Podcasts

News, analysis and commentary

Between Two Nerds: Why hackers and spies don't mix

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies.

This episode is also available on Youtube.

Between Two Nerds: Why hackers and spies don't mix
0:00 / 28:35

Risky Bulletin: Japan passes active cyber defense law

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Patrick Gray
Patrick Gray

CEO and Publisher

Japan passes a new active cyber defense law, printer software gets shipped with malware, a UK telco leaks user data and geolocation via its 4G network, and Volkswagen patches major bugs in its mobile app.

Risky Bulletin: Japan passes active cyber defense law
0:00 / 6:20

Sponsored: Securing identity is like building a house while blindfolded

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem.

Sponsored: Securing identity is like building a house while blindfolded
0:00 / 15:50

Risky Bulletin: Coinbase reveals insider breach, extortion attempt

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Coinbase was extorted by hackers who bribed employees for user data, America’s largest steel producer halts production after a cyberattack, Scattered Spider shifts to targeting US retailers, and the US abandons plans to protect Americans from data brokers.

Risky Bulletin: Coinbase reveals insider breach, extortion attempt
0:00 / 7:41

Risky Biz Soap Box: Push Security's browser-first twist on identity security

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.

There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?

This is a fun one!

This episode is also available on Youtube.

Risky Biz Soap Box: Push Security's browser-first twist on identity security
0:00 / 34:24

Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this special edition of the Seriously Risky Business podcast Patrick Gray speaks with former NSA Cybersecurity Director Rob Joyce and former director of the CIA’s Center for Cyber Intelligence Andy Boyd.

The talk about what offensive cyber could look like under Trump 2.0, and the shake-up the intelligence community is going through under various White House initiatives.

This episode is also available on Youtube.

Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber
0:00 / 43:03

Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
  • The ransomware ecosystem is finding life a bit tough lately
  • SAP Netweaver bug being used by Chinese APT crew
  • Academics keep just keep finding CPU side-channel attacks
  • And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?

This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future.

This episode is also available on Youtube.

Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys
0:00 / 57:52

Risky Bulletin: EU launches its own vulnerability database

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

The EU launches its own vulnerability database, a Turkish APT deploys a zero-day in Iraq, North Korea tasks an APT to Ukraine, and Spain will probe cyber’s role in last month’s energy grid collapse.

Risky Bulletin: EU launches its own vulnerability database
0:00 / 6:49

Between Two Nerds: Should US spies steal Chinese commercial secrets?

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether the US should steal intellectual property from Chinese companies.

This episode is also available on Youtube.

Between Two Nerds: Should US spies steal Chinese commercial secrets?
0:00 / 32:25

Risky Bulletin: Kaleidoscope ad fraud network infects 2.5m devices a month

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

The Kaleidoscope ad fraud network infects 2.5 million devices a month, Germany seizes the eXch crypto-mixing service, the US takes down the Anyproxy botnet, and Chrome will use on-device AI to detect tech support scams.

Risky Bulletin: Kaleidoscope ad fraud network infects 2.5m devices a month
0:00 / 5:50