Winamp Logo
Risky Business News Cover
Risky Business News Profile

Risky Business News

English, Technology, 1 season, 463 episodes, 1 day, 14 hours, 48 minutes
About
Regular cybersecurity news updates from the Risky Business team...
Episode Artwork

Risky Biz News: US charges Andariel member for ransomware attacks

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: New DNS attack impacts a quarter of all open DNS resolvers
7/26/20249 minutes, 8 seconds
Episode Artwork

Srsly Risky Biz: Chinese Illegal Gambling's Worldwide Tentacles

In this podcast Tom Uren and Patrick Gray discuss the wild story of a Chinese illegal gambling operation that involves human trafficking, shell companies, money laundering, hundreds of thousands of websites and sponsorship of European football teams. They also talk about why a potential CSRB review of CrowdStrike’s disaster should focus… not on CrowdStrike, but instead on the legacy practice of security vendors having kernel-level access to Windows. Finally, Tom is happy that the FTC is going to investigate ‘surveillance pricing’.
7/25/202420 minutes, 4 seconds
Episode Artwork

Risky Biz News: New Russian ICS malware cuts heat to 600 Ukrainian apartment buildings

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: New Russian ICS malware cuts heat to 600 Ukrainian apartment buildings
7/24/20248 minutes, 49 seconds
Episode Artwork

Between Two Nerds: Every cloud has a silver lining

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether the rise of cloud computing has been a boon or a curse for cyber espionage agencies.
7/22/202425 minutes, 46 seconds
Episode Artwork

Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems
7/22/20247 minutes, 38 seconds
Episode Artwork

Sponsored: Socket CEO Feross Aboukhadijeh on how tracking vulnerabilities isn't enough for open source repositories

In this Risky Business News sponsored interview, Tom Uren talks to Feross Aboukhadijeh, CEO and Founder of Socket about how open source repositories are riddled with horrible software. Feross explains why it makes a difference if a package is vulnerable, malicious or just unwanted and how current transparency mechanisms such as CVEs and the NVD just aren’t suitable for the challenge of open source repositories.
7/21/202414 minutes, 42 seconds
Episode Artwork

Risky Biz News: Trickbot dev arrested in Moscow

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Trickbot dev arrested in Moscow
7/19/20249 minutes, 26 seconds
Episode Artwork

Srsly Risky Biz: World vs China cyber security reporting duel

In this podcast Tom Uren and Adam Boileau talk about how countries are using cyber security reports and advisories to win friends and influence people; why having gaping holes in US federal government security is situation normal; and efforts to make up for the disappearance of Twitter’s trust and safety team.
7/18/202423 minutes, 20 seconds
Episode Artwork

Risky Biz News: Kasperksy winds down US business

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Konfety gang creates an alternate reality for its mobile ad fraud
7/16/20248 minutes, 24 seconds
Episode Artwork

Between Two Nerds: The great game, cyber edition

In this edition of Between Two Nerds Tom Uren and The Grugq discuss Shashank Joshi’s notes from a recent Oxford Cyber forum. Topics include the role of 0days and who is ahead when it comes to offensive cyber operations. The pair refer to observations made in this thread.
7/15/202422 minutes, 47 seconds
Episode Artwork

Sponsored: runZero on keeping up with CISA's KEV list

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, Director of Security Research at runZero, about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero’s research into the SSH protocol.
7/15/202415 minutes, 39 seconds
Episode Artwork

Risky Biz News: AT&T discloses massive hack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Squarespace DNS hijack spree hits crypto sites, everyone else watch out!
7/15/20247 minutes, 11 seconds
Episode Artwork

Risky Biz News: Apple warns iPhone users of new spyware attacks

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Apple warns iPhone users of new spyware attacks
7/11/20249 minutes, 7 seconds
Episode Artwork

Risky Biz News: US takes down RT's Twitter bot farm

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: US takes down RT's Twitter bot farm
7/10/20246 minutes, 48 seconds
Episode Artwork

Between Two Nerds: How bureaucracies deal with super talented people

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how bureaucracies should deal with outstandingly talented individuals.
7/8/202424 minutes, 6 seconds
Episode Artwork

Sponsored: Devicie on the Great Windows 11 Enterprise Migration

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Devicie Technical Product Manager Tom Plant on the upcoming Windows 10 end-of-support and the looming Great Windows 11 Migration.
7/8/20249 minutes, 10 seconds
Episode Artwork

Risky Biz News: A ransomware attack is putting lives at risk across South Africa

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: A ransomware attack is putting lives at risk across South Africa
7/8/20246 minutes, 1 second
Episode Artwork

Risky Biz News: Ransomware attacks increase hospital mortality rates

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Ransomware attacks increase hospital mortality rates
7/4/20248 minutes, 5 seconds
Episode Artwork

Srsly Risky Biz: When hacking customers is good business

In this podcast Tom Uren and Patrick Gray talk about how South Korean internet regulations inadvertently encouraged a large ISP to hack their own customers to cut down on torrent traffic. They also look at state-backed hackers behaving very badly.
7/4/202418 minutes, 47 seconds
Episode Artwork

Risky Biz News: Unauth RCE in OpenSSH—a scary combination of words

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Unauth RCE in OpenSSH—a scary combination of words
7/2/20246 minutes, 5 seconds
Episode Artwork

Between Two Nerds: Private enterprise is on its own

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why governments have failed to protect the private sector from state-backed cyber espionage.
7/2/202420 minutes, 41 seconds
Episode Artwork

Risky Biz News: Russia hacks TeamViewer

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News returns! The catch-up edition :(
7/1/202411 minutes, 58 seconds
Episode Artwork

Sponsored: Rad Security describes its concept of "verified runtime fingerprints"

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jimmy Mesta, CTO and Co-Founder of Rad Security (formerly KSOC). Jimmy explains how Rad Security has replaced signature-based detections with a new concept the company calls “behavioral fingerprints” or “verified runtime fingerprints,” which can detect malicious activity in cloud environments using a wider set of indicators. Show notes Cloud native workload fingerprinting
6/30/202414 minutes, 4 seconds
Episode Artwork

Srsly Risky Biz: Why the Optus breach was dumb

In this podcast Tom Uren and Patrick Gray talk about how Optus’s 2022 data breach went down and how the company had been vulnerable for years. They also look at the US government’s ban on Kaspersky products, why it makes sense and why the ban took a long time to arrive.
6/27/202414 minutes, 58 seconds
Episode Artwork

Risky Biz News: Russia wants its own CISA

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Russia wants its own CISA
6/14/20248 minutes, 46 seconds
Episode Artwork

Srsly Risky Biz: China's superstar hackers

In this podcast Tom Uren and Patrick Gray talk about a new report that explores how China’s vulnerability discovery and research ecosystem is linked to state sponsored espionage. This research finds that a relatively small number of people are responsible for an outsize contribution to vulnerability discovery. They also talk about difficulties at CISA’s Joint Cyber Defence Collaborative initiative and why it should be retired. Show notes From Vegas to Chengdu: Hacking Contests, Bug Bounties, and China’s Offensive Cyber Ecosystem
6/13/202418 minutes, 19 seconds
Episode Artwork

Risky Biz News: Apple launches private cloud for AI workloads

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Apple's WWDC 2024 security lineup
6/12/20248 minutes, 50 seconds
Episode Artwork

Between Two Nerds: The cyber Rorschach test

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the use of cyber operations in Ukraine is informative but information is incomplete. Rather than clarifying the role of cyber operations in conventional warfare there is still a lot of room for confirmation bias.
6/10/202419 minutes, 51 seconds
Episode Artwork

Risky Biz News: Microsoft relents on Windows 11 Recall

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Microsoft relents on Windows 11 Recall
6/9/20248 minutes, 23 seconds
Episode Artwork

Sponsored: Panther on how the market is moving towards detection engineers

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Panther Senior Engineering Manager Nicholas Hakmiller on how the IT market is adapting to the cybersecurity skill shortage by training regular software talent in detection engineering, how AI is not there yet, and how Panther excels at spotting initial account compromise. Show notes Panther
6/9/202413 minutes, 33 seconds
Episode Artwork

Risky Biz News: Interpol plugs Red Notices leak

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/7/20248 minutes, 43 seconds
Episode Artwork

Srsly Risky Biz: Russian attacks on Europe double

In this podcast Tom Uren and Patrick Gray talk about Russia’s escalating actions in Europe in the lead up to elections and the Paris Olympics. They combine disruptive cyber elements, disinformation and real-world covert action.
6/6/202415 minutes, 38 seconds
Episode Artwork

Risky Biz News: Making Linux a CNA was a bad decision

A short podcast updating listeners on the security news of the last few days, prepared by Catalin Cimpanu and read by Claire Aird.
6/5/20249 minutes, 3 seconds
Episode Artwork

Between Two Nerds: Why trolling cyber criminals is misguided

In this edition of Between Two Nerds Tom Uren and The Grugq talk about law enforcement agencies trolling cyber criminals when they carry out disruption operations, and why it might be counterproductive.
6/4/202426 minutes, 52 seconds
Episode Artwork

