Podcasts

On this week’s show Patrick and Adam discuss the week’s security news, including:

• FVEY protests China’s widespread hacking of western politicians
• China bans western CPUs, Windows and databases
• Apple’s leaky M-chip prefetcher
• Nigeria holds ex-IRS investigator hostage in Binance stoush
• Researchers bring Rowhammer to AMD Zen and DDR5
• And much, much more.

This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh describes how Sublime implemented the concept of attack surface reduction to email security last year, how it works, and what customers are saying about it.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick.

They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Turns out AI is still bad code review after all,
• Mintlify loses a bunch of Github tokens,
• Everything old is new again with the UDP loop DoS,
• Know-your-(recon satellite)-customer is hard,
• Microsoft takes away Russia’s powershell, solving living off the land,
• And much, much more

This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.