Podcasts

News, analysis and commentary

Risky Bulletin: DC sues crypto ATM operator for profiting from scams

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones.

Risky Bulletin: DC sues crypto ATM operator for profiting from scams
0:00 / 6:41

Risky Biz Soap Box: runZero shakes up vulnerability management

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.

With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.

It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.

This episode is also available on Youtube.

Risky Biz Soap Box: runZero shakes up vulnerability management
0:00 / 34:17

Sponsored: The challenge of managing browser extensions

Presented by

Casey Ellis
Casey Ellis

Founder, Bugcrowd

In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it’s a priority and how Airlock can help.

Sponsored: The challenge of managing browser extensions
0:00 / 19:50

Risky Bulletin: Apple notifies French users of spyware attacks

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students

Risky Bulletin: Apple notifies French users of spyware attacks
0:00 / 7:08

Srsly Risky Biz: Exploiting authorisation sprawl is the new black

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm.

They also talk about Apple’s Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices.

This episode is also available on Youtube.

Srsly Risky Biz: Exploiting authorisation sprawl is the new black
0:00 / 17:54

Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • Apple ruins exploit developers’ week with fresh memory corruption mitigations
  • Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack
  • Salesloft says its GitHub was the initial entry point for its compromise
  • Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”
  • Rogue certs for 1.1.1.1 appear to be just (stupid) testing
  • Jaguar Land Rover ransomware attackers are courting trouble

This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!

This episode is also available on Youtube.

Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal
0:00 / 51:42

Risky Bulletin: White House to keep CyberCom and NSA dual role

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

The White House will keep the CyberCom and NSA dual-hat leadership arrangement, the US charges a major ransomware figure, Apple ships a memory safety protection feature and yet another supply chain attack hits the npm world.

Risky Bulletin: White House to keep CyberCom and NSA dual role
0:00 / 8:38

Between Two Nerds: The death of the exploit

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage.

This episode is also available on YouTube

Between Two Nerds: The death of the exploit
0:00 / 25:47

Snake Oilers: Nebulock, Vali Cyber and Cape

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:

  • Automated, AI-powered threat hunting with Nebulock

Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.

  • Runtime security for hypervisors from Vali Cyber

Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments.

  • A secure mobile telco: Cape

The only thing American cell providers love more than providing patchy coverage is getting their customers’ data owned. Cape is here to change that. It’s a security and anonymity-focussed virtual mobile network operator (MVNO) that’s been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce.

This episode is also available on Youtube

Snake Oilers: Nebulock, Vali Cyber and Cape
0:00 / 46:33

Risky Bulletin: New APT group turns out to be a phishing test

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

A new APT group turns out to be a phishing test, Qantas cuts executives’ bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites.

Risky Bulletin: New APT group turns out to be a phishing test
0:00 / 7:51