Videos

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• North Korea pulls off a 1.5 billion dollar crypto heist
• Apple pulls Advanced Data Protection from the UK
• Black Basta ransomware gang’s internal chats leak
• Russians snoop on Signal with QR codes
• And Myanmar ships thousands of freed scam compound workers to Thailand

Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that… she outed the NSA?

This week’s episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows’ own allow-listing software to block EDR from loading. …

In this sponsored product demo, Prowler founder and CEO Toni de la Fuente walks Risky Business host Patrick Gray through the company’s open source cloud security platform.

Toni demonstrates how Prowler can identify and remediate security issues across AWS, Azure, GCP and Kubernetes. There’s a pointy-clicky GUI interface and a CLI, and both come in handy in different ways.

The Prowler platform is completely free and open source, but there is a hosted version you can pay for if you don’t want to run it yourself.

Find the Prowler company at https://prowler.com and the GitHub page at https://github.com/prowler-cloud

In this edition of Between Two Nerds Tom Uren and The Grugq examine the fundamental principles of network exploitation as described in Matthew Monte’s ‘Network Attacks and Exploitation: A Framework’ book.

In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation.

From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be?

Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs.

In this podcast Tom Uren and Patrick Gray talk about the idea of launching a retaliatory campaign to hack Chinese telcos in response to Salt Typhoon’s targeting of US ones. US Senator Mark Warner floated the idea as a way to persuade the Chinese government to pull back Salt Typhoon, but we think that kind of campaign has merit regardless.

They also discuss how Samoa’s CERT calling out APT40 is a big deal. It’s striking to see a small country of 200,000 people calling out Chinese hacking.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australian spooks scrubbed Medibank data off Zservers bulletproof hosting
• Why device code phishing is the latest trick in confusing poor users about cloud authentication
• Cloudflare gets blocked in Spain, but only on weekends and because of… football?
• Palo Alto has yet another dumb bug
• Adam gushes about Qualys’ latest OpenSSH vulns

Enterprise browser maker Island is this week’s sponsor and Chief Customer Office Braden Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches. …

In this edition of Between Two Nerds, Tom Uren and The Grugq talk about the United State’s Vulnerabilities Equities Program, which balances the need for intelligence collection with need to protect the public. The government recently revealed that in 2023 it released 39 vulnerabilities, but what does this really tell us?

In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik.

The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source it’s extremely flexible, and if you’re running it yourself, you get to decide where your IDP should sit in your architecture.

You can run it on prem if you’re an emergency call centre or you’re operating an airgapped network, or you can spin it up in your cloud environment if you’re a typical enterprise.

Fletcher talks through th…

In this podcast Tom Uren and Patrick Gray talk about Apple’s refusal to obey a UK government order to provide the capability to access to encrypted iCloud data. Its the latest round in the ongoing government vs technology fights over warrant-proof encryption, and again it looks like governments will lose.

They also talk about good news in the fight against ransomware. Government actions are putting pressure on the cyber criminal ecosystem, splintering groups and even making it hard to for crooks to convert cryptocurrency to hard cash.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Musk’s DOGE kid has a history with The Com
• Paragon fires Italy as a spyware customer
• Thailand cuts power to scam compounds…
• … and arrests Phobos/8Base Russian cybercrims
• The CyberCX DFIR report shows non-U2F MFA is well and truly over
• And much, much more.

This week’s episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious work, so they can focus on the value of human insight. Dropzone’s founder and CEO Edward Wu joins to talk about how they approach the problem….