Risky Biz News: What actually happened with Snowflake, Ticketmaster

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/3/20246 minutes, 31 seconds
Episode Artwork

Sponsored: Nucleus Security on vulnerability management trends, SLAs

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Nucleus Security co-founder and COO Scott Kuffer about recent trends the company has observed among customers when it came to patch management and how service level agreements (SLAs) became a sign of an organization’s security health. Show notes Vulnerability Management Benchmarking: Metrics and Practices of Highly Effective Organizations - Recording
6/2/202415 minutes, 48 seconds
Episode Artwork

Risky Biz News: Law enforcement disrupts six malware botnets

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Law enforcement disrupts six malware botnets
5/31/202411 minutes, 5 seconds
Episode Artwork

Srsly Risky Biz: Cyber Command is a half-ripe melon

In this podcast Tom Uren and Patrick Gray talk about continued discussion about the creation of a Cyber Force. It’s a discussion that won’t go away and shows there is an underlying feeling that Cyber Command could do better. They also discuss how Scattered Spider is like Hollywood and how TikTok’s report on influence campaigns will do nothing to convince people it is not a national security risk.
5/30/202420 minutes, 2 seconds
Episode Artwork

Risky Biz News: MediSecure asks for a government bailout; denied!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: IR reports are not protected documents, multiple judges rule
5/29/20247 minutes, 26 seconds
Episode Artwork

Between Two Nerds: Ransomware and the state

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the role of the state in tackling ransomware. They discuss why action has been slow and ineffective, and what it will take to truly change the situation.
5/27/202425 minutes, 55 seconds
Episode Artwork

Risky Biz News: Google throws out GlobalTrust certs

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
5/26/20247 minutes, 24 seconds
Episode Artwork

Sponsored: Why directory services are always a dog's breakfast

In this Risky Business News sponsored interview, Tom Uren talks to Justin Kohler, VP of the Bloodhound team at SpecterOps about ‘attack paths’, the ways that malicious actors maneuver through Active Directory to elevate their privileges. They discuss how and why they arise and what you can do about them.
5/26/202414 minutes, 35 seconds
Episode Artwork

Risky Biz News: Backdoor found in court AV recording software

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Backdoor found in court AV recording software
5/24/20249 minutes, 15 seconds
Episode Artwork

Srsly Risky Biz: UK to consider licensing ransomware payments

In this podcast Tom Uren and Patrick Gray talk about a UK government proposal that would see ransomware victims seek government approval before making ransom payments. They also talk about why governments need to be more proactive about defending democracy and why that is difficult.
5/23/202415 minutes, 34 seconds
Episode Artwork

Risky Biz News: DNSBomb attack is here! Pew pew pew!!!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: DNSBomb attack is here! Pew pew pew!!!
5/21/20246 minutes, 43 seconds
Episode Artwork

Between Three Nerds: The strategic culture of Russian intelligence

In this edition of Between Three Nerds Tom Uren and The Grugq talk to Elena Grossfeld about the strategic culture of Russian intelligence organisations. In the discussion we refer to Elena’s paper on Russia’s declining satellite reconnaissance capability and she talks about ‘lustration’, the removal of public officials who are associated with a tainted political regime. Elena is researching Russian and Soviet intelligence culture at Kings College London and is on X @kloosha. Show notes Russia’s Declining Satellite Reconnaissance Capabilities and Its Implications for Security and International Stability
5/20/202433 minutes, 5 seconds
Episode Artwork

Risky Biz News: Germany sues Microsoft for details on past hack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Germany sues Microsoft for details on past hack
5/19/20248 minutes, 13 seconds
Episode Artwork

Sponsored: Proofpoint on the current threat actor landscape

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Proofpoint senior threat intelligence analyst Selena Larson about the latest changes in the threat actor landscape in the aftermath of several law enforcement takedowns and Microsoft tech stack changes. Show notes DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns.
5/19/202419 minutes, 18 seconds
Episode Artwork

Risky Biz News: Feds seize BreachForums again

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
5/17/20249 minutes, 31 seconds
Episode Artwork

Srsly Risky Biz: The proliferation of spyware in Southeast Asia

In this podcast Tom Uren and Patrick Gray talk about Amnesty International’s research into Indonesia’s use of spyware implicated in human rights abuses. They also talk about proposed regulation that would dock payments to US hospitals that don’t meet minimum cyber security standards and why the idea needs some tweaking.
5/16/202418 minutes, 36 seconds
Episode Artwork

Risky Biz News: Ebury gang compromises entire ISPs and hosting providers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Ebury botnet compromises entire ISPs and hosting providers
5/14/20246 minutes, 43 seconds
Episode Artwork

Between Two (Other) Nerds: Signalling, Cyber Signalling is Dead

The regular two nerds have the week off, but the former Director of the CIA’s Center for Cyber Intelligence Andy Boyd joins Patrick Gray for a rollicking conversation in front of a live audience in San Francisco. Grugq and Tom return next week!
5/13/202425 minutes, 22 seconds
Episode Artwork

Sponsored: Giving authorisation the Okta treatment

In this Risky Business News sponsored interview, Adam Boileau talks to Okta’s Cassio Sampaio about how cloud-native applications can move authorisation into a centralised model. This brings real benefits for consistency, control and auditing in distributed applications, beyond just the authentication part Okta is normally known for.
5/12/202417 minutes
Episode Artwork

Risky Biz News: Black Basta group spam-bombs victims and then calls to help

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Black Basta group spam-bombs victims and then calls to help
5/12/20247 minutes, 12 seconds
Episode Artwork

Risky Biz News: 68 tech companies sign up to CISA's Secure by Design project

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: 68 tech companies pledge to CISA's Secure by Design project
5/10/20246 minutes, 24 seconds
Episode Artwork

Srsly Risky Biz: 'Security' the new marketing mantra

In this podcast Tom Uren and Adam Boileau talk about how Microsoft’s reprioritisation of security after recent breaches and a scathing CSRB report seem to be influencing other companies. They are now touting their security chops, so could it be that security is actually becoming a competitive advantage? They also talk about law enforcement trying to make life difficult for the LockBit ringleader and how the Change Healthcare disaster had deeper underlying causes beyond “no MFA on Citrix”.
5/9/202417 minutes, 26 seconds
Episode Artwork

Risky Biz News: LockBit leader unmasked, charged, and sanctioned

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
5/8/20247 minutes, 17 seconds
Episode Artwork

Between Two Nerds: How organisations learn in a world of secrets

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different types of secrecy obsessed organisations learn. The Grugq mentions the book Mafia Organisations: The Visible Hand of Criminal Enterprise by Maurizio Catino.
5/6/202424 minutes, 2 seconds
Episode Artwork

Risky Biz News: Microsoft ties security goals to executive compensation

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Microsoft ties security goals to executive compensation
5/6/20248 minutes, 53 seconds
Episode Artwork

Sponsored: How Thinkst stays on top of attack trends

In this Risky Business News sponsored interview, Tom Uren talks to Marco Slaveiro, Thinkst’s CTO about staying current with modern attack trends and not falling for the trap of optimising to catch red teams.
5/5/202413 minutes, 13 seconds
Episode Artwork

Risky Biz News: New router malware intercepts traffic to steal credentials

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
5/3/20247 minutes, 36 seconds
Episode Artwork

Srsly Risky Biz: The problem with big tech

In this podcast Tom Uren and Adam Boileau talk about how there is a growing consensus between regulators and lawmakers on the key problems of modern tech companies. They also dive into how to deal with malicious foreign actors buying their way onto domestic cloud infrastructure and how drones are actually just like modern cars.
5/2/202419 minutes, 50 seconds
Episode Artwork

Risky Biz News: Change Healthcare blames it all on a Citrix password

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/30/20247 minutes, 34 seconds
Episode Artwork

Between Two Nerds: Busting 0day Myths

In this edition of Between Two Nerds Tom Uren and The Grugq look at the life cycle of 0days, dissect the conventional wisdom and talk about how 0days are never truly ‘burnt’.
4/29/202422 minutes, 40 seconds
Episode Artwork

Risky Biz News: Cyber Partisans hack Belarus KGB

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/29/20246 minutes, 29 seconds
Episode Artwork

Sponsored: Open source software's increasing vulnerability

In this Risky Business News sponsored interview, Tom Uren talks to CEO and founder of Socket, Feross Aboukhadijeh about the open source software and supply chain security. Feross says the software ecosystem has evolved in ways that make it more vulnerable to trust-based attacks (such as seen in XZ Utils) and discusses what can be done to defend against this type of supply chain subversion.
4/28/202418 minutes, 48 seconds
Episode Artwork

Risky Biz News: Cisco zero-day fun time is here!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Patrick Gray. You can find the newsletter version of this podcast here.
4/25/20246 minutes, 7 seconds
Episode Artwork

Srsly Risky Biz: Sandworm an inspiration for hostile actors

In this podcast Adam Boileau and Tom Uren talk about what there is to learn from Mandiant’s report into the GRU Sandworm crew. Are the Russians a model for other actors, or just a get-‘er-done bunch of pragmatists? They also talk about an attempt to build a World Cybercrime Index, assessing different national cybercrime specialisations.
4/25/202420 minutes, 30 seconds
Episode Artwork

