Podcasts

In this podcast Patrick Gray and Tom Uren talk about a new report examining how the US intelligence communities uses data it buys. It finds that data you can buy now rivals or exceeds what intelligence agencies can collect, but the IC overall doesn’t treat the data with the sensitivity and care that it deserves. Fixing IC policy is one thing, but that won’t help at all with foreign adversaries or even local US law enforcement. US needs good data privacy law that cleans up the whole field.

They also look at new research that examines how lawyers’ incentives to protect clients mean that incident response is hamstrung when it comes to discovering root causes and learning lessons.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Fortinet 0day Groundhog Day
• CISA’s new binding directive on exposed management interfaces
• Confirmed: US intelligence buying commercially available data
• MOVEit drama rolls on
• Much, much more

This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the elements that make them think an operation is state-backed.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about why China and Russia are increasingly outing US cyber espionage operations and what they hope to get out of it. They also discuss a new documentary that reveals more information about some of ASD’s offensive cyber operations and and also looks at how the organisation helped track down the Bali bombers.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Russia’s FSB uncovers “NSA malware” on iPhones
• Cl0p mass harvests data from MOVEit file transfer servers
• ASD discloses a bunch of operations against ISIS, criminals
• Why China’s prepositioning is probably… prepositioning
• Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different cyber powers leverage companies through coercive power, regulation and the attraction of values.