Risky Bulletin Podcast feed

Cambodia promises to dismantle cyber scam compounds by April, CISA urges companies to adopt the OpenEoX standard, Linux gets post-quantum crypto support, and Palo Alto Networks avoids attributing an APT to China.

In this sponsored interview Casey Ellis chats to Tod Beardsley, VP of Security at RunZero about Kevology, the company’s analysis of CISA’s KEV list. Kevology lets you easily identify and fix vulnerabilities from the list that are urgent and relevant to you.

A Malware developer faked his own death to evade the FBI, Apple patches a zero-day used in a targeted attack, the Tianfu Cup quietly returns, and researchers spot the first malicious Outlook add-in.

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products.

They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations.

Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought.

This episode is also available on Youtube.

China has breached all of Singapore’s major telcos, Microsoft announces two new security features, a hacktivist leaks data from a stalkerware provider, and researchers map out “GRU information warfare units” based on their insignia.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure.

This episode is also available on Youtube.

A software company gets hacked through vulnerabilities in its own product, European agencies are hacked via recent Ivanti zero-days, Senegal is being extorted by hackers, and a state actor is behind a Signal phishing campaign in Germany.

In this Risky Business sponsored interview, Tom Uren talks to Trail of Bits CEO Dan Guido about how Trail of Bits is reworking its business processes to take advantage of AI. Dan talks about what it takes to make AI agents reliable and trustworthy and how that will give the company an edge by making its work both better and faster.

Denmark recruits hackers for offensive cyber operations, CISA tells agencies to remove old edge devices, Coinbase has another insider breach, and Microsoft appoints a new security chief.

Tom Uren and Amberleigh Jack talk about Google’s cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please.

They also discuss SpaceX’s rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory.

This episode is also available on Youtube.