Podcasts

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:

• Automated, AI-powered threat hunting with Nebulock

Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.

• Runtime security for hypervisors from Vali Cyber

Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments.

• A secure mobile telco: Cape

The only thing American cell providers love more than providing patchy coverage is getting their customers’ data owned. Cape is here to change that. It’s a security and anonymity-focussed virtual mobile network operator (MVNO) that’s been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce.

This episode is also available on Youtube

A new APT group turns out to be a phishing test, Qantas cuts executives’ bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites.

In this sponsored interview Casey Ellis chats with Keith Hoodlet from Trail of Bits. Keith is Trail of Bits’ director of engineering for AI, machine learning and application security and he joined Casey to talk about why prompt injection attack techniques that target AI are an unsolvable problem.

A cyberattack disrupts Bridgestone tyre factories in North America, a new infostealer takes your photo while you watch porn, bad certificates for Cloudflare infrastructure went undetected for more than a year, and Brazil deals with another payment system hack.

Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It’s a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace.

They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That’s a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government.

And it turns out that Apple’s dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The Salesloft breach and why OAuth soup is a problem
• The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed
• Google says it will stand up a “disruption unit”
• Microsoft writes up a ransomware gang that’s all-in on the cloud future
• Aussie firm hot-mics its work-from-home employees’ laptops
• Youtube scam baiters help the feds take down a fraud ring

This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please!

This episode is also available on Youtube.

Two YouTube channels help dismantle a Chinese scam operation, Cloudflare, Zscaler, and Palo Alto disclose Salesloft-related breaches, a ransomware attack disrupts vehicle production at Jaguar Land Rover, and we have a new record DDoS attack.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have.

This episode is also available on Youtube.

FEMA’s IT staff fired over an alleged breach, WhatsApp patches a zero-day, the Salesloft breach impacted more than just Salesforce, and a scammer steals $1.5 million dollars from the city of Baltimore.

In this sponsored interview Casey Ellis chats with Push Security co-founder Jacques Louw. Push’s browser plugin gives a unique level of visibility into how users interact with the web and the attacks they face. Jacques talks through what they’re seeing, and their recently published taxonomy of phishing attacks. It’s on Github for everyone to contribute to!