Podcasts

News, analysis and commentary

Risky Bulletin: DanaBot and Lumma Stealer taken down

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Law enforcement takes down the DanaBot and Lumma Stealer malware operations, the US government wants a centralized data broker platform, Turkey dismantles a Chinese IMSI catcher spy ring, and Russia hacked border cameras to track Ukrainian military aid.

Risky Bulletin: DanaBot and Lumma Stealer taken down
0:00 / 7:33

Srsly Risky Biz: Telegram is cooperating with authorities, for now

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Patrick Gray talk about how Telegram took down the two largest ever criminal marketplaces recently. They used Telegram for all their communications and had collectively sold over USD$30 billion in illicit products. The pair discuss why Telegram is now cooperating with authorities after historically being reluctant and whether this assistance will continue.

They also discuss how Meta is awash with scam advertisements and how Chinese mobile app encryption is suspiciously awful.

This episode is also available on Youtube.

Srsly Risky Biz: Telegram is cooperating with authorities, for now
0:00 / 20:27

Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • TeleMessage memory dumps show up on DDoSecrets
  • Coinbase contractor bribed to hand over user data
  • Telegram does seem to be actually cooperating with law enforcement
  • Britain’s legal aid service gets 15 years worth of applicant data stolen
  • Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library

This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!

This episode is also available on Youtube.

Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now
0:00 / 53:01

Risky Bulletin: TeleMessage data published by DDoSecrets

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

DDoSecrets archives 400GB of stolen TeleMessage data, the FBI closes its FISA watchdog office, Predatorgate lawsuit delayed due to interpreter shortage, and a wave of DDoS attacks disrupt Russian government portals.

Risky Bulletin: TeleMessage data published by DDoSecrets
0:00 / 6:41

Between Two Nerds: Why hackers and spies don't mix

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies.

This episode is also available on Youtube.

Between Two Nerds: Why hackers and spies don't mix
0:00 / 28:35

Risky Bulletin: Japan passes active cyber defense law

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Patrick Gray
Patrick Gray

CEO and Publisher

Japan passes a new active cyber defense law, printer software gets shipped with malware, a UK telco leaks user data and geolocation via its 4G network, and Volkswagen patches major bugs in its mobile app.

Risky Bulletin: Japan passes active cyber defense law
0:00 / 6:20

Sponsored: Securing identity is like building a house while blindfolded

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem.

Sponsored: Securing identity is like building a house while blindfolded
0:00 / 15:50

Risky Bulletin: Coinbase reveals insider breach, extortion attempt

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Coinbase was extorted by hackers who bribed employees for user data, America’s largest steel producer halts production after a cyberattack, Scattered Spider shifts to targeting US retailers, and the US abandons plans to protect Americans from data brokers.

Risky Bulletin: Coinbase reveals insider breach, extortion attempt
0:00 / 7:41

Risky Biz Soap Box: Push Security's browser-first twist on identity security

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.

There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?

This is a fun one!

This episode is also available on Youtube.

Risky Biz Soap Box: Push Security's browser-first twist on identity security
0:00 / 34:24

Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this special edition of the Seriously Risky Business podcast Patrick Gray speaks with former NSA Cybersecurity Director Rob Joyce and former director of the CIA’s Center for Cyber Intelligence Andy Boyd.

The talk about what offensive cyber could look like under Trump 2.0, and the shake-up the intelligence community is going through under various White House initiatives.

This episode is also available on Youtube.

Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber
0:00 / 43:03