Podcasts

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why an internet shutdown won’t stop US cyber operations in Iran.

This episode is also available on Youtube.

US federal agencies told to crack down on scams and cybercrime, the White House releases its new Cyber Strategy, suspected Chinese hackers breach the FBI’s wiretap network, and Romania’s largest meat exporter is insolvent after a ransomware attack.

In this Risky Business sponsor interview, Marco Slaviero, CTO of Thinkst, talks to Tom Uren about how the company ensures that it is a learning organisation.

The pair discuss the company’s investment in its Thinkst Labs, how it differs from other security research labs, and how it helps grow products and people.

Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran’s cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no’ to encrypted private messaging.

In this edition of Risky Business Features James Wilson chats with cohost Brad Arkin about what it’s like being a CISO for a global company when a war starts.

How do you deal with a branch office full of important key material being abandoned? What about cloud infrastructure that’s in a data centre that falls into enemy hands? And if your staff are okay, are any of your key suppliers going to face problems?

As you’ll hear, being a wartime CISO is less about adjusting your SIEM sensitivity because the Iranians are coming to get you, and more about figuring out how to deal with very real threats to life and infrastructure.

Tom Uren and Amberleigh Jack talk about how cyber operations were used in the first hours of the US-Israeli attack on Iran. They were instrumental in the attack on Iranian Supreme Leader Ali Khamenei, but they didn’t last long. The Iranian regime implemented an internet blackout within four hours of the first bombs.

They also discuss how threat actors are using AI. It’s not game-changing so far, but it is very much altering the balance between attack and defence.

This episode is also available on Youtube.

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now!
• The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers
• So long Maddhu Gottumukkala, but CISA’s annus horribilis continues
• Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat
• ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience

This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes!

This episode is also available on Youtube.

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle.

In this edition of Between Two Nerds Tom Uren and The Grugq how the use of cyber operations in the war in Ukraine has evolved over time.

This episode is also available on Youtube.

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet.