Podcasts

In this Risky Business News sponsored interview, Tom Uren talks to CEO and founder of Socket, Feross Aboukhadijeh about the open source software and supply chain security. Feross says the software ecosystem has evolved in ways that make it more vulnerable to trust-based attacks (such as seen in XZ Utils) and discusses what can be done to defend against this type of supply chain subversion.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Patrick Gray. You can find the newsletter version of this podcast here.

In this podcast Adam Boileau and Tom Uren talk about what there is to learn from Mandiant’s report into the GRU Sandworm crew. Are the Russians a model for other actors, or just a get-‘er-done bunch of pragmatists?

They also talk about an attempt to build a World Cybercrime Index, assessing different national cybercrime specialisations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

In this Risky Business News sponsored interview, Tom Uren talks to Dan Guido, the CEO of security research company Trail of Bits. Dan and Tom discuss DARPA’s upcoming AI cyber challenge, in which Trail of Bits will compete to solve very difficult bug discovery challenges. They also talk about Trail of Bits’ approach to making some of its own tools available to the community.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read today by Patrick Gray, as Claire Aird is unwell.

You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how open source software is inherently vulnerable to malicious ‘good samaritan’ attacks and what to do about it.

They also talk about a recent breach at data analytics company Sisense, how dependency on Microsoft is a strategic risk, and US Cyber Command’s view of the world.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Palo Alto’s firewalls have a ../ bad day
• Sisense’s bucket full of creds gets kicked over
• United Healthcare draws the ire of congress
• FISA 702 reauthorisation finally moves forward
• Apple warns about “mercenary exploitation” but what’s the India link?
• And much, much, more

This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.