunch weakened
• CISA launches ransomware warning program
• Is the Ring data extortion real?
• White House flags cloud service security regulation
• Pig Butchering overtakes BEC as top cybercrime earner
• Much more!