Risky Biz News: First US spyware visa ban hammer falls on 13 individuals

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
4/24/20247 minutes, 25 seconds
Episode Artwork

Sponsored: Pushing back the frontiers of vulnerability research

In this Risky Business News sponsored interview, Tom Uren talks to Dan Guido, the CEO of security research company Trail of Bits. Dan and Tom discuss DARPA’s upcoming AI cyber challenge, in which Trail of Bits will compete to solve very difficult bug discovery challenges. They also talk about Trail of Bits’ approach to making some of its own tools available to the community.
4/21/202414 minutes, 54 seconds
Episode Artwork

Risky Biz News: File transfer system hacking spree continues with a CrushFTP zero-day

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read today by Patrick Gray, as Claire Aird is unwell. You can find the newsletter version of this podcast here.
4/21/20245 minutes, 42 seconds
Episode Artwork

Risky Biz News: Authorities take down LabHost PhaaS

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/19/20245 minutes, 56 seconds
Episode Artwork

Srsly Risky Biz: Why the compromise of open source projects is inevitable

In this podcast Patrick Gray and Tom Uren talk about how open source software is inherently vulnerable to malicious ‘good samaritan’ attacks and what to do about it. They also talk about a recent breach at data analytics company Sisense, how dependency on Microsoft is a strategic risk, and US Cyber Command’s view of the world.
4/18/202421 minutes, 41 seconds
Episode Artwork

Risky Biz News: PuTTY crypto bug exposes private keys

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/17/20249 minutes, 14 seconds
Episode Artwork

Between Two Nerds: 0days in 2023

In this edition of Between Two Nerds Tom Uren and The Grugq look at Google’s review of 0days in 2023. They discuss what this kind of information tells us and how Google’s perspective influences the report.
4/15/202421 minutes, 3 seconds
Episode Artwork

Risky Biz News: Palo Alto Networks scrambles to push zero-day RCE patch

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/15/20249 minutes, 39 seconds
Episode Artwork

Sponsored: When standards drive innovation

In this Risky Business News sponsored interview, Tom Uren talks to Daniel Schell and David Cottingham, the CTO and CEO of Airlock Digital. They discuss the security standard that drove innovation and the genesis of Airlock Digital and also how to make sure that standards don’t become box-checking exercises.
4/14/202416 minutes, 4 seconds
Episode Artwork

Risky Biz News: CISA sounds alarm on Sisense breach

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here
4/12/20247 minutes, 43 seconds
Episode Artwork

Srsly Risky Biz: States behaving badly

In this podcast Patrick Gray and Tom Uren talk about how different states are transgressing what we want to be norms of online behaviour. They also look at the framing around new bipartisan privacy legislation and why vendors should have positive security obligations.
4/11/202418 minutes, 51 seconds
Episode Artwork

Risky Biz News: Ukraine suspends SBU cyber chief

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/10/20247 minutes, 1 second
Episode Artwork

Risky Biz News: Ukraine suspends SBU cyber chief

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/10/20240
Episode Artwork

Between Two Nerds: The human side of the XZ supply chain attack

In this edition of Between Two Nerds Tom Uren and The Grugq look at the tradecraft used in the compromise of the XZ open source data compression project.
4/9/20240
Episode Artwork

Between Two Nerds: The human side of the XZ supply chain attack

In this edition of Between Two Nerds Tom Uren and The Grugq look at the tradecraft used in the compromise of the XZ open source data compression project.
4/9/20240
Episode Artwork

Risky Biz News: Backdoor found in 92k D-Link NAS devices

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/8/20240
Episode Artwork

Sponsored: GreyNoise on last year's vulnerability exploitation trends

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder Andrew Morris about last year’s vulnerability exploitation trends, how the company’s AI system works, and Catalin makes a fool of himself because he can’t pronounce ‘abnormalities.’ Show notes GreyNoise 2023 Internet Exploitation Retrospective Report
4/8/202417 minutes, 20 seconds
Episode Artwork

Risky Biz News: Backdoor found in 92k D-Link NAS devices

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/8/20240
Episode Artwork

Sponsored: GreyNoise on last year's vulnerability exploitation trends

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder Andrew Morris about last year’s vulnerability exploitation trends, how the company’s AI system works, and Catalin makes a fool of himself because he can’t pronounce ‘abnormalities.’ Show notes GreyNoise 2023 Internet Exploitation Retrospective Report
4/8/20240
Episode Artwork

Risky Biz News: Ukraine wants Sandworm hackers tried at The Hague

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/5/20247 minutes, 2 seconds
Episode Artwork

Risky Biz News: Ukraine wants Sandworm hackers tried at The Hague

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/5/20240
Episode Artwork

Srsly Risky Biz: The heavy weight of CIRCIA regulation

In this podcast Patrick Gray and Tom Uren talk about the weighty tome of CISA’s critical infrastructure reporting legislation, CIRCIA, and compare different approaches to defining regulation. They also look at moves to better protect customers from being tracked by the telco protocol Signalling System 7.
4/4/202417 minutes, 32 seconds
Episode Artwork

Srsly Risky Biz: The heavy weight of CIRCIA regulation

In this podcast Patrick Gray and Tom Uren talk about the weighty tome of CISA’s critical infrastructure reporting legislation, CIRCIA, and compare different approaches to defining regulation. They also look at moves to better protect customers from being tracked by the telco protocol Signalling System 7.
4/4/20240
Episode Artwork

Risky Biz News: CSRB drops scathing Microsoft report

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/3/20246 minutes, 37 seconds
Episode Artwork

Risky Biz News: CSRB drops scathing Microsoft report

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/3/20240
Episode Artwork

Between Two Nerds: The asymmetry of 'information warfare'

In this edition of Between Two Nerds Tom Uren and The Grugq look at how states have very different views about manipulating the information environment aka ‘information warfare’.
4/2/202428 minutes, 33 seconds
Episode Artwork

Between Two Nerds: The asymmetry of 'information warfare'

In this edition of Between Two Nerds Tom Uren and The Grugq look at how states have very different views about manipulating the information environment aka ‘information warfare’.
4/2/20240
Episode Artwork

Risky Biz News: Epic supply chain attack on Linux SSH

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/1/20245 minutes, 31 seconds
Episode Artwork

Sponsored: Resourcely on how it manages its secure templates

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely co-founder and CEO Travis McPeak about how the DevOps ecosystem has evolved and ushered the need for DevSecOps, and how the company provides and manages its secure-by-default templates.
4/1/202413 minutes, 55 seconds
Episode Artwork

Sponsored: Resourcely on how it manages its secure templates

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely co-founder and CEO Travis McPeak about how the DevOps ecosystem has evolved and ushered the need for DevSecOps, and how the company provides and manages its secure-by-default templates.
4/1/20240
Episode Artwork

Risky Biz News: Epic supply chain attack on Linux SSH

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
4/1/20240
Episode Artwork

Risky Biz News: Spyware vendors behind 24 zero-days last year

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/29/20247 minutes, 48 seconds
Episode Artwork

Risky Biz News: Spyware vendors behind 24 zero-days last year

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/29/20240
Episode Artwork

Srsly Risky Biz: China hacking for more than just IP

In this podcast Patrick Gray and Tom Uren talk about recent US and UK action including indictments and sanctions levied on PRC Ministry of State Security related hackers. In contrast to previous indictments, this one focuses a lot on the hacking of government officials and parliamentarians. That’s new. They also look at a new report that lays out the case for a US Cyber Force.
3/28/202417 minutes, 30 seconds
Episode Artwork

Srsly Risky Biz: China hacking for more than just IP

In this podcast Patrick Gray and Tom Uren talk about recent US and UK action including indictments and sanctions levied on PRC Ministry of State Security related hackers. In contrast to previous indictments, this one focuses a lot on the hacking of government officials and parliamentarians. That’s new. They also look at a new report that lays out the case for a US Cyber Force.
3/28/20240
Episode Artwork

Risky Biz News: China called out over hacks, again

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/27/20246 minutes, 41 seconds
Episode Artwork

Risky Biz News: China called out over hacks, again

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/27/20240
Episode Artwork

Risky Biz News: EU bans anonymous crypto payments

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/25/20247 minutes, 2 seconds
Episode Artwork

Sponsored: Sublime Security on attack surface reduction for email

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh describes how Sublime implemented the concept of attack surface reduction to email security last year, how it works, and what customers are saying about it. Show notes ASR rules for Sublime We're excited to launch Attack Surface Reduction for email.
3/25/202416 minutes, 45 seconds
Episode Artwork

Risky Biz News: EU bans anonymous crypto payments

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/25/20240
Episode Artwork

Sponsored: Sublime Security on attack surface reduction for email

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh describes how Sublime implemented the concept of attack surface reduction to email security last year, how it works, and what customers are saying about it. Show notes ASR rules for Sublime We're excited to launch Attack Surface Reduction for email.
3/25/20240
Episode Artwork

