Videos

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what Europe should do given that US security guarantees are evaporating. Should Europe grow its cyber capabilities, what it would get out of it and how should it go about doing it?

In this podcast Tom Uren and Patrick Gray discuss how Starlink is providing an internet lifeline for scam compounds that have had their internet access cut by Thai authorities. Starlink has a very poor track record dealing with unauthorised use, but it is time for the company to develop the processes to keep on top of these problems.

They also discuss how President Trump’s actions that favour Russia will make Five Eyes partners take stock, particularly when it comes to HUMINT intelligence sharing.

Finally they examine the did-it-happen-or-not stand-down of US Cyber Command’s Russian operations.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Did the US decide to stop caring about Russian cyber, or not?
• Adam stans hard for North Korea’s massive ByBit crypto-theft
• Cellebrite firing Serbia is an example of the system working
• Starlink keeps scam compounds in Myanmar running
• Biggest DDoS botnet yet pushes over 6Tbps

This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon.

In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into incident response reports from Chinese cybersecurity firms that attribute the hack of one of the country’s top seven defence universities to the US National Security Agency. These reports were collated and translated into English by the security researcher known as inversecos (https://x.com/inversecos))

Tom Uren and Patrick Gray talk about the White House apparently considering kicking Canada out of the Five Eyes intelligence alliance to apply pressure on the country. It’s a terrible idea and even thinking about it undermines the strength of the alliance.

They also discuss Sweden’s proposed legislation that would order apps like WhatsApp and Signal to store messages so they could be provided under warrant to authorities. The story is a vignette of the ongoing encryption debate, but we think apps like Signal will leave the country rather than comply.

Finally, they talk about how the illicit …

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• North Korea pulls off a 1.5 billion dollar crypto heist
• Apple pulls Advanced Data Protection from the UK
• Black Basta ransomware gang’s internal chats leak
• Russians snoop on Signal with QR codes
• And Myanmar ships thousands of freed scam compound workers to Thailand

Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that… she outed the NSA?

This week’s episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows’ own allow-listing software to block EDR from loading. …

In this sponsored product demo, Prowler founder and CEO Toni de la Fuente walks Risky Business host Patrick Gray through the company’s open source cloud security platform.

Toni demonstrates how Prowler can identify and remediate security issues across AWS, Azure, GCP and Kubernetes. There’s a pointy-clicky GUI interface and a CLI, and both come in handy in different ways.

The Prowler platform is completely free and open source, but there is a hosted version you can pay for if you don’t want to run it yourself.

Find the Prowler company at https://prowler.com and the GitHub page at https://github.com/prowler-cloud

In this edition of Between Two Nerds Tom Uren and The Grugq examine the fundamental principles of network exploitation as described in Matthew Monte’s ‘Network Attacks and Exploitation: A Framework’ book.

In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation.

From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be?

Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs.

In this podcast Tom Uren and Patrick Gray talk about the idea of launching a retaliatory campaign to hack Chinese telcos in response to Salt Typhoon’s targeting of US ones. US Senator Mark Warner floated the idea as a way to persuade the Chinese government to pull back Salt Typhoon, but we think that kind of campaign has merit regardless.

They also discuss how Samoa’s CERT calling out APT40 is a big deal. It’s striking to see a small country of 200,000 people calling out Chinese hacking.