Videos

NOTE: This is the news segment from this week’s podcast but the sponsor interview will only appear in the audio version due to a technical problem with that interview’s video recording. This is the same news segment though!

In this edition of the weekly Risky Business cybersecurity podcast Patrick Gray and Adam Boileau talk through:

• A Chinese APT wiretaps the Trump and Harris campaigns
• Operation Magnus snares infostealer operators and customers
• Crypto thieves return stolen funds to US government wallets
• Did Israel hack Iranian air defence?
• Delta finally sues CrowdStrike
• Much, much more…

In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including:

• A history of Thinkst Canary including a recap of what they actually do
• A look at why they’re still really the only major player in the deception game
• A look at what companies like Microsoft are doing with deception
• Why security startups should have conference booths

Find them at https://canary.tools/

In this podcast Tom Uren, Patrick Gray and Adam Boileau talk about an EU directive that will make vendors liable for software defects. The directive sets a very high bar but is also limited in scope. It only applies to individuals and doesn’t cover professional use so it is a very practical way to start changing expectations about liability.

They also talk about Session Messenger app which has decamped from Australia and set up a foundation in Switzerland. The encrypted and metadata-resistant app is catnip for criminals, so we expect that it is on a collision course with state power.

In this product demo, Material Security’s co-founder and CEO Abhishek Agrawal shows how the company’s platform works with M365 and Google Workspace. It can be used to find and automatically fix existing vulnerabilities, find new threats, and protect data even after a compromise has occurred.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The SEC fines tech firms for downplaying the Solarwinds hacks
• Anonymous Sudan still looks and quacks like a Russian duck
• Apple proposes max 10 day TLS certificate life
• Oopsie! Microsoft loses a bunch of cloud logs
• Veeam and Fortinet are bad and should feel bad
• North Koreans are good (at hacking)
• And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. …

In this podcast Tom Uren and Patrick Gray talk about the evolving relationship between Russian intelligence services and the country’s cybercriminals. The GRU’s sabotage unit, for example, has been recruiting crooks to build a destructive cyber capability. Tom suspects that GRU thugs are not so good at hands-on-keyboard operations, but excellent at coercing weedy cybercriminals to hack for the state.

They also talk about OpenAI’s report into malicious actor’s use of its models, and how Australia’s proposed cyber security law looks pretty sensible.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Chinese spooks all up in western telco lawful intercept
• Jerks ruin the Internet Archive’s day
• Microsoft drops a great report with a bad chart
• The feds make their own crypto currency and get it pumped
• Forti-, Palo- and Ivanti-fail
• And much, much more

This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs. …

In this podcast Tom Uren and Adam Boileau talk a new UN report that spells out the role Telegram plays as a massive enabler for transnational organised crime.

They also discuss China’s hacking of US telcos to possibly target of lawful intercept equipment and a remarkably entertaining account of North Korean IT workers being employed by over a dozen cryptocurrency firms.

In this podcast Tom Uren and Adam Boileau talk about how the US government’s response to Iranian election interference is proceeding at light speed. This allows other actors such as Meta to make decisions relating to interference with certainty.

They also discuss how Russian cybercrime group Evil Corp’s relationship with Russian intelligence was built on the founder’s marriage.

Linux security, more identity security and Wiz moves on code scanning…

In this edition of Snake Oilers we hear pitches from three security vendors:

• Sandfly Security: An agentless Linux security platform that actually sounds very cool: https://sandflysecurity.com
• Permiso: An identity security platform founded by ex FireEye folks: https://permiso.io/
• Wiz: The cloud security giant is getting in on code security scanning: https://wiz.io/rb

You can listen to the podcast version of Snake Oilers here: https://risky.biz/snakeoilers20pt2