Videos

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australia expels Iranian ambassador
• Hackers sabotage Iranian shipping satcoms
• APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?
• Trail of Bits uses image-downscaling to sneak prompts into Google Gemini
• The Com’s King Bob gets ten years in the slammer
• It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.

This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please. …

The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsoft’s entanglement in China.

Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. It’s all blown up in the press over the last month, but how did we get here? Did Microsoft make these decisions to save money? Or was it more about getting access to the Chinese market? And how can we all make the world’s most important software company stop doing things like this? Tune in to the Wide World of Cyber podcast to find out!

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish.

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country’s invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy.

They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Oracle’s long term CSO departs, and we’re not that sad about it
• Canada’s House of Commons gets popped through a Microsoft bug
• Russia degrades voice calls via Whatsapp and Telegram to push people towards Max
• South-East Asian scam compounds are also behind child sextortion
• Reports that the UK has backed down on Apple crypto are… strange
• Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!…

In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture.

Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It’s about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years.

They also discuss Microsoft’s involvement in an Israeli surveillance system and the head of Australia’s security organisation’s blunt warning about espionage.

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• CISA warns about the path from on-prem Exchange to the cloud
• Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are
• Everyone and their dog seems to have a shell in US Federal Court information systems
• Google pays $250k for a Chrome sandbox escape
• Attackers use javascript in adult SVG files to … farm facebook likes?!
• SonicWall says users aren’t getting hacked with an 0day… this time.

This week’s episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together. …

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut.

This episode explores the rise of AI-powered bug hunting:

• Google’s Project Zero and Deepmind team up to find and report 20 bugs to open source projects
• The XBOW AI bug hunting platform sees success on HackerOne
• Is an AI James Kettle on the horizon?

There’s also plenty of regular cybersecurity news to discuss:

• On-prem Sharepoint’s codebase is maintained out of China… awkward!…