Videos

News, analysis and product demos

Srsly Risky Biz: Russia's cybercriminals and spies are officially in cahoots

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Patrick Gray talk about Russian DanaBot malware developers making a tailored variant of their malware specifically for espionage. This fills in some of the blanks on the exact relationship between Russian criminals and the country’s intelligence services.

They also discuss a US Director of National Intelligence initiative to centralise the purchase of commercially acquired information. Although this information can be used maliciously, having a one-stop-shop should make it easier to check that it is being used responsibly.

Risky Business Weekly (793): Scattered Spider is hijacking MX records

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week’s news, including:

  • EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes
  • The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed
  • Brian Krebs eats a 6.3Tbps DDoS … ‘cause that’s how you demo your packet cannon
  • Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers
  • Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty…

Between Two Nerds: Why some problems are HARD

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq talk about cyber’s ‘hard problems’ and why they are intractable.

Srsly Risky Biz: Telegram is cooperating with authorities, for now

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Patrick Gray talk about how Telegram took down the two largest ever criminal marketplaces recently. They used Telegram for all their communications and had collectively sold over USD$30 billion in illicit products. The pair discuss why Telegram is now cooperating with authorities after historically being reluctant and whether this assistance will continue.

They also discuss how Meta is awash with scam advertisements and how Chinese mobile app encryption is suspiciously awful.

Risky Business Weekly (792 REPOST): Beware, Coinbase users. Crypto thieves are taking fingers now

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • TeleMessage memory dumps show up on DDoSecrets
  • Coinbase contractor bribed to hand over user data
  • Telegram does seem to be actually cooperating with law enforcement
  • Britain’s legal aid service gets 15 years worth of applicant data stolen
  • Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library

This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks!…

Between Two Nerds: Why hackers and spies don't mix

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies.

Risky Biz Soap Box: Push Security's browser-first twist on identity security

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.

Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.

It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it….

Srsly Risky Biz: Special guests Rob Joyce and Andy Boyd on offensive cyber

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

In this special edition of the Seriously Risky Business podcast Patrick Gray speaks with former NSA Cybersecurity Director Rob Joyce and former director of the CIA’s Center for Cyber Intelligence Andy Boyd.

The talk about what offensive cyber could look like under Trump 2.0, and the shake-up the intelligence community is going through under various White House initiatives.

Risky Business Weekly (791): Woof! Copilot for Sharepoint coughs up creds and keys

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back!
  • The ransomware ecosystem is finding life a bit tough lately
  • SAP Netweaver bug being used by Chinese APT crew
  • Academics keep just keep finding CPU side-channel attacks
  • And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF?

This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. …