Podcasts

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies.

This episode is also available on Youtube.

Japan passes a new active cyber defense law, printer software gets shipped with malware, a UK telco leaks user data and geolocation via its 4G network, and Volkswagen patches major bugs in its mobile app.

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem.

Coinbase was extorted by hackers who bribed employees for user data, America’s largest steel producer halts production after a cyberattack, Scattered Spider shifts to targeting US retailers, and the US abandons plans to protect Americans from data brokers.

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.

There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?

This is a fun one!

This episode is also available on Youtube.

In this special edition of the Seriously Risky Business podcast Patrick Gray speaks with former NSA Cybersecurity Director Rob Joyce and former director of the CIA’s Center for Cyber Intelligence Andy Boyd.

The talk about what offensive cyber could look like under Trump 2.0, and the shake-up the intelligence community is going through under various White House initiatives.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
• The ransomware ecosystem is finding life a bit tough lately
• SAP Netweaver bug being used by Chinese APT crew
• Academics keep just keep finding CPU side-channel attacks
• And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?

This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future.

This episode is also available on Youtube.

The EU launches its own vulnerability database, a Turkish APT deploys a zero-day in Iraq, North Korea tasks an APT to Ukraine, and Spain will probe cyber’s role in last month’s energy grid collapse.

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether the US should steal intellectual property from Chinese companies.

This episode is also available on Youtube.

The Kaleidoscope ad fraud network infects 2.5 million devices a month, Germany seizes the eXch crypto-mixing service, the US takes down the Anyproxy botnet, and Chrome will use on-device AI to detect tech support scams.