Podcasts

Russian companies must migrate to domestic ERP systems; A Thai hospital gets fined over the the dumbest data breach ever; Ohio’s public sector will have to approve ransom payments in public; …and Chanel and Cisco disclose data breaches.

In this edition of Between Two Nerds Tom Uren and The Grugq dissect the Belarusian Cyber Partisans hack of Russian airline Aeroflot. Despite the short-term impact, the airline will likely bounce back quite quickly. But it is still a big win for the Cyber Partisans.

This episode is also available on Youtube.

China accuses the US of new cyberattacks, a $14.5b crypto hack discovered five years later, the US National Cyber Director is named, and Lovense considers legal action over a security flaw disclosure.

In this week’s sponsor interview, Tines’ Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they’ve seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover?

In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices.

This episode is also available on Youtube.

Russia spies on local embassies via ISPs, a Canadian man jailed for stealing Internet Apes, Signal threatens to leave Australia, and Russian pharmacies go down after a cyberattack.

Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn’t deter Chinese hackers, so it is time to try something different.

They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Did the SharePoint bug leak out of the Microsoft MAPP program?
• Expel retracts its FIDO bypass writeup
• The mess surrounding the women-only dating-safety app Tea gets worse
• Broadcom customers struggle to get patches for VMWare hypervisor escapes
• Aeroflot gets hacked by the Cyber Partisans, disrupting flights

This week’s episode is sponsored by Push Security. Daniel Cuthbert joins and explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future.

This episode is also available on Youtube.

Russia’s national airline cancels more than 100 flights following a cyberattack, the FBI seizes $2.4 million from the Chaos ransomware, Kazakhstan arrests a ransomware suspect, and Kyrgyzstan nationalizes internet access.

Microsoft investigates a MAPP leak as the source of the SharePoint zero-day, US law enforcement takes down the BlackSuit ransomware portal, an Arizona woman is imprisoned for running a North Korean laptop farm, and Allianz life insurance suffers a security breach.