Podcasts

France runs a phishing test on 2 and a half million students, Google fixes a Chrome zero-day abused for espionage, China publishes new facial recognition rules, and the DragonForce ransomware group hacks two rivals.

Tom Uren and Patrick Gray discuss how the Signalgate messages betray an alarming lack of security nous at the highest levels of the US natsec leadership. It’s head-scratchingly bad.

They also discuss the possibility the Trump Administration will reconstitute the CSRB. The Board wasn’t perfect, but in our view it is better to get it started again rather than waiting for reviews to determine its perfect form.

This episode is also available on Youtube.

In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls.

Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers??

You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure.

Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group
• The Github actions hack is smaller than we thought, but was targeting crypto
• Remote code exec in Kubernetes, ouch
• Oracle denies its cloud got owned, but that sure does look like customer keymat
• Taiwanese hardware maker Clevo packs its private keys into bios update zip
• US Treasury un-sanctions Tornado Cash, party time in Pyongyang?

This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam.

This episode is also available on Youtube.

Ukraine’s state railway hit by a cyberattack, a ransomware attack reduces Malaysia’s largest airport to writing flight details on a whiteboard, buggy exploits put DrayTek routers in a reboot loop, and the NIST CVE backlog grows bigger despite efforts to address it.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why people studying cyber operations are fascinated by 0days. These are vulnerabilities or exploits that have been found in a system before the vendor or manufacturer is made aware of them and so therefore no fix exists.

This episode is also available on Youtube.

The US removes Tornado Cash sanctions, the White House shifts cyber responsibility to state and local governments, a Michigan football coach is indicted for hacking, and Google sues a Maps scam syndicate.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh goes over recent trends in email badness, such as the increase in QR code abuse and the rise of SVG smuggling.

Hacktivists sabotage over 100 Iranian ships, Iran calls out China for hacking, six new Paragon customers come to light, and North Korea creates a new cyber unit.

Tom Uren and Patrick Gray discuss how China’s Ministry of State Security is increasingly doxxing and threatening Taiwanese APT operators. In some ways this mirrors the US strategy of naming and shaming Chinese cyber operators in indictments that contain lots of supporting information. But although MSS statements are filled with propaganda rather than technical detail, naming Taiwanese military hackers has some bite.

They also discuss Russia’s ‘shadow war’ sabotage campaign across Europe. The Russian campaign mostly relies on traditional sabotage and finding local proxies to throw bombs. But it does make sense for Western governments to respond with destructive cyber operations.

This episode is also available on Youtube.