Risky Bulletin Podcast feed

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far.

Cambodia prepares harsher prison terms for scam compound operators, an Italian museum moves valuables into a bank vault after a cyberattack, hackers exploit a bug in Vite-based apps and sites, and a supply chain attack hits an e-learning platform.

In this Risky Business sponsored interview, James Wilson chats with Airlock Digital co-founders, David Cottingham and Daniel Schell, about how they’re moving up the stack from file-based allowlisting to application-based allowlisting. David and Daniel explain how they’re making a seamless and quite logical move into application allowlisting, but with a new take on the technique.

Russia wants to revoke small ISP licenses, a cyberattack has disrupted access to US newspaper archives, Node.js pauses bug bounty program after its funding lapses and Apple backports patches for DarkSword.

Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command.

They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti.

This episode is also available on Youtube.

Iranian password spraying targets Israel ahead of missile strikes, a major npm package gets hacked, Iran says it will bomb US tech firms in the Middle East, and Flint24 hackers are sentenced to prison in Russia.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed!

This episode is also available on Youtube.

Apple adds a ClickFix warning to macOS, Handala hacks Kash Patel’s personal email, Balancer crypto platform shuts down after last year’s hack, and the EU proposes a ban on AI nudify apps.

In this Risky Business sponsored interview, James Wilson chats with Adam Pointon, CEO of Knocknoc, about how AI is making old school security controls and paradigms like deny-by-default cool again.

Today, patches are being reversed by AI systems into exploits in a matter of hours. The days of being able to rely on timely patching as a primary control are over. James talks to Adam about this new reality and how Knocknoc can help.

Russia will use a custom crypto-algorithm for its 5G network, the Hungarian opposition accuses the government of using spyware, Kaspersky says it tied Coruna to the “Operation Triangulation” attacks, and malware was deployed on thousands of Luxembourg government phones.