Risky Biz News: GitHub aflood with fake and malicious PoCs

PLUS: Iran nuclear agency hacked; $60 million ransom demanded from UK car dealership Pendragon; and DormantColors spreads malicious Chrome and Edge extensions.

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu.

You can find the newsletter version of this podcast here.

Snake Oilers: Truffle Security, KSOC and Snyk

If you are "extremely online" you'll like this edition...

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  • Truffle Security talks secrets discovery
  • KSOC builds Kubernetes security tools
  • Snyk has a new product to better secure Infrastructure as Code

Between Two Nerds: Cyber Operations on the Battlefield

Can cyber operations be integrated with tactical conventional warfare?

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether destructive cyber effects can be integrated effectively with tactical conventional warfare. There are some wrinkles: how do soldiers on the ground know what cyber ops can be used for, can you execute them fast enough and what can they even do anyway?

Snake Oilers: Tines, Code42 and Kroll

Roll up roll up, three pitches for youuuuu…

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  • Tines, the no code security automation solution that people are going absolutely nuts over
  • Code42, the insider threat detection solution maker
  • Kroll talks about its MDR offering

Seriously Risky Biz: Biden's SIGINT EO Doesn't Change Much

PLUS: No, Article 5 invocation over cyber won't cause world war three...

In this edition of Seriously Risky Business Patrick Gray and Tom Uren talk about US President Joe Biden’s Executive Order on SIGINT collection and why Albania almost invoking Article 5 over a cyberattack probably isn’t a gigantic big deal.

Risky Business #682 -- Starlink goes dark on Ukraine's front line

PLUS: Why Joe Sullivan's conviction isn't a "CISO witch hunt"...

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:

  • Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you
  • United States puts chipmaking restrictions on China, APT activity is coming
  • Elon blinks and Starlink goes dark on Ukraine’s front line
  • Master cyber criminal arrested in Australia
  • Much, much more

This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest.

Seriously Risky Biz: The CIA is too stupid to know it's stupid

PLUS: North Korea has a smartphone hacking scene...

In this episode of Seriously Risky Biz Patrick Gray and Tom Uren talk about the CIA’s catastrophically moronic covert communications system, the North Korean smartphone hacking scene and the significance of a Netwalker affiliate’s 20 year prison sentence.

Risky Business #681 -- It's Exchangehog Day

PLUS: How the CIA's terrible online opsec got its agents killed…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • More Exchange 0days cause more havoc
  • A look at some earlier Exchange hack incidents
  • How the CIA got its agents killed with its truly awful online opsec
  • Ex NSA staffer arrested for espionage
  • Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags.