Podcasts

The Copy Fail vulnerability impacts all Linux distros going back to 2017, hackers are exploiting a cPanel auth bypass, every Moldovan citizen has their data stolen, and some scam compounds got raided raided… in Dubai.

In this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products:

• Ent AI: Co-founder Brandon Dixon pitched Ent, an intent-aware, AI-powered endpoint security control.

• Spacewalk AI: Founders Chris Fuller and Tim Wenzlau pitch Spacewalk, an AI-powered incident response platform.

• Mondoo: Co-founder Dominik Richter pitches Mondoo, an AI-powered “service as software” in the vulnerability management space.

This episode is also available on YouTube.

Tom Uren and Amberleigh Jack talk about the US government stepping in to fight ‘distillation attacks’ by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions.

They also discuss the wide-spread shift amongst Chinese threat actors to using botnets for all aspects of their operations. It’s a problem for defenders, but also a disruption opportunity for authorities.

This episode is also available on YouTube.

On this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including:

• The US government is mad as hell about Chinese firms stealing American AI technology
• Dmitri has an opinion or two about the US selling Nvidia chips to China
• Speaking of Chinese AI, Kimi’s new 2.6 is very interesting
• The US sanctions a Cambodian senator for earning mega bucks through scam compounds
• And a ransomware family is promoting itself as being … quantum-safe?

This week’s show is sponsored by Trail of Bits. CEO and co-founder Dan Guido chats to Pat about how private inference works and Trail of Bits’ audit of WhatsApp’s private AI setup.

This episode is also available on Youtube.

In this solo episode of Risky Business Features James Wilson explores how distillation techniques are both a legitimate way to train smaller models, as well as a way to steal model capabilities. It’s not just a problem for frontier labs! Any LLM-based product could have its competitive advantage stolen through these attacks.

James covers:

• High-level concept of distillation
• Why it matters including close/open-weight/open-source explanation
• Types of distillation and the prompts used
• The distillation pipeline end to end
• Distillation at scale and mitigation techniques
• Hardware resource constraints for distillation

Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking.

This episode is also available on YouTube.

A fingerprinting technique can track Tor users, Intellexa had an American exploit provider, the US accuses China of copying its AI, and the US router ban also covers WiFi hotspots.

In this Risky Business sponsored interview Casey Ellis chats to RunZero’s founder and CEO HD Moore about RunZero’s new release: 4.9. It drops this week and doubles down on OT scanning. Animated world and network maps add another layer to visualisation and for those that have been asking: yes, there’s a dark mode.

Sean Plankey withdraws his CISA Director nomination, Russians hacked the Bundestag President, Discord users gain unauthorised access to Anthropic’s Mythos, and the US sanctions a Cambodian senator for running cyber scam compounds.