Podcasts

This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including:

• The ongoing Ascension healthcare disruption, and
• Whether its reasonable for healthcare orgs to be pushing back
• Platforming cybercriminals for interviews
• Own the libs by… not using E2EE messaging?
• CISA’s secure by design, we want to believe!
• The $64billion scale of indusrialised fraud
• And much, much more.

This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

The regular two nerds have the week off, but the former Director of the CIA’s Center for Cyber Intelligence Andy Boyd joins Patrick Gray for a rollicking conversation in front of a live audience in San Francisco. Grugq and Tom return next week!

In this Risky Business News sponsored interview, Adam Boileau talks to Okta’s Cassio Sampaio about how cloud-native applications can move authorisation into a centralised model. This brings real benefits for consistency, control and auditing in distributed applications, beyond just the authentication part Okta is normally known for.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this podcast Tom Uren and Adam Boileau talk about how Microsoft’s reprioritisation of security after recent breaches and a scathing CSRB report seem to be influencing other companies. They are now touting their security chops, so could it be that security is actually becoming a competitive advantage?

They also talk about law enforcement trying to make life difficult for the LockBit ringleader and how the Change Healthcare disaster had deeper underlying causes beyond “no MFA on Citrix”.

Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including:

• The west doxxes LockbitSupp, who must now hide his hundred million dollars
• Revil hacker behind Kasaya breach gets 14 years
• Microsoft makes some positive sounding* noises on security
• A fun flaw in nearly all VPN clients
• Gitlab admins continue their never-ending incident response
• And much, much more.

This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data.

* we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different types of secrecy obsessed organisations learn.

The Grugq mentions the book Mafia Organisations: The Visible Hand of Criminal Enterprise by Maurizio Catino.