Risky Biz News: US sanctions Russian disinfo peddlers in LATAM

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/22/20247 minutes, 35 seconds
Episode Artwork

Risky Biz News: US sanctions Russian disinfo peddlers in LATAM

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/22/20240
Episode Artwork

Srsly Risky Biz: Microsoft deserves the stick

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick. They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?
3/21/202424 minutes, 16 seconds
Episode Artwork

Srsly Risky Biz: Microsoft deserves the stick

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick. They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?
3/21/20240
Episode Artwork

Risky Biz News: New DoS loop attack impacts 300,000 systems

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/20/20247 minutes, 53 seconds
Episode Artwork

Risky Biz News: New DoS loop attack impacts 300,000 systems

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/20/20240
Episode Artwork

Between Two Nerds: Russia's Taurus missile leak

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.
3/19/202423 minutes, 8 seconds
Episode Artwork

Between Two Nerds: Russia's Taurus missile leak

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.
3/19/20240
Episode Artwork

Risky Biz News: Edge adds new sandbox escape protection

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/18/20244 minutes, 59 seconds
Episode Artwork

Sponsored: Kroll on the DPRK's foray into enterprise gear

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.
3/18/202410 minutes, 29 seconds
Episode Artwork

Risky Biz News: Edge adds new sandbox escape protection

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/18/20240
Episode Artwork

Sponsored: Kroll on the DPRK's foray into enterprise gear

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.
3/18/20240
Episode Artwork

Risky Biz News: NIST stopped curating the CVE database a month ago

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/15/20247 minutes, 14 seconds
Episode Artwork

Risky Biz News: NIST stopped curating the CVE database a month ago

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/15/20240
Episode Artwork

Srsly Risky Biz: Does 'delete America' mean deleting China too?

In this podcast Patrick Gray and Tom Uren talk about ‘Document 79’, a PRC government document that calls for the Chinese companies in finance, energy and other sectors, to remove foreign software from their IT systems by 2027. They also talk about the difficulties that Microsoft is facing in permanently removing SVR hackers from its systems.
3/14/202417 minutes, 21 seconds
Episode Artwork

Srsly Risky Biz: Does 'delete America' mean deleting China too?

In this podcast Patrick Gray and Tom Uren talk about ‘Document 79’, a PRC government document that calls for the Chinese companies in finance, energy and other sectors, to remove foreign software from their IT systems by 2027. They also talk about the difficulties that Microsoft is facing in permanently removing SVR hackers from its systems.
3/14/20240
Episode Artwork

Risky Biz News: Tor launches new WebTunnel anti-censorship protocol

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/13/20247 minutes, 1 second
Episode Artwork

Risky Biz News: Tor launches new WebTunnel anti-censorship protocol

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/13/20240
Episode Artwork

Between Two Nerds: How to disrupt ransomware groups

In this edition of Between Two Nerds Tom Uren and The Grugq look at recent efforts to disrupt ransomware gangs and discuss what could make these efforts more effective.
3/12/202422 minutes, 24 seconds
Episode Artwork

Between Two Nerds: How to disrupt ransomware groups

In this edition of Between Two Nerds Tom Uren and The Grugq look at recent efforts to disrupt ransomware gangs and discuss what could make these efforts more effective.
3/12/20240
Episode Artwork

Sponsored: The Passkey juggernaut

In this Risky Business News sponsored interview, Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances. Derek covers the different reasons organisations are investing in Passkeys, what organisations need to know to deploy them successfully, and warns that too often current deployments are too focused on authorisation rather than looking at the end user holistically.
3/11/202418 minutes, 5 seconds
Episode Artwork

Risky Biz News: Russian hackers stole Microsoft's source code

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/11/20247 minutes, 34 seconds
Episode Artwork

Risky Biz News: Russian hackers stole Microsoft's source code

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/11/20240
Episode Artwork

Sponsored: The Passkey juggernaut

In this Risky Business News sponsored interview, Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances. Derek covers the different reasons organisations are investing in Passkeys, what organisations need to know to deploy them successfully, and warns that too often current deployments are too focused on authorisation rather than looking at the end user holistically.
3/11/20240
Episode Artwork

Risky Biz News: Crypto-fraud is now bigger than BEC

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/8/20246 minutes, 42 seconds
Episode Artwork

Risky Biz News: Crypto-fraud is now bigger than BEC

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/8/20240
Episode Artwork

Srsly Risky Biz: German use of WebEx is fine, actually

In this podcast Patrick Gray and Tom Uren talk about the recent kerfuffle in Germany after a WebEx discussion between senior air force officials was leaked by Russian propagandists. Its interesting to see Russia using raw intelligence to try and shape German actions and they conclude that WebEx would have been fine if it had been used properly. They also talk about a new executive order aimed at preventing bulk sale of Americans’ sensitive personal data to countries of concern. This is the best short term option, but they contrast this with the ad tech ecosystem to explore what controls on the collection of data might look like.
3/7/202422 minutes, 17 seconds
Episode Artwork

Srsly Risky Biz: German use of WebEx is fine, actually

In this podcast Patrick Gray and Tom Uren talk about the recent kerfuffle in Germany after a WebEx discussion between senior air force officials was leaked by Russian propagandists. Its interesting to see Russia using raw intelligence to try and shape German actions and they conclude that WebEx would have been fine if it had been used properly. They also talk about a new executive order aimed at preventing bulk sale of Americans’ sensitive personal data to countries of concern. This is the best short term option, but they contrast this with the ad tech ecosystem to explore what controls on the collection of data might look like.
3/7/20240
Episode Artwork

Risky Biz News: AlphV admins exit-scam with Change Healthcare’s ransom

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/6/20246 minutes, 40 seconds
Episode Artwork

Risky Biz News: AlphV admins exit-scam with Change Healthcare’s ransom

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/6/20240
Episode Artwork

Between Two Nerds: Ukraine goes on the offensive

In this edition of Between Two Nerds Tom Uren and The Grugq look at the shift that has taken place in Ukraine’s cyber strategy as it has gone on the front foot and its cyber forces have launched multiple cyber strikes in the last few months. They discuss reasons why Ukraine might want to make this change and ask whether it makes sense.
3/5/202421 minutes, 22 seconds
Episode Artwork

Between Two Nerds: Ukraine goes on the offensive

In this edition of Between Two Nerds Tom Uren and The Grugq look at the shift that has taken place in Ukraine’s cyber strategy as it has gone on the front foot and its cyber forces have launched multiple cyber strikes in the last few months. They discuss reasons why Ukraine might want to make this change and ask whether it makes sense.
3/5/20240
Episode Artwork

Sponsored: The state of cloud security

In this Risky Business News sponsored interview, Tom Uren talks to Vijit Nair, Corelight’s VP of Product, about how cloud security was once an afterthought but is now on the improve.
3/4/202416 minutes, 37 seconds
Episode Artwork

Risky Biz News: Intellexa pulls the plug on new Predator spyware infrastructure

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/4/20246 minutes, 5 seconds
Episode Artwork

Sponsored: The state of cloud security

In this Risky Business News sponsored interview, Tom Uren talks to Vijit Nair, Corelight’s VP of Product, about how cloud security was once an afterthought but is now on the improve.
3/4/20240
Episode Artwork

Risky Biz News: Intellexa pulls the plug on new Predator spyware infrastructure

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/4/20240
Episode Artwork

Risky Biz News: US restricts sale of personal data to hostile nations

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/1/20248 minutes, 23 seconds
Episode Artwork

Srsly Rizky Biz: The memory safety long game

In this podcast Patrick Gray and Tom Uren talk about the White House’s push for memory safe programming languages and software measurability. They also discuss Nevada’s moves against end to end encryption for children and the national security concerns with commercial data sales to geopolitical rivals. You can find the newsletter version of this podcast here.
3/1/202423 minutes, 27 seconds
Episode Artwork

Risky Biz News: US restricts sale of personal data to hostile nations

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
3/1/20240
Episode Artwork

Srsly Rizky Biz: The memory safety long game

In this podcast Patrick Gray and Tom Uren talk about the White House’s push for memory safe programming languages and software measurability. They also discuss Nevada’s moves against end to end encryption for children and the national security concerns with commercial data sales to geopolitical rivals. You can find the newsletter version of this podcast here.
3/1/20240
Episode Artwork

Risky Biz News: US sanctions Sandvine over Egypt sales

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
2/28/20245 minutes, 30 seconds
Episode Artwork

Risky Biz News: US sanctions Sandvine over Egypt sales

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
2/28/20240
Episode Artwork

Between Two Nerds: In search of Russian cyber doctrine

In this edition of Between Two Nerds Tom Uren and The Grugq apologise for repeating a quote that is purported to be Russian cyber doctrine, but is not. They also wonder why this phenomena has happened before with the so-called Gerasimov doctrine. Show notes UN Document A/56/164 Add. 1 p2 UN Document A/55/140, p5 UN Document A/54/213 Searching for Russian Cyber Doctrine by Oleg Shakirov Gerasimov Doctrine
2/27/202420 minutes, 13 seconds
Episode Artwork

