Videos

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the compromise of US telecommunications companies by Chinese hackers has very little to do with US government lawful intercept laws.

In this product demo Airlock Digital co-founders Daniel Schell and David Cottingham show Risky Business host Patrick Gray around the latest version of the company’s allowlisting software.

Airlock allows customers to control what executes in their environment. From applications to DLLs to scripts to Windows lolbins.

It is a terrific product that allows organisations to successfully implement allowlisting at massive scale. It is deployed in environments with 100,000+ endpoints.

Risky Business #777 – It’s SonicWall’s turn

Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europe’s power grid Apple CPUs get a new speculative execution side channel And much, much more.

This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps. …

Risky Business #777 – It’s SonicWall’s turn

Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europe’s power grid Apple CPUs get a new speculative execution side channel And much, much more.

This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps. …

Risky Business #776 – Trump will flex America’s cyber muscles

Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss:

The incoming Trump administration guts the CSRB Biden’s last cyber Executive Order has sensible things in it China’s breach of the US Treasury gets our reluctant admiration Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon New year, same shameful comedy Forti- and Ivanti- bugs US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing…

In this sponsored Soap Box edition of the show Patrick Gray talks to Island CEO Michael Fey about some of the cool tricks in the Island enterprise browser. You can use it to tick off so many compliance boxes, and not just cybersecurity boxes.

This is largely a conversation about compliance, but it’s actually interesting and fun. These are words we never thought we’d type!

You can find Island at https://island.io/

In this podcast Tom Uren and Patrick Gray talk about the likelihood that the incoming Trump administration will end the ‘dual-hat’ arrangement where a single officer leads both US Cyber Command and the National Security Agency. This would result in Cyber Command outranking NSA and could prioritise cyber disruption operations over intelligence collection. That would be a bad outcome.

They also talk about how changes to SEC disclosure rules have led to an outpouring of corporate drivel and how WhatsApps became an everything app.

In this product demo the Panther team join Patrick Gray to walk him through their new piped query language for incident response on the Panther SIEM platform.

Panther is a cloud-native SIEM capable of ingesting incredible amounts of data and applying detection-as-code to it in real time. With this new release they’ve moved into the threat hunting space as well.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The SEC’s cyber incident reporting isn’t very exciting after all
• China Telecom on the way to being thrown out of the US
• The NSA/Cybercom might get two separate hats
• The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks
• (Yet another) File upload bug in Struts makes Java admins weep
• And much, much more.

This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they’re not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps’ Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. …

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the evolution of Russian cyber operations during its invasion of Ukraine.