In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• More details on sanctioned Medibank hacker Aleksandr Ermakov
• More details on alleged Scattered Spider hacker Noah Michael Urban
• RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge
• Ron Wyden did something useful…
• …then did something stupid
• Ivanti’s clown car collides with dumpster fire
• Much, much more

This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob.

Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the war in Ukraine is showing how useful mobile devices are in war. Using them is risky, but those risks need to be managed.

They refer to this report which examines location tracking in the battlefield.

NOTE: We initially published the wrong mp3 for this episode. It has been corrected!

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about how the SEC’s new disclosure rules that mean companies have four days to report cyber security incidents once they’ve formally decided that they are material. So far, companies are very much erring on the side of caution.

They also look at the criticism of the CSRB’s board composition. Tom thinks these critiques are misguided. The cyber security landscape is so fractured that if the board were made up of faceless bureaucrats it would get very limited traction.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how having so much data available about Americans feels creepy, yet there is little visible harm to individuals. But there are still reasons to be worried.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news.

• Microsoft honks its clown car horn
• Australia’s hounds, released, catch their man
• The beginning of the end for Scattered Spider
• SEC was SIM swapped but had MFA off any way
• Ivanti learns a lesson…
• … while Progress does not
• and much more

DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs.

In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong.

In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation’s critical infrastructure.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how although the PRC has pivoted to quieter living-off-the-land approaches, they don’t really care about stealth. They just want long-term access. So this means noisily digging in to networks and targeting end-of-life devices.

They also look at the FTC’s settlement against geolocation data broker Outlogic. It’s a win, but it’s built on shaky foundations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Their disappointment over last week’s SEC Twitter hack
• China rainbow-tables Airdrop
• Enterprise bugs galore…
• … and why patching fast is hard when there isn’t even a patch yet
• UEFI flaws get trad-BIOS-era vendor response
• and much, much more…

This week’s show is unsponsored, we’re just here for the fun of it.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Stuxnet was an ‘inevitability gamechanger’, how much we now know about the operation and how much the Dutch government should have known at the time.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Ken Westin, Field CISO at Panther about how the rise of cloud and hybrid IT architectures requires a new type of SIEM.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.