Between Two Nerds: In search of Russian cyber doctrine

In this edition of Between Two Nerds Tom Uren and The Grugq apologise for repeating a quote that is purported to be Russian cyber doctrine, but is not. They also wonder why this phenomena has happened before with the so-called Gerasimov doctrine. Show notes UN Document A/56/164 Add. 1 p2 UN Document A/55/140, p5 UN Document A/54/213 Searching for Russian Cyber Doctrine by Oleg Shakirov Gerasimov Doctrine
2/27/20240
Episode Artwork

Sponsored: Tines' Eoin Hinchy on how AI is a tool more useful to defenders than attackers

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how the unique features of AI and ML algorithms are more suited to blue teamers and defending networks rather than attackers.
2/26/202412 minutes, 36 seconds
Episode Artwork

Risky Biz News: Backdoor code found in Tornado Cash

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/26/20244 minutes, 40 seconds
Episode Artwork

Risky Biz News: Backdoor code found in Tornado Cash

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/26/20240
Episode Artwork

Sponsored: Tines' Eoin Hinchy on how AI is a tool more useful to defenders than attackers

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how the unique features of AI and ML algorithms are more suited to blue teamers and defending networks rather than attackers.
2/26/20240
Episode Artwork

Risky Biz News: Google addresses Chrome JIT security

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/23/20246 minutes, 59 seconds
Episode Artwork

Risky Biz News: Google addresses Chrome JIT security

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/23/20240
Episode Artwork

Srsly Risky Biz: China's free market espionage machine

In this podcast Patrick Gray and Tom Uren talk about a recent leak from a PRC cyber espionage contractor i-SOON. The leak sheds light on China’s cyber salt mines and the system’s hyper-capitalist, pay-for-results, approach to stealing secrets.
2/22/202420 minutes, 36 seconds
Episode Artwork

Srsly Risky Biz: China's free market espionage machine

In this podcast Patrick Gray and Tom Uren talk about a recent leak from a PRC cyber espionage contractor i-SOON. The leak sheds light on China’s cyber salt mines and the system’s hyper-capitalist, pay-for-results, approach to stealing secrets.
2/22/20240
Episode Artwork

Risky Biz News: Law enforcement thoroughly dismantle LockBit

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/21/20247 minutes, 59 seconds
Episode Artwork

Risky Biz News: Law enforcement thoroughly dismantle LockBit

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/21/20240
Episode Artwork

Between Two Nerds: Russian cyber doctrine

In this edition of Between Two Nerds Tom Uren and The Grugq examine Russian cyber doctrine and how it was applied in the early days of its invasion of Ukraine. They mention this Human Rights Watch report which examined how international humanitarian law was applied in the 2003 invasion of Iraq.
2/20/202425 minutes, 41 seconds
Episode Artwork

Between Two Nerds: Russian cyber doctrine

In this edition of Between Two Nerds Tom Uren and The Grugq examine Russian cyber doctrine and how it was applied in the early days of its invasion of Ukraine. They mention this Human Rights Watch report which examined how international humanitarian law was applied in the 2003 invasion of Iraq.
2/20/20240
Episode Artwork

Sponsored: Breaking apart OT protocols

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero’s Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.
2/19/202414 minutes, 26 seconds
Episode Artwork

Risky Biz News: NSO Group capability revealed in court documents

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/19/20247 minutes, 29 seconds
Episode Artwork

Sponsored: Breaking apart OT protocols

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero’s Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.
2/19/20240
Episode Artwork

Risky Biz News: NSO Group capability revealed in court documents

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/19/20240
Episode Artwork

Risky Biz News: US takes down GRU/APT28 botnet

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/16/20249 minutes, 48 seconds
Episode Artwork

Risky Biz News: US takes down GRU/APT28 botnet

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/16/20240
Episode Artwork

Srsly Risky Biz: The spyware ecosystem

In this podcast Patrick Gray and Tom Uren talk about what to do about commercial spyware. A new Google TAG report is a great primer on the ecosystem. They also talk about Ukraine’s shift in cyber strategy. It is now carrying out and publicising that it is launching destructive cyber operations. Finally, they look at all the reasons why banning ransomware payments is a bad idea.
2/15/202420 minutes, 26 seconds
Episode Artwork

Srsly Risky Biz: The spyware ecosystem

In this podcast Patrick Gray and Tom Uren talk about what to do about commercial spyware. A new Google TAG report is a great primer on the ecosystem. They also talk about Ukraine’s shift in cyber strategy. It is now carrying out and publicising that it is launching destructive cyber operations. Finally, they look at all the reasons why banning ransomware payments is a bad idea.
2/15/20240
Episode Artwork

Risky Biz News: Rhysida ransomware secretly decrypted nine months ago

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/14/20247 minutes, 16 seconds
Episode Artwork

Risky Biz News: Rhysida ransomware secretly decrypted nine months ago

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/14/20240
Episode Artwork

Between Two Nerds: The cyber magic bullet

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.
2/13/202418 minutes, 25 seconds
Episode Artwork

Between Two Nerds: The cyber magic bullet

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.
2/13/20240
Episode Artwork

Sponsored: North Korea's DMARC spoofing tricks

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.
2/12/202416 minutes, 14 seconds
Episode Artwork

Risky Biz News: Authorities take down Warzone RAT gang

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/12/20246 minutes, 3 seconds
Episode Artwork

Risky Biz News: Authorities take down Warzone RAT gang

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/12/20240
Episode Artwork

Sponsored: North Korea's DMARC spoofing tricks

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.
2/12/20240
Episode Artwork

Risky Biz News: Ransomware passed $1 billion mark in 2023

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/9/20246 minutes, 40 seconds
Episode Artwork

Risky Biz News: Ransomware passed $1 billion mark in 2023

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/9/20240
Episode Artwork

Srsly Risky Biz: Beating back Volt Typhoon

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict. They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.
2/8/202417 minutes, 16 seconds
Episode Artwork

Srsly Risky Biz: Beating back Volt Typhoon

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict. They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.
2/8/20240
Episode Artwork

Risky Biz News: US imposes visa ban on individuals linked to commercial spyware

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/7/20247 minutes, 3 seconds
Episode Artwork

Risky Biz News: US imposes visa ban on individuals linked to commercial spyware

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/7/20240
Episode Artwork

Between Two Nerds: What to expect when you are expecting to cyber

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what up and coming countries should expect from a cyber command and whether they should invest in them.
2/6/202426 minutes, 24 seconds
Episode Artwork

Between Two Nerds: What to expect when you are expecting to cyber

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what up and coming countries should expect from a cyber command and whether they should invest in them.
2/6/20240
Episode Artwork

Risky Biz News: Two Iranian cyber groups doxed in a week

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/5/20248 minutes, 39 seconds
Episode Artwork

Risky Biz News: Two Iranian cyber groups doxed in a week

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/5/20240
Episode Artwork

Sponsored: Haroon Meer of Thinkst Canary on how attackers own networks

In this Risky Business News sponsor interview Tom Uren talks to Haroon Meer of Thinkst Canary. They discuss how network attackers win, how their tactics have changed over time and what this means for network defenders.
2/4/202413 minutes, 30 seconds
Episode Artwork

Sponsored: Haroon Meer of Thinkst Canary on how attackers own networks

In this Risky Business News sponsor interview Tom Uren talks to Haroon Meer of Thinkst Canary. They discuss how network attackers win, how their tactics have changed over time and what this means for network defenders.
2/4/20240
Episode Artwork

Risky Biz News: Ivanti finally releases zero-day patches

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/2/20248 minutes, 14 seconds
Episode Artwork

Risky Biz News: Ivanti finally releases zero-day patches

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
2/2/20240
Episode Artwork

Srsly Risky Biz: US data dumpster fire singes NSA

In this podcast Patrick Gray and Tom Uren talk about how the NSA suffered collateral damage from the US’s lax data privacy environment. They also discuss how to respond to aggressive adversaries, how the current SEC cyber security disclosure regime is pointless and finally admit they occasionally get things wrong.
2/1/202420 minutes, 30 seconds
Episode Artwork

Srsly Risky Biz: US data dumpster fire singes NSA

In this podcast Patrick Gray and Tom Uren talk about how the NSA suffered collateral damage from the US’s lax data privacy environment. They also discuss how to respond to aggressive adversaries, how the current SEC cyber security disclosure regime is pointless and finally admit they occasionally get things wrong.
2/1/20240
Episode Artwork

Risky Biz News: Brazilian police arrest Grandoreiro malware gang

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/31/20248 minutes, 13 seconds
Episode Artwork

Risky Biz News: Brazilian police arrest Grandoreiro malware gang

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/31/20240
Episode Artwork

Between Two Nerds: Rethinking mobile phones on the battlefield

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the war in Ukraine is showing how useful mobile devices are in war. Using them is risky, but those risks need to be managed. They refer to this report which examines location tracking in the battlefield.
1/30/202425 minutes, 49 seconds
Episode Artwork

Between Two Nerds: Rethinking mobile phones on the battlefield

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the war in Ukraine is showing how useful mobile devices are in war. Using them is risky, but those risks need to be managed. They refer to this report which examines location tracking in the battlefield.
1/30/20240
Episode Artwork

