Risky Bulletin Podcast feed

Russia deployed wipers against Poland’s energy grid, Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder-for-hire portal, and the EU creates a new anti-spyware group.

A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days.

Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise.

They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command.

This episode is also available on Youtube.

Canonical’s Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept.

This episode is also available on Youtube.

Germany seeks more hacking and surveillance powers for its intelligence service, Finland intends to criminalize the spreading of false information, patriotic “French” social media goes quiet during Iran’s internet outage, and hackers are extorting GrubHub.

In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains.

In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you’ve got problems. Bloodhound’s OpenGraph lets you find and fix these otherwise invisible attack paths.

China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet.

Tom Uren and Amberleigh Jack talk about the Chinese government’s reactive approach to tackling scam compounds. It’s driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans.

They also discuss the role of disruptive cyber operations in the US’s raid to capture Venezuelan President Nicolás Maduro.

This episode is also available on Youtube.

Russia fines 33 telcos for surveillance non-compliance, AVCheck admin is arrested in Amsterdam, Poland repels an attack on its power grid, and voice cloning defenses can be bypassed.