Risky Bulletin Podcast feed

Hackers breach eScan antivirus and distribute a backdoor, Google takes down the IPIDEA proxy botnet, most GDPR fines remain uncollected, and the Poland wiper attack hit 30 locations.

Tom Uren and Amberleigh Jack talk about the Pall Mall Process, an international effort to reign in abusive spyware. Tom thinks the US has already stumbled into a viable carrots and sticks style strategy that will shape the industry more than coming up with standards will.

The pair also discuss news that Chinese Salt Typhoon hackers compromised the calls of senior UK officials in Downing Street. The UK has extensive telecommunications security regulations and the incident makes us wonder what that legislation is actually good for.

This episode is also available on Youtube.

A cyberattack has crippled cars in Russia, Microsoft patches an Office zero-day, WhatsApp rolls out an account lockdown feature, and a handful of Chrome extensions steal ChatGPT auth tokens.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how getting pinged hurts state hackers by introducing uncertainty. Publishing technical reports on the hack can actually improve the situation by removing uncertainty about how attackers were detected.

This episode is also available on Youtube.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Luke Jennings, VP of Research & Development at Push Security, about ConsentFix. It’s a new form of email-based social engineering attack used in the wild, an evolution of the ClickFix attack that goes after your identity.

Russia deployed wipers against Poland’s energy grid, Microsoft shared BitLocker keys with the FBI, Romania dismantles a murder-for-hire portal, and the EU creates a new anti-spyware group.

A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days.

Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise.

They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command.

This episode is also available on Youtube.

Canonical’s Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept.

This episode is also available on Youtube.