Podcasts

New Microsoft accounts will be passwordless by default, a Chinese APT is hijacking software updates, the US dominates EU cybersecurity market, and Commvault discloses a breach.

Tom Uren and Patrick Gray talk about a SentinelOne report about how it is constantly targeted by both cybercriminal and state-backed hackers. Security firms are high-value targets, so constant attacks on them are the new normal.

They also discuss an article that calls Signal “a kind of dark matter of American politics and media”. Many policy discussions occur on the app, and this explains the Trump administration’s extensive use of the app.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• British retail stalwart Marks & Spencer gets cybered
• South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat
• It’s a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups
• Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then)
• Anti-DOGE whistleblower sure sounds like he has a point

This week’s episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc’s CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems.

Editors Note : Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don’t look at how fresh that AAAA record in the DNS is, friends 😉

This episode is also available on Youtube.

The French government calls out Russian hacks for the first time, Marks & Spencer sends staff home after a ransomware attack, China accuses America of hacking a major cryptography provider, and AirBorne vulnerabilities impact Apple’s AirPlay.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the Southeast Asian criminal syndicates that run online scam compounds. Should organisations like US Cyber Command or the UK’s National Cyber Force target these gangs with disruption operations?

This episode is also available on Youtube.

In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products:

• LimaCharlie: A public cloud for SecOps
• Honeywell Cyber Insights: An OT security/discovery solution
• Fortra’s CobaltStrike and Outflank: Security tooling for red teamers

This episode is also available on Youtube.

A new prompt injection attack is effective against all the big AI models, Poland says Facebook is failing to remove malicious ads, Africa’s largest telco discloses a security breach, and hackers breach Malaysian brokerage accounts.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Edward Wu, founder and CEO of Dropzone AI. Edward talks about the impact AI in modern-day SOC teams and how its role slowly becomes a force multiplier and productivity boost rather than workforce replacement.

Cybercriminals stole more than $16 billion last year, Iran tries to hack an EU official, the Lazarus Groups pulls off a successful watering hole and zero-day attack, and WhatsApp adds new chat privacy features.

Tom Uren and Adam Boileau talk about how scam compound criminal syndicates are responding to strong government action by moving operations overseas. It’s good they are being affected, but they are shifting into new countries that don’t have the ability to counter industrial-scale transnational organised crime.

They also discuss CISA’s Secure by Design initiative and that key people behind the program have left the organisation. Given prospective job cuts at CISA it is hard to see the initiative getting a lot of love, but international cyber security authorities should pick up the slack.

This episode is also available on Youtube.