REPOSTED: Sponsored: Talking with Island on how enterprise browsers could replace some technology stacks

NOTE: We initially published the wrong mp3 for this episode. It has been corrected! In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.
1/29/202421 minutes, 37 seconds
Episode Artwork

Risky Biz News: DOJ and FTC tell companies to stop deleting chats

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/29/20247 minutes, 59 seconds
Episode Artwork

REPOSTED: Sponsored: Talking with Island on how enterprise browsers could replace some technology stacks

NOTE: We initially published the wrong mp3 for this episode. It has been corrected! In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.
1/29/20240
Episode Artwork

Risky Biz News: DOJ and FTC tell companies to stop deleting chats

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/29/20240
Episode Artwork

Srsly Risky Biz: How the SEC's new cyber disclosure rules are shaking out

In this podcast Patrick Gray and Tom Uren talk about how the SEC’s new disclosure rules that mean companies have four days to report cyber security incidents once they’ve formally decided that they are material. So far, companies are very much erring on the side of caution. They also look at the criticism of the CSRB’s board composition. Tom thinks these critiques are misguided. The cyber security landscape is so fractured that if the board were made up of faceless bureaucrats it would get very limited traction.
1/26/202415 minutes, 7 seconds
Episode Artwork

Srsly Risky Biz: How the SEC's new cyber disclosure rules are shaking out

In this podcast Patrick Gray and Tom Uren talk about how the SEC’s new disclosure rules that mean companies have four days to report cyber security incidents once they’ve formally decided that they are material. So far, companies are very much erring on the side of caution. They also look at the criticism of the CSRB’s board composition. Tom thinks these critiques are misguided. The cyber security landscape is so fractured that if the board were made up of faceless bureaucrats it would get very limited traction.
1/26/20240
Episode Artwork

Risky Biz News: SVR hackers also breached HPE

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/25/20248 minutes, 50 seconds
Episode Artwork

Between Two Nerds: Why data brokers aren't causing widespread harms

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how having so much data available about Americans feels creepy, yet there is little visible harm to individuals. But there are still reasons to be worried.
1/25/202423 minutes, 40 seconds
Episode Artwork

Risky Biz News: SVR hackers also breached HPE

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/25/20240
Episode Artwork

Between Two Nerds: Why data brokers aren't causing widespread harms

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how having so much data available about Americans feels creepy, yet there is little visible harm to individuals. But there are still reasons to be worried.
1/25/20240
Episode Artwork

Risky Biz News: AU, UK, US sanction Russian behind Medibank ransomware attack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/24/20247 minutes, 43 seconds
Episode Artwork

Risky Biz News: AU, UK, US sanction Russian behind Medibank ransomware attack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/24/20240
Episode Artwork

Sponsored: Why finding and responding threats isn't enough and we need to contain them as well

In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation’s critical infrastructure.
1/22/202418 minutes, 22 seconds
Episode Artwork

Risky Biz News: SVR hackers breach Microsoft

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/22/20248 minutes, 13 seconds
Episode Artwork

Risky Biz News: SVR hackers breach Microsoft

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/22/20240
Episode Artwork

Sponsored: Why finding and responding threats isn't enough and we need to contain them as well

In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation’s critical infrastructure.
1/22/20240
Episode Artwork

Risky Biz News: Congress considers making CSRB permanent

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/19/20246 minutes, 33 seconds
Episode Artwork

Risky Biz News: Congress considers making CSRB permanent

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/19/20240
Episode Artwork

Srsly Risky Biz: The PRC doesn't care about stealth, just access

In this podcast Adam Boileau and Tom Uren talk about how although the PRC has pivoted to quieter living-off-the-land approaches, they don’t really care about stealth. They just want long-term access. So this means noisily digging in to networks and targeting end-of-life devices. They also look at the FTC’s settlement against geolocation data broker Outlogic. It’s a win, but it’s built on shaky foundations.
1/18/202418 minutes, 31 seconds
Episode Artwork

Srsly Risky Biz: The PRC doesn't care about stealth, just access

In this podcast Adam Boileau and Tom Uren talk about how although the PRC has pivoted to quieter living-off-the-land approaches, they don’t really care about stealth. They just want long-term access. So this means noisily digging in to networks and targeting end-of-life devices. They also look at the FTC’s settlement against geolocation data broker Outlogic. It’s a win, but it’s built on shaky foundations.
1/18/20240
Episode Artwork

Risky Biz News: Ivanti Connect Secure zero-days suffer mass exploitation

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/17/20248 minutes, 1 second
Episode Artwork

Risky Biz News: Ivanti Connect Secure zero-days suffer mass exploitation

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/17/20240
Episode Artwork

Between Two Nerds: Stuxnet, the inevitable game changer

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Stuxnet was an ‘inevitability gamechanger’, how much we now know about the operation and how much the Dutch government should have known at the time.
1/16/202422 minutes, 13 seconds
Episode Artwork

Between Two Nerds: Stuxnet, the inevitable game changer

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Stuxnet was an ‘inevitability gamechanger’, how much we now know about the operation and how much the Dutch government should have known at the time.
1/16/20240
Episode Artwork

Risky Biz News: Chinese APT hacks a third of Cisco RV320/325 routers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/15/20247 minutes, 24 seconds
Episode Artwork

Risky Biz News: Chinese APT hacks a third of Cisco RV320/325 routers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/15/20240
Episode Artwork

Sponsored: How the rise of cloud has changed the SIEM game

In this Risky Business News sponsor interview Tom Uren talks to Ken Westin, Field CISO at Panther about how the rise of cloud and hybrid IT architectures requires a new type of SIEM.
1/14/202415 minutes, 43 seconds
Episode Artwork

Sponsored: How the rise of cloud has changed the SIEM game

In this Risky Business News sponsor interview Tom Uren talks to Ken Westin, Field CISO at Panther about how the rise of cloud and hybrid IT architectures requires a new type of SIEM.
1/14/20240
Episode Artwork

Risky Biz News: Chinese APT exploits two Pulse Secure zero-days

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/12/20247 minutes, 30 seconds
Episode Artwork

Risky Biz News: Chinese APT exploits two Pulse Secure zero-days

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/12/20240
Episode Artwork

Srsly Risky Biz: Russia's cyber war fantasy

In this podcast Adam Boileau and Tom Uren talk about how cyber operations are being used in conflicts in both Ukraine and the Middle East. Some of these operations make sense but others seem pointless or even counterproductive.
1/11/202417 minutes, 7 seconds
Episode Artwork

Srsly Risky Biz: Russia's cyber war fantasy

In this podcast Adam Boileau and Tom Uren talk about how cyber operations are being used in conflicts in both Ukraine and the Middle East. Some of these operations make sense but others seem pointless or even counterproductive.
1/11/20240
Episode Artwork

Risky Biz News: Ransomware wrecks Paraguay's largest telco

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/10/20248 minutes, 1 second
Episode Artwork

Risky Biz News: Ransomware wrecks Paraguay's largest telco

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/10/20240
Episode Artwork

Between Three Nerds: Martijn Grooten on how Infosec has changed

In this edition of Between Two Nerds Tom Uren and The Grugq talk with infosec and anti-virus veteran Martijn Grooten about how the infosec industry has changed over the years.
1/9/202433 minutes, 16 seconds
Episode Artwork

Between Three Nerds: Martijn Grooten on how Infosec has changed

In this edition of Between Two Nerds Tom Uren and The Grugq talk with infosec and anti-virus veteran Martijn Grooten about how the infosec industry has changed over the years.
1/9/20240
Episode Artwork

Sponsored: When you have to run that Chinese government tax software

In this Risky Business News sponsor interview Tom Uren talks to Chris St Myers, Stairwell’s head of threat research, about managing the risk from software you absolutely must use. Show notes Stairwell's Inception Platform
1/8/20249 minutes, 35 seconds
Episode Artwork

Risky Biz News: Merck settles NotPetya lawsuit

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/8/20247 minutes, 33 seconds
Episode Artwork

Sponsored: When you have to run that Chinese government tax software

In this Risky Business News sponsor interview Tom Uren talks to Chris St Myers, Stairwell’s head of threat research, about managing the risk from software you absolutely must use. Show notes Stairwell's Inception Platform
1/8/20240
Episode Artwork

Risky Biz News: Merck settles NotPetya lawsuit

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
1/8/20240
Episode Artwork

Risky Biz News: UK summons Russian ambassador over hacking campaigns

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/8/20238 minutes, 54 seconds
Episode Artwork

Risky Biz News: UK summons Russian ambassador over hacking campaigns

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/8/20230
Episode Artwork

Srsly Risky Biz: Why election interference is inevitable

In this podcast Patrick Grey and Tom Uren talk about whether election interference will take place in the Taiwanese, US and Russian elections that are all taking place in 2024. They also look at a ChatGPT-powered online harassment campaign.
12/7/202315 minutes, 15 seconds
Episode Artwork

