Risky Business News Podcast

An npm supply chain attack uses AI to steal credentials and crypto-wallet keys, Google establishes a cyber disruption unit, a ransomware attack disrupts more than 200 Swedish municipalities, and Salt Typhoon hacks have now hit more than 80 countries.

Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won’t pass, but letting hackers loose on industrial-scale scam farms actually makes sense.

They also talk about Microsoft’s blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China’s security interests are not compatible with Microsoft’s.

This episode is also available on Youtube.

The FCC removes 1,200 voice providers from the US phone network, a cyberattack shuts down Nevada’s state government services; hackers breach Salesloft and pivot into Salesforce accounts, and Citrix patches yet another zero-day.

In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish.

This episode is also available on Youtube.

Hackers sabotage Iranian ships for a second time this year, mass cybercrime arrests across Africa, South Korea extradites a Chinese man behind celebrity hacks, and a French supermarket chain discloses a data breach.

In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta’s VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it.

Microsoft restricts Chinese firms’ access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE.

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country’s invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy.

They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order.

This episode is also available on Youtube.

Almost 500 child sextortion cases have been linked to scam compounds, Oracle’s CSO departs after 37 years, Europol offers a reward for the Qilin ransomware group, and the UK drops its demand for an Apple backdoor.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture.

This episode is also available on Youtube.