Risky Bulletin Podcast feed

Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela’s state-owned oil company, and hackers are trying to extort PornHub with stolen user data.

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Hamid Kashfi, CEO and founder of DarkCell, talk about the Iranian cyber espionage scene.

Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities.

This episode is available on Youtube.

Russia is hiring African freelancers for disinformation campaigns, the US is preparing to let contractors run offensive cyber operations, Germany blames Russia for the hack of its air traffic control agency, and Apple patches two WebKit zero-days.

In this sponsored interview Casey Ellis is joined by Push Security’s Field CTO, Mark Orlando. They chat about the ways that browser-based attacks are evolving and how Push Security is finding and cataloging them.

The EU has a problem attracting and retaining cyber talent, the CEO of Coupang resigns following the company’s security breach, Microsoft expands its bug bounty program to cover third party code, and Chrome and Gogs patch zero-days.

Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Criminal Court prepares for cyber-enabled genocide, and Cambodia busts a warehouse full of SMS blasters.

APTs go after the React2Shell vulnerability just hours after public disclosure. CISA remains without a director after the nomination stalls again, NSA is down 2,000 staff this year, and Intellexa is still active despite sanctions.

Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations.

They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.

And finally, we are not reassured by China’s white paper about being a good cyber citizen.

This episode is also available of Youtube.

In this edition of Between Two Nerds Tom Uren and The Grugq wonder whether it is possible to deter states from cyber espionage with doxxing and other disruption measures.

This episode is also available on Youtube.

In this Risky Business News sponsor interview, Mike Lashlee, CSO of Mastercard talks to Tom Uren about why the company got into threat intelligence.

Mike talks about bringing together payments insights with threat intel to get strong signals about fraud or crime, the benefits of international collaboration and when it makes sense for your CSO to also be the CISO.