Podcasts

News, analysis and commentary

Srsly Risky Biz: Why Iran is a scaredy cat cyber chicken

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Patrick Gray discuss warnings about Iranian cyber attacks on US critical infrastructure. Despite many many warnings, there have been no actual attacks and they discuss the reasons why Iran would want to avoid escalatory cyber attacks.

They also talk about how the FBI is struggling to deal with the democratisation of surveillance and data analysis, what the agency calls Ubiquitous Technical Surveillance (UTS). A Department of Justice audit of the FBI’s response finds the threat from UTS is real and that sources have been murdered. But it seems that the FBI just doesn’t care.

This episode is also available on Youtube.

Srsly Risky Biz: Why Iran is a scaredy cat cyber chicken
0:00 / 17:27

Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • Australian airline Qantas looks like it got a Scattered Spider-ing
  • Microsoft works towards blunting the next CrowdStrike disaster
  • Changes are coming for Microsoft’s default enterprise app consenting setup
  • Synology downplays hardcoded passwords for its M365 cloud backup agent
  • The next Citrix Netscaler memory disclosure looks nasty
  • Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses

This week’s episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments.

This episode is also available on Youtube.

Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses
0:00 / 62:19

Risky Bulletin: The US sanctions another Russian bulletproof hosting provider

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

The US sanctions another Russian bulletproof hosting provider, the International Criminal Court discloses a security breach, the US dismantles 29 North Korean laptop farms, and a Chinese student gets jailed in the UK for SMS blasting.

Risky Bulletin: The US sanctions another Russian bulletproof hosting provider
0:00 / 6:39

Between Two Nerds: Microsoft embraces digital sovereignty

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Microsoft has embraced digital sovereignty and is bending over backwards to satisfy European tech supply chain concerns.

This episode is also available on Youtube.

Between Two Nerds: Microsoft embraces digital sovereignty
0:00 / 22:13

Risky Bulletin: Scattered Spider targets the aviation sector

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

The Scattered Spider group targets the aviation sector, Russia throttles traffic from Cloudflare, a Mexican cartel hired hackers to track an FBI official, and Canada tells Hikvision to cease operations.

Risky Bulletin: Scattered Spider targets the aviation sector
0:00 / 8:31

Sponsored: Why Linux is the dark matter of the internet

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

In this Risky Bulletin sponsor interview Craig Rowland, CEO of Sandfly Security, talks to Tom Uren about the disconnect between how important Linux systems are and how much security attention they get. The pair discuss the variety of reasons that security teams underinvest in protecting Linux.

Sponsored: Why Linux is the dark matter of the internet
0:00 / 17:08

Risky Bulletin: Phishers abuse forgotten Direct Send feature

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

A phishing group abuses a forgotten Exchange Online feature, a patient’s death is linked to the Synnovis ransomware attack, France arrests the BreachForums leadership, and Microsoft offers free Windows 10 Extended Security Updates … with a catch.

Risky Bulletin: Phishers abuse forgotten Direct Send feature
0:00 / 7:35

Srsly Risky Biz: Comparing Chinese and American 0day pipelines

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines. The US is narrowly focussed on acquiring exquisitely stealthy and reliable exploits, while China casts a far broader net. That was fine in the past, but as 0days get harder and harder to find, the report argues that the US needs to change the way it goes about getting them.

The pair also talk about Cyber Command supporting the US bomb strikes against Iranian nuclear facilities. We like to believe in magic cyber capabilities, but we suspect the truth was far more mundane in this case.

This episode is also available on Youtube.

Srsly Risky Biz: Comparing Chinese and American 0day pipelines
0:00 / 16:46

Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • We roll our eyes over the “16 billion credentials” leak hitting mainstream news
  • Some interesting cyber angles emerge from the conflict in Iran
  • Opensource maintainer of libxml2 is fed up with this hacker crap
  • Shockingly, there are yet more ways to trick people into pasting commands into Windows
  • Veeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC

This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper.

This episode is also available on Youtube.

Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators
0:00 / 62:16

Risky Bulletin: Hackers breach Norwegian dam, open valve at full capacity

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Hackers fully open a valve at a Norwegian dam, the US house bans WhatsApp on staff devices, Russia wants to build a national IMEI database, and four REvil members are released after time served.

Risky Bulletin: Hackers breach Norwegian dam, open valve at full capacity
0:00 / 6:42