Srsly Risky Biz: Why election interference is inevitable

In this podcast Patrick Grey and Tom Uren talk about whether election interference will take place in the Taiwanese, US and Russian elections that are all taking place in 2024. They also look at a ChatGPT-powered online harassment campaign.
12/7/20230
Episode Artwork

Risky Biz News: US government agencies officially suck at logging

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/5/20237 minutes, 21 seconds
Episode Artwork

Between Two Nerds: Revisiting Ukraine's IT Army

In this edition of Between Two Nerds Tom Uren and The Grugq talk about recent hints that the Ukrainian government has figured out how to make use of the IT Army
12/5/202321 minutes, 9 seconds
Episode Artwork

Between Two Nerds: Revisiting Ukraine's IT Army

In this edition of Between Two Nerds Tom Uren and The Grugq talk about recent hints that the Ukrainian government has figured out how to make use of the IT Army
12/5/20230
Episode Artwork

Risky Biz News: US government agencies officially suck at logging

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/5/20230
Episode Artwork

Risky Biz News: US Government sounds alarm on water plant hacks

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/4/20237 minutes, 54 seconds
Episode Artwork

Risky Biz News: US Government sounds alarm on water plant hacks

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/4/20230
Episode Artwork

Risky Biz News: Black Basta group made $107 million from ransom payments

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/1/202310 minutes, 3 seconds
Episode Artwork

Risky Biz News: Black Basta group made $107 million from ransom payments

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
12/1/20230
Episode Artwork

Srsly Risky Biz: Living off the land is the new normal

In this podcast Patrick Grey and Tom Uren talk about how threat actors abusing legitimate tools (aka living off the land) is the new normal. Everyone is doing it, from activists to cybercriminals to nation states. It’s a worry because defender’s standard practices really aren’t set up to detect and deal with that kind of behaviour. They also discuss how cyber incidents in the US and UK amongst providers of key real estate services are disrupting house sales.
11/30/202314 minutes, 26 seconds
Episode Artwork

Srsly Risky Biz: Living off the land is the new normal

In this podcast Patrick Grey and Tom Uren talk about how threat actors abusing legitimate tools (aka living off the land) is the new normal. Everyone is doing it, from activists to cybercriminals to nation states. It’s a worry because defender’s standard practices really aren’t set up to detect and deal with that kind of behaviour. They also discuss how cyber incidents in the US and UK amongst providers of key real estate services are disrupting house sales.
11/30/20230
Episode Artwork

Risky Biz News: Ransomware cripples hospitals in six US states

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/29/20236 minutes, 48 seconds
Episode Artwork

Risky Biz News: Ransomware cripples hospitals in six US states

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/29/20230
Episode Artwork

Between Two Nerds: The evolution of Russian electricity attacks

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the latest Russian cyber attacks on the Ukrainian energy grid.
11/28/202327 minutes, 39 seconds
Episode Artwork

Between Two Nerds: The evolution of Russian electricity attacks

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the latest Russian cyber attacks on the Ukrainian energy grid.
11/28/20230
Episode Artwork

Risky Biz News: Chipmaker NXT hacked by Chinese APT group

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/27/20236 minutes, 31 seconds
Episode Artwork

Risky Biz News: Chipmaker NXT hacked by Chinese APT group

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/27/20230
Episode Artwork

Sponsored: Corelight's Brian Dye on how network data is the connective tissue of incident response

In this Risky Business News sponsor interview Tom Uren talks to Brian Dye, CEO of Corelight about the value of data from NDR tools when it comes to longer term incident response.
11/26/202317 minutes, 39 seconds
Episode Artwork

Sponsored: Corelight's Brian Dye on how network data is the connective tissue of incident response

In this Risky Business News sponsor interview Tom Uren talks to Brian Dye, CEO of Corelight about the value of data from NDR tools when it comes to longer term incident response.
11/26/20230
Episode Artwork

Risky Biz News: Fastly to block domain fronting in 2024

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/23/20237 minutes, 5 seconds
Episode Artwork

Srsly Risky Biz: Death by a thousand cuts

NOTE: We have removed this podcast audio from our feed due to a legal action against the Reuters article on which this discussion is based. In this podcast Adam Boileau and Tom Uren talk the rise of the Indian hack-for-hire industry. It doesn’t get the same attention that high-profile iPhone ‘zero-click’ hacking does, but its a global scourge that undermines legal processes. They also discuss the AlphV ransomware group reporting a company to the SEC for not disclosing a breach that it caused.
11/23/20230
Episode Artwork

Srsly Risky Biz: Death by a thousand cuts

In this podcast Adam Boileau and Tom Uren talk the rise of the Indian hack-for-hire industry. It doesn’t get the same attention that high-profile iPhone ‘zero-click’ hacking does, but its a global scourge that undermines legal processes. They also discuss the AlphV ransomware group reporting a company to the SEC for not disclosing a breach that it caused.
11/23/20230
Episode Artwork

Risky Biz News: Fastly to block domain fronting in 2024

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/23/20230
Episode Artwork

Risky Biz News: Tor Project removes 1k relays linked to cryptocurrency scheme

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/22/20238 minutes, 34 seconds
Episode Artwork

Risky Biz News: Tor Project removes 1k relays linked to cryptocurrency scheme

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/22/20230
Episode Artwork

Between Two Nerds: How marketing has changed the cyber security landscape

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how being more open about cyber security threats is great for marketing and has also forced cyber security companies to pick sides and make value judgements.
11/21/202322 minutes, 52 seconds
Episode Artwork

Between Two Nerds: How marketing has changed the cyber security landscape

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how being more open about cyber security threats is great for marketing and has also forced cyber security companies to pick sides and make value judgements.
11/21/20230
Episode Artwork

Sponsored: Everything you wanted to know about Passkeys but were too afraid to ask

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances about the state of authentication and what Passkeys are all about.
11/20/202320 minutes, 8 seconds
Episode Artwork

Risky Biz News: DIALStranger vulnerabilities disclosed after four years

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/20/20237 minutes
Episode Artwork

Sponsored: Everything you wanted to know about Passkeys but were too afraid to ask

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances about the state of authentication and what Passkeys are all about.
11/20/20230
Episode Artwork

Risky Biz News: DIALStranger vulnerabilities disclosed after four years

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/20/20230
Episode Artwork

Risky Biz News: FCC adopts SIM-swapping and port-out protections

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/17/20230
Episode Artwork

Srsly Risky Biz: LockBit's disastrous success

In this podcast Adam Boileau and Tom Uren talk about two very significant cyber incidents. In the first, LockBit attacked the US arm of China’s biggest bank and the disruption left the bank owing USD$9bn at the end of the day. The other disrupted 40% of Australia’s port traffic. They also examine the reasons why it makes sense for banks to do more regarding fraud.
11/16/20230
Episode Artwork

Risky Biz News: Russia hacked 22 Danish critical infrastructure companies

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/15/20230
Episode Artwork

Between Two Nerds: The Rules of War in cyberspace

In this edition of Between Two Nerds Tom Uren and The Grugq talk about International Humanitarian Law aka the Rules of War in cyberspace. These rules don’t really make sense in cyberspace, but despite that we think talking about them (and other norms of behaviour) is still worthwhile
11/14/20230
Episode Artwork

Sponsored: Ryan Mahoney on how Gigamon lets you have your cake and eat it too

In this Risky Business News sponsor interview Tom Uren talks to Ryan Mahoney, Product Director at Gigamon. The TLS 1.3 encryption standard makes passive network monitoring inside your network difficult without break and inspect contortions. But Gigamon has what they call a “precryption” solution!
11/13/20230
Episode Artwork

Risky Biz News: Malay officials take down BulletProftLink

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/13/20230
Episode Artwork

Risky Biz News: Clop is coming for your SysAid servers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/10/20230
Episode Artwork

Srsly Risky Biz: Microsoft's Future Security Initiative disappoints

In this podcast Adam Boileau and Tom Uren talk about Microsoft’s Secure Future Initiative. It’s been likened to the company’s 2002 Trustworthy Computing initiative, but compared to that it is a massive disappointment. They also discuss how the European-wide police operation against EncroChat unravelled when a UK intelligence analyst warned her friends with criminal links that the service had been compromised.
11/9/20230
Episode Artwork

Risky Biz News: Microsoft makes MFA mandatory for cloud admin portals

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/8/20230
Episode Artwork

Between Two Nerds: The Morris Worm

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the internet-melting 1988 Morris Worm and how cyber security has changed since then.
11/7/20230
Episode Artwork

Sponsored: runZero's Huxley Barbee on finding the unknown unknowns

In this Risky Business News sponsor interview Tom Uren talks to Huxley Barbee, Security Evangelist at runZero finding the unknown unknowns and what even is a security evangelist anyway.
11/6/20230
Episode Artwork

Risky Biz News: US sanctions Russian woman for laundering Ryuk gang money

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/6/20230
Episode Artwork

Risky Biz News: Microsoft goes through a second Trustworthy Computing moment

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/3/20230
Episode Artwork

Srsly Risky Biz: When good cyber security leads to violence

In this podcast host Adam Boileau and Tom Uren talk about the confluence of hacking and real-world violence. They also discuss the SEC’s decision to charge SolarWinds and its CISO for not being transparent enough about SolarWinds’ real cybersecurity risks. Unfortunately, almost all companies have cyber security problems but disclose them only in very generic ways.
11/2/20230
Episode Artwork

