Videos

Tom Uren and Patrick Gray talk about how Telegram took down the two largest ever criminal marketplaces recently. They used Telegram for all their communications and had collectively sold over USD$30 billion in illicit products. The pair discuss why Telegram is now cooperating with authorities after historically being reluctant and whether this assistance will continue.

They also discuss how Meta is awash with scam advertisements and how Chinese mobile app encryption is suspiciously awful.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• TeleMessage memory dumps show up on DDoSecrets
• Coinbase contractor bribed to hand over user data
• Telegram does seem to be actually cooperating with law enforcement
• Britain’s legal aid service gets 15 years worth of applicant data stolen
• Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library

This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!…

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies.

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it….

In this special edition of the Seriously Risky Business podcast Patrick Gray speaks with former NSA Cybersecurity Director Rob Joyce and former director of the CIA’s Center for Cyber Intelligence Andy Boyd.

The talk about what offensive cyber could look like under Trump 2.0, and the shake-up the intelligence community is going through under various White House initiatives.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
• The ransomware ecosystem is finding life a bit tough lately
• SAP Netweaver bug being used by Chinese APT crew
• Academics keep just keep finding CPU side-channel attacks
• And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?

This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. …

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether the US should steal intellectual property from Chinese companies.

In this edition of the Wide World of Cyber podcast Patrick Gray talks to SentinelOne’s Steve Stone and Alex Stamos about how foreign adversaries are targeting security vendors, including them.

From North Korean IT workers to Chinese supply chain attacks, SentinelOne and its competitors are constantly fending off sophisticated hacking campaigns.

This edition of the Wide World of Cyber was recorded in front of a live audience in San Francisco, with Patrick attending via Zoom.

The Wide World of Cyber podcast series is a wholly sponsored co-production between SentinelOne and Risky Business Media.

Tom Uren and Patrick Gray talk about how the US is planning to take the gloves off in cyberspace and conduct much more aggressive offensive cyber operations. US responses to cyber espionage have not been very aggressive to date, but Tom is not convinced that cyber punches are required, so much as blows that really hurt.

The pair also discuss TeleMessage, the Signal clone the Trump cabinet has been using. The app managed to sidestep certification and assessment processes and ended up being used by various agencies in the US government. And the White House. It’s a mystery how this happened.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow.
• Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad
• After six years dormant, a Magento eCommerce platform backdoor comes to life
• The North Korean IT worker scam is truly webscale
• NSO group owes Meta $168m for hacking WhatsApp

This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars?…