Podcasts

News, analysis and commentary

Risky Bulletin: Microsoft restricts Chinese firms’ access to MAPP

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Microsoft restricts Chinese firms’ access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE.

Risky Bulletin: Microsoft restricts Chinese firms’ access to MAPP
0:00 / 8:04

Srsly Risky Biz: Russian cyber security picked a side

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country’s invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy.

They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order.

This episode is also available on Youtube.

Srsly Risky Biz: Russian cyber security picked a side
0:00 / 19:17

Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • Oracle’s long term CSO departs, and we’re not that sad about it
  • Canada’s House of Commons gets popped through a Microsoft bug
  • Russia degrades voice calls via Whatsapp and Telegram to push people towards Max
  • South-East Asian scam compounds are also behind child sextortion
  • Reports that the UK has backed down on Apple crypto are… strange
  • Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!

This episode is also available on Youtube.

Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs
0:00 / 58:28

Risky Bulletin: Child sextortion cases linked to scam compounds

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Almost 500 child sextortion cases have been linked to scam compounds, Oracle’s CSO departs after 37 years, Europol offers a reward for the Qilin ransomware group, and the UK drops its demand for an Apple backdoor.

Risky Bulletin: Child sextortion cases linked to scam compounds
0:00 / 7:16

Between Two Nerds: Cyber myopia

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture.

This episode is also available on Youtube.

Between Two Nerds: Cyber myopia
0:00 / 26:21

Risky Bulletin: Academics pull off novel 5G attack

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Academics develop a 5G downgrade attack, ransomware hits car salvage yards across North America, multiple VPN apps share the same hardcoded password, and Bangladesh spent $190 million on hacking and surveillance tools.

Risky Bulletin: Academics pull off novel 5G attack
0:00 / 7:36

Risky Bulletin: HTTP2 flaw enables massive DDoS attacks

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments.

Risky Bulletin: HTTP2 flaw enables massive DDoS attacks
0:00 / 8:03

Risky Biz Soap Box: How to measure vulnerability reachability

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.

Risky Biz Soap Box: How to measure vulnerability reachability
0:00 / 35:48

Srsly Risky Biz: Drug cartels are the new APTs

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It’s about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years.

They also discuss Microsoft’s involvement in an Israeli surveillance system and the head of Australia’s security organisation’s blunt warning about espionage.

This episode is also available on Youtube.

Srsly Risky Biz: Drug cartels are the new APTs
0:00 / 16:41

Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • CISA warns about the path from on-prem Exchange to the cloud
  • Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are
  • Everyone and their dog seems to have a shell in US Federal Court information systems
  • Google pays $250k for a Chrome sandbox escape
  • Attackers use javascript in adult SVG files to … farm facebook likes?!
  • SonicWall says users aren’t getting hacked with an 0day… this time.

This week’s episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together.

This episode is also available on Youtube.

Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds
0:00 / 60:00