Risky Business News Podcast

Chris Krebs resigns from SentinelOne and vows to fight, the Thai army and police doxed pro-democracy dissidents, CISA extends MITRE’s CVE contract, and Apple patches two iOS zero-days.

Tom Uren and Patrick Gray discuss Trump’s order singling out Chris Krebs, former head of CISA, that requires investigations into Krebs and also punishes his employer. It is a move deliberately designed to chill dissent and they look at what the cyber security industry will likely do in response, which is probably not much.

The pair also discuss what is being interpreted as an admission that Chinese senior leadership is behind the Volt Typhoon hacking of US critical infrastructure.

This episode is also available on Youtube.

MITRE corporation says funding cuts will impact the CVE database, China accuses NSA employees of an Asian Winter Games hack, a ransomware attack disrupts dialysis clinics, the CA/Browser Forum will limit TLS certificate lifetime to 47 days, and 4chan gets hacked.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of global critical infrastructure. One common example is submarine cables, which are globally important but are vulnerable because they are hard to defend. But what about services from tech giants? Are they global critical infrastructure?

This episode is also available on Youtube.

China privately admits to hacking American critical infrastructure, the US Treasury was compromised by password spraying, America will sign a global spyware agreement after all, and a Chinese APT is abusing the Windows Sandbox to hide its malware.

In this Risky Bulletin sponsor interview David Cottingham and Peter Baussman, Airlock Digital’s CEO and CTO, talk to Tom Uren about a new Australian Cyber Security Centre guidance about building defensible networks. The pair cover what they like about the document and where it could be improved.

Trump orders investigation into former CISA director Chris Krebs, the US DOJ disbands its crypto crime team, NSO hires a new lobby team, and researchers raise the alarm on something called “slopsquatting”.

Tom Uren and Patrick Gray discuss Trump’s recent firing of General Timothy Haugh, the head of NSA and Cyber Command. Tom dives into the implications and thinks why this is not good news for the agencies.

They also discuss Europe losing faith in the US intelligence commitments that underpin transatlantic data flows. That would be bad news for US tech companies.

This episode is also available on Youtube.

Hackers leak data from a major Russian bulletproof hosting provider, Australia deregisters 95 companies linked to cyber scams, the US Treasury gets hacked again, and Meta expands “teen accounts” to Facebook and Facebook Messenger.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of ‘false scarcities’ in cyber security. Are bugs and talent rare? Or is our thinking blinkered?

This episode is also available on Youtube.