A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about security researcher Jon DiMaggio infiltrating the LockBit ransomware group. DiMaggio’s report shows that there are numerous disruption operations.

They also cover a new Ukrainian report about Russia’s combined cyber, conventional and military operations. It doesn’t look like the Russians are deftly coordinating these different attacks to maximum effect so much as using a kitchen sink approach.

Finally, they look at a French general’s warning to other European countries that the US might use Cyber Command hunt forward operations as an intelligence gathering operation. We don’t think this is at all likely, but the general has hit on a fear that other countries will have.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Royal Mail attack was LockBit and GCHQ will probably “bust some heads”
• CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age
• Cloudflare backs Mastodon
• Paul Nakasone: NSA did some great stuff! It was really good!
• Cisco won’t patch SMB routers sold in 2020
• Much, much more

This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about a new Carnegie report that does a really good job examining the interplay of disruptive cyber operations and conventional military action in Russia’s invasion of Ukraine.

They also examine the trajectory of NSO Group. The US Supreme Court has decided that WhatsApp’s court case against the firm can continue, but the political environment has changed so drastically we don’t think the court case will make much difference in the end.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:

• Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
• All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
• A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
• Why automotive security research will actually be interesting this year
• PLUS: A bunch of random news!

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about Apple’s latest move to roll out end-to-end encrypted iCloud backups and how that plays into the lawful access debate. Pending legislation in the US, UK and EU is all about mitigating online harms and countering child exploitation, so they think the policy debate has moved on from lawful access. There are lots of measures that companies could take in this space that don’t compromise end-to-end encryption, and legislators are going to force companies to do more. They also look at the next move for North Korean hackers. They’ve had an absolute field day pillaging cryptocurrency ventures. What will their next move be as the “Crypto Winter” arrives?

You can find the newsletter post this podcast is based on here.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and presented by Patrick Gray.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Apple to introduce user-encrypted backups, FBI is sad
• Twitter ices e2ee plans for DMs
• RackSpace is getting sued over its hosted Exchange ransomware incident
• Dodgy driving: Microsoft signs some shady stuff
• Japan to change laws, release the Shibas
• A look at the US NDAA
• Much, much more

This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

In this sponsored podcast Patrick Gray and Ryan Kalember talk about Proofpoint’s acquisition of Illusive, a company that started off in the “deception” space and then moved towards doing attack path analysis and management.

In this edition of Between Two Nerds Tom Uren and The Grugq find that for most countries use of cyber capabilities makes sense. Except for the US. They are in a different position and the development of cyberspace as a domain of strategic competition is a net loss for them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and presented by Patrick Gray, who’s filling in for Claire Aird.

You can find the newsletter version of this podcast click here.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and presented by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about how Microsoft continues to get important stuff wrong on Chinese vulnerability regulation and Russian cyber warfare. They also discuss how Cyber Safety Review Board’s decision to look at teenage hacking Lapsus$ is a good one, and how a Chinese APT group’s efforts to steal US Covid relief money will really annoy people. You can read the newsletter the podcast is based on here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Samsung, LG Android signing keys pinched
• LastPass gets owned again
• APT41 steal covid relief money
• Amnesty International hacked in Canada
• Much, much more

This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and presented by Claire Aird.

You can find the newsletter version of this podcast click here.