Videos

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.

With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.

It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state’s cyber power.

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm.

They also talk about Apple’s Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Apple ruins exploit developers’ week with fresh memory corruption mitigations
• Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack
• Salesloft says its GitHub was the initial entry point for its compromise
• Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”
• Rogue certs for 1.1.1.1 appear to be just (stupid) testing
• Jaguar Land Rover ransomware attackers are courting trouble

This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!…

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:

• Automated, AI-powered threat hunting with Nebulock https://nebulock.io/

Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.

• Runtime security for hypervisors from Vali Cyber https://valicyber.com/

Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments….

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage.

Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It’s a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace.

They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That’s a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government.

And it turns out that Apple’s dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The Salesloft breach and why OAuth soup is a problem
• The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed
• Google says it will stand up a “disruption unit”
• Microsoft writes up a ransomware gang that’s all-in on the cloud future
• Aussie firm hot-mics its work-from-home employees’ laptops
• Youtube scam baiters help the feds take down a fraud ring

This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please!…

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have.

Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won’t pass, but letting hackers loose on industrial-scale scam farms actually makes sense.

They also talk about Microsoft’s blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China’s security interests are not compatible with Microsoft’s.