Podcasts

Hackers sabotage Iranian ships for a second time this year, mass cybercrime arrests across Africa, South Korea extradites a Chinese man behind celebrity hacks, and a French supermarket chain discloses a data breach.

In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta’s VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it.

Microsoft restricts Chinese firms’ access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE.

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country’s invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy.

They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Oracle’s long term CSO departs, and we’re not that sad about it
• Canada’s House of Commons gets popped through a Microsoft bug
• Russia degrades voice calls via Whatsapp and Telegram to push people towards Max
• South-East Asian scam compounds are also behind child sextortion
• Reports that the UK has backed down on Apple crypto are… strange
• Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!

This episode is also available on Youtube.

Almost 500 child sextortion cases have been linked to scam compounds, Oracle’s CSO departs after 37 years, Europol offers a reward for the Qilin ransomware group, and the UK drops its demand for an Apple backdoor.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture.

This episode is also available on Youtube.

Academics develop a 5G downgrade attack, ransomware hits car salvage yards across North America, multiple VPN apps share the same hardcoded password, and Bangladesh spent $190 million on hacking and surveillance tools.

An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments.

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.