Risky Bulletin Podcast feed

The FCC removes 1,200 voice providers from the US phone network, a cyberattack shuts down Nevada’s state government services; hackers breach Salesloft and pivot into Salesforce accounts, and Citrix patches yet another zero-day.

In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish.

This episode is also available on Youtube.

Hackers sabotage Iranian ships for a second time this year, mass cybercrime arrests across Africa, South Korea extradites a Chinese man behind celebrity hacks, and a French supermarket chain discloses a data breach.

In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta’s VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it.

Microsoft restricts Chinese firms’ access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE.

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country’s invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy.

They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order.

This episode is also available on Youtube.

Almost 500 child sextortion cases have been linked to scam compounds, Oracle’s CSO departs after 37 years, Europol offers a reward for the Qilin ransomware group, and the UK drops its demand for an Apple backdoor.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture.

This episode is also available on Youtube.

Academics develop a 5G downgrade attack, ransomware hits car salvage yards across North America, multiple VPN apps share the same hardcoded password, and Bangladesh spent $190 million on hacking and surveillance tools.

An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments.