Podcasts

Trump orders investigation into former CISA director Chris Krebs, the US DOJ disbands its crypto crime team, NSO hires a new lobby team, and researchers raise the alarm on something called “slopsquatting”.

Tom Uren and Patrick Gray discuss Trump’s recent firing of General Timothy Haugh, the head of NSA and Cyber Command. Tom dives into the implications and thinks why this is not good news for the agencies.

They also discuss Europe losing faith in the US intelligence commitments that underpin transatlantic data flows. That would be bad news for US tech companies.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter
• NSA and CyberCom leaders fired for not being MAGA enough
• US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them
• …which is a great time to discuss slashing CISA’s staffing
• Ransomware crews and bullet proof hosting providers are getting rekt, and we love it
• And Microsoft patches yet another logging 0-day being used in the wild.

This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. And one that Yubico is actually really ideally positioned to solve.

This episode is also available on Youtube.

Hackers leak data from a major Russian bulletproof hosting provider, Australia deregisters 95 companies linked to cyber scams, the US Treasury gets hacked again, and Meta expands “teen accounts” to Facebook and Facebook Messenger.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of ‘false scarcities’ in cyber security. Are bugs and talent rare? Or is our thinking blinkered?

This episode is also available on Youtube.

Trump fires NSA and CyberCom leadership, CISA looks likely to be halved in size, hackers hit Australian pension funds, and NIST gives up on old CVEs in its backlog.

Android looks set to get its own Lockdown Mode, China overhauls cybersecurity and privacy laws, a crypto platform gets hacked for $70 million dollars, and Greece’s intel agency is set to hire more hackers.

Tom Uren and Patrick Gray discuss how North Korean IT worker scam is shifting towards Europe and employing tactics that make it more dangerous.

They also discuss why Signalgate was a massive security failure. We learnt this week that US cabinet members were in multiple Signal groups discussing different topics. Phone hacking is not uncommon, an adversary states will be able to take advantage of the intelligence in these conversations.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, Oracle Health and Oracle Cloud did get hacked
• The fallout from Signalgate continues
• North Korean IT workers pivot to Europe
• Honeypot data suggests a storm is brewing for Palo Alto VPNs
• Canadian Anon gets arrested for hacking Texas GOP

This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit.

This episode is also available on Youtube.

A North Korean IT worker scheme pivots to Europe after a US crackdown, 24,000 IPs are looking for Palo Alto Networks VPNs, Gmail rolls out end-to-end encrypted emails for enterprise users, and hackers steal over $100 million via Coinbase phishing.