Risky Bulletin Podcast feed

RubyGems disables sign-ups after an attack on staff, Instructure paid the ransom, the Gentlemen ransomware operation gets hacked, and another major supply chain attack on npm (yawn).

In this edition of Between Two Nerds Tom Uren and The Grugq discuss why it makes even more sense for criminal organisations to adopt AI as compared to regular businesses.

This episode is also available on YouTube.

The FCC relaxes its foreign router ban to allow for security updates, the ShinyHunters group disrupts schools across the globe, a 21-year-old remote code execution bug turns up in FreeBSD, and another Linux privilege escalation bug was disclosed… without a patch.

In this sponsored interview Patrick Gray chats with Knocknoc CEO Adam Pointon about their Greynoise integration.

Knocknoc allowlists network connections from users’ IPs after they’ve been through an SSO challenge. It’s great for protecting vulnerable or risky assets that your org has to connect to the internet. But what happens when one of your users tries to authenticate from a bad IP? You probably don’t want to add that one to your allowlist!

Thanks to Knocknoc’s new Greynoise integration, you don’t have to!

Palo Alto Networks patches a firewall zero-day, Google patches an Android remote takeover bug, Ivanti also patches one, and a leak exposes Russia’s spy and hacker school.

Tom Uren and James Wilson talk about the sudden drive to put regulation around the releases of new AI models because of their cyber security implications. A standardised approach is desirable, but clamping down too hard won’t achieve as much as might be hoped. Experts with older or even open models can get just as far as novices with the latest models.

They also discuss Australia’s new Cyber Incident Review Board. It has been hamstrung and won’t be as successful as it could be because it can’t assign blame.

This episode is also available on YouTube

The DAEMON Tools website was hit in a targeted supply chain attack, Australia gets its own CSRB, the US arrests a wanted VOIP server hacker after 17 years, and Oracle switches to monthly security updates.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the breakdown of cyber norms. What would have been an unthinkable cyber operation just a few years ago is now a regular occurrence.

This episode is also available on YouTube.

DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong place.

In this sponsored interview, James Wilson talks with James Kettle and Daf Stuttard from PortSwigger about the incredible research James will unveil at Black Hat US this July, and how that research will be productised into Burp Suite. It shouldn’t be surprising that when James Kettle bolts an LLM into his research methodology that insanely dangerous things happen. This interview is a window into the future of AI-enabled hacking and security testing.

This interview is also available on YouTube.