Videos

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group
• The Github actions hack is smaller than we thought, but was targeting crypto
• Remote code exec in Kubernetes, ouch
• Oracle denies its cloud got owned, but that sure does look like customer keymat
• Taiwanese hardware maker Clevo packs its private keys into bios update zip
• US Treasury un-sanctions Tornado Cash, party time in Pyongyang?

This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam. …

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why people studying cyber operations are fascinated by 0days. These are vulnerabilities or exploits that have been found in a system before the vendor or manufacturer is made aware of them and so therefore no fix exists.

Tom Uren and Patrick Gray discuss how China’s Ministry of State Security is increasingly doxxing and threatening Taiwanese APT operators. In some ways this mirrors the US strategy of naming and shaming Chinese cyber operators in indictments that contain lots of supporting information. But although MSS statements are filled with propaganda rather than technical detail, naming Taiwanese military hackers has some bite.

They also discuss Russia’s ‘shadow war’ sabotage campaign across Europe. The Russian campaign mostly relies on traditional sabotage and finding local proxies to throw bombs. But it does make sense for Western governments to respond with destructive cyber operations….

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Github Actions supply chain attack loots keys and secrets from 23k projects
• Why a VC fund now owns a minority stake in Risky Business Media (!?!?)
• China doxes Taiwanese military hackers
• Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it
• CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave
• …and Google acquires Wiz for $32bn

This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years. …

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how offensive cyber operations could do so much more than just ‘deny, disrupt, degrade and destroy’. Grugq thinks this thinking is rooted in US military culture and he wonders why cyber operations are always so mean.

Tom Uren and Patrick Gray discuss how X is actively engaging in political interference outside the US. The risks mirror those of TikTok. American legislators moved against TikTok because it could potentially be a powerful tool for the Chinese government to interfere with American political discourse. X is a realised threat, not a potential one, so we expect that foreign governments will start to consider a ban.

They also explore why mass firing of probationary employees in NSA and intelligence agencies is particularly damaging.

This episode is sponsored by https://greynoise.io.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA.

They talk through:

• A realistic bluetooth-proximity phishing attack against Passkeys
• A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor
• The ESP32 backdoor that is neither a door nor at the back
• The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists
• Years later, LastPass hackers are still emptying crypto-wallets
• …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice!…

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what Europe should do given that US security guarantees are evaporating. Should Europe grow its cyber capabilities, what it would get out of it and how should it go about doing it?

In this podcast Tom Uren and Patrick Gray discuss how Starlink is providing an internet lifeline for scam compounds that have had their internet access cut by Thai authorities. Starlink has a very poor track record dealing with unauthorised use, but it is time for the company to develop the processes to keep on top of these problems.

They also discuss how President Trump’s actions that favour Russia will make Five Eyes partners take stock, particularly when it comes to HUMINT intelligence sharing.

Finally they examine the did-it-happen-or-not stand-down of US Cyber Command’s Russian operations.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Did the US decide to stop caring about Russian cyber, or not?
• Adam stans hard for North Korea’s massive ByBit crypto-theft
• Cellebrite firing Serbia is an example of the system working
• Starlink keeps scam compounds in Myanmar running
• Biggest DDoS botnet yet pushes over 6Tbps

This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon.