Podcasts

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• Somehow there are still more Ivanti and Fortinet exploits
• Volt Typhoon have been at it for years
• Starlink in Ukraine gets complicated
• Canadians hate poor Flipper
• Much, much more…

In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about:

• Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action
• How vendors are using Greynoise as an early warning system to identify exploitation of their products
• How he’s using large language models to reverse exploitation attempts into actual exploits

It truly is a great conversation, we hope you enjoy it!

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict.

They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

• Thought eels were slippery? Check out AnyDesk’s PR!
• Why Microsoft’s 365 is a nightmare to secure
• Cloudflare’s needlessly hostile blog post
• US Government introduces “Disneyland ban” for spyware peddlers
• Much, much more…

This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles.

This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!