Podcasts

In this podcast Patrick Gray and Tom Uren talk about how different states are transgressing what we want to be norms of online behaviour. They also look at the framing around new bipartisan privacy legislation and why vendors should have positive security obligations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Ransomware: down but not out
• Zero day prices on the rise…
• … and what it means for enterprise software
• Geopolitical conflict comes to computers in Palau
• Ukraine cyber chief Illia Vitiuk suspended
• More x86 microarchitectural bad times
• And much much more

Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the tradecraft used in the compromise of the XZ open source data compression project.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder Andrew Morris about last year’s vulnerability exploitation trends, how the company’s AI system works, and Catalin makes a fool of himself because he can’t pronounce ‘abnormalities.’

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this edition of Snake Oilers you’ll hear pitches from three companies:

• Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.)
• ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte
• Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the weighty tome of CISA’s critical infrastructure reporting legislation, CIRCIA, and compare different approaches to defining regulation.

They also look at moves to better protect customers from being tracked by the telco protocol Signalling System 7.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• The SSH backdoor that dreams (or nightmares) are made of
• Microsoft gets a solid spanking from the CSRB
• Ukraine uses an old Russian WinRAR bug to hack Russia
• Push-notifications and social-engineering combined-arms vs Apple
• And much, much more.

We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.

This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.