Risky Biz News: SEC charges SolarWinds and its CISO

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
11/1/20230
Episode Artwork

Between Two Nerds: What is really at stake with cyber security

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what is really at stake when it comes to cyber security.
10/31/20230
Episode Artwork

Risky Biz News: Ransomware gangs pounce on CitrixBleed vulnerability

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/30/20230
Episode Artwork

Sponsored: Talking with Nucleus Security about vulnerability threat intelligence

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on the rise and evolution of vulnerability threat intel and how CISA KEV’s new ransomware section will be a game changer. Show notes Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
10/29/20230
Episode Artwork

Risky Biz News: First Kazakhstan-based APT discovered, tries to disguise itself as Azerbaijan

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/27/20230
Episode Artwork

Srsly Risky Biz: Ransomware's soft underbelly

In this podcast guest host Adam Boileau and Tom Uren talk about the recent Ukrainian hacktivist group’s hack and burn attack on a ransomware gang. This makes us think there are definitely opportunities for Western cyber outfits. They also discuss why companies should think about human rights when they make contingency plans for crises like war.
10/26/20230
Episode Artwork

Risky Biz News: 1Password joins the list of Okta victims

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/25/20230
Episode Artwork

The Between Two Nerds Halloween Special

In this edition of Between Two Nerds Tom Uren and The Grugq discuss “spooky effects” aka when agencies play silly buggers with target computers.
10/24/20230
Episode Artwork

Risky Biz News: Cisco IOS XE hackers hide their tracks as patches come out

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/23/20230
Episode Artwork

Sponsored: It's better for everyone when DevOps have tools that are secure-by-default

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely CEO Travis McPeak about the modern DevOps ecosystem and how just giving developers tools with security baked in keeps everyone safe and happy, and how that’s easier than expecting your software engineers to become cybersecurity experts overnight.
10/23/20230
Episode Artwork

Risky Biz News: Two ransomware gang websites go puff!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/20/20230
Episode Artwork

Srsly Risky Biz: CISA to vendors — fix your products

In this podcast guest host Patrick Gray and Tom Uren talk about a CISA and NSA advisory that lists the 10 most common network misconfigurations they. It’s 101-level stuff and is particularly sobering because CISA and NSA don’t look at run of the mill networks, they look at important ones. CISA thinks part of the problem is vendors that make insecure-by-default products. They also talk about a new Five Eyes security intelligence leader summit that warns of PRC intellectual property theft.
10/19/20230
Episode Artwork

Risky Biz News: 30k+ Cisco devices compromised with IOS XE zero-day

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/18/20230
Episode Artwork

Risky Biz News: Israel warns citizens of security camera hack risk

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.
10/16/20230
Episode Artwork

Between Two Nerds: Effects operations during war and peace

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how changing circumstances change the risk/reward balance and change whether effects operations are worthwhile.
10/16/20230
Episode Artwork

Sponsored: Airlock Digital's co-founders on securing PowerShell

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about the recent Microsoft Digital Defense Report and the problems that come with trying to properly secure PowerShell. Show notes Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider Resources for deprecated features in the Windows client - What's new in Windows | Microsoft Learn The evolution of Windows authentication | Windows IT Pro Blog Is Securing PowerShell a Lost Cause? - by Allan Liska
10/15/20230
Episode Artwork

Risky Biz News: Microsoft takes NTLM behind the shed

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
10/13/20230
Episode Artwork

Srsly Risky Biz: The EU needs to grow a political spine on spyware

In this podcast guest host Patrick Gray and Tom Uren talk about research that discovered that EU-based spyware was being used to target EU and US officials. Will that encourage EU governments to take action against spyware? They also discuss Belgian concerns that the PRC will take advantage of a Chinese logistics firm with a hub in Liège for espionage. Finally, they discuss whether hacktivists will follow International Humanitarian Law (IHL or the Rules of Law) rules about hactivism in wartime. Almost certainly not, but Tom still thinks its worth talking about and promoting responsible behaviour.
10/12/20230
Episode Artwork

Risky Biz News: Microsoft kills VBScript

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
10/11/20230
Episode Artwork

Between Two Nerds: BEC and ransomware, a match made in hell

In this edition of Between Two Nerds Tom Uren and The Grugq examine the opportunities that ransomware gangs and business email compromise/romance scammers have to collaborate.
10/10/20230
Episode Artwork

Risky Biz News: Human-operated ransomware attacks double in a year

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
10/9/20230
Episode Artwork

Sponsored: PAM vs teenagers... FIGHT!

In this Risky Business News sponsor interview Tom Uren asks Martin Cannard, VP of Product Strategy at Netwrix, how privileged access management can help defend organisations. ‘Advanced Persistent Teenagers’ regularly use social engineering techniques to compromise highly privileged accounts, but that doesn’t mean it’s instantly game over for defenders.
10/8/20230
Episode Artwork

Risky Biz News: Ransomware dwell times plummet

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
10/6/20230
Episode Artwork

Srsly Risky Biz: NSA wants to protect America's AI edge

In this podcast Patrick Gray and Tom Uren talk about the NSA’s creation of a new AI Security Center. One of it’s roles is to help protect AI intellectual property and so maintain the US’s AI advantage. They also look at a new Mandiant report that looks at vulnerabilities that are exploited in the wild. This research finds a shift away from the top three vendors (Microsoft, Apple and Google) and there are rich pickings for threat actors at the network edge.
10/5/20230
Episode Artwork

Risky Biz News: Ransomware gangs hit TeamCity and WS_FTP servers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
10/4/20230
Episode Artwork

Between Two Nerds: Have offensive cyber operations against ransomware groups failed?

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether offensive cyber operations against ransomware groups have succeeded or failed. And how would we even know?
10/3/20230
Episode Artwork

Risky Biz News: Critical Exim bugs remains unpatched

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
10/2/20230
Episode Artwork

Risky Biz Sponsor Interview: The e-crime ecosystem is changing

In this Risky Business News sponsor interview Tom Uren talks to Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, about the state of play in the cybercrime ecosystem. People and organisations are getting better at protecting themselves from scams and compromises, but criminals will use every possible avenue to reach people and scam them.
10/1/20230
Episode Artwork

Risky Biz News: More in-the-wild 0day for Firefox, Chrome

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/29/20230
Episode Artwork

Srsly Risky Biz: The cyber-yoofs must be stopped!

In this edition of Seriously Risky Business Patrick Gray and Tom Uren talk about the possibility of diverting youths from a life of serious cybercrime. It’ll be tough. They also talk about a Ukrainian government report into changes in Russian cyber activity.
9/28/20230
Episode Artwork

Risky Biz News: CISA publishes HBOM framework

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/27/20230
Episode Artwork

Between Two Nerds: Why the UK and US Cyber Strategies are Mirror Images

In this edition of Between Two Nerds Tom Uren and The Grugq examine how US and UK strategies to use cyber power differ but are in some ways mirror images of each other.
9/25/20230
Episode Artwork

Risky Biz News: China admits NSA hacked Huawei

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/25/20230
Episode Artwork

Sponsored: Stairwell's Silas Cutler on the Akira leak and attacker infrastructure

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Stairwell Principal Reverse Engineer Silas Cutler about Akira’s recent server leak and attacker infrastructure.
9/24/20230
Episode Artwork

Risky Biz News: North Korea steals $54 million from CoinEx

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/15/20230
Episode Artwork

Srsly Risky Biz: Microsoft's security culture sucks

In this edition of Seriously Risky Biz guest host Adam Boileau talks with Tom Uren about what Microsoft’s recent breach by a Chinese-based threat actor tells us about the company’s security culture. There were several serious governance failures that allowed this incident to happen. They also look at a new UK government effort to reassure companies that they won’t be punished (as much) for seeking help from the NCSC.
9/14/20230
Episode Artwork

Risky Biz News: Won't someone think of the... casinos?!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/13/20230
Episode Artwork

Between Two Nerds: How AI can turbocharge cyber scams

In this edition of Between Two Nerds Tom Uren and The Grugq examine how AI can help cyber criminals and scammers.
9/12/20230
Episode Artwork

Risky Biz News: Ransomware gangs using Cisco 0day

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/11/20230
Episode Artwork

Sponsored: Red Canary's Gerry Johansen on IR readiness

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Red Canary Principal Readiness Engineer Gerry Johansen about the need to prepare IR plans in advance and why that’s just as important as the IR playbook itself.
9/11/20230
Episode Artwork

Risky Biz News: Microsoft explains how it lost its signing key

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/8/20230
Episode Artwork

Srsly Risky Biz: Why "pig butchering" is even worse than you think

In this podcast Patrick Gray and Tom Uren talk about a new UN report that says that hundreds of thousands of innocent people are being forced into working in online crypto and romance scams. They also look at new age verification laws that aim to make it more difficult for children to see pornography. It’s a complex topic, but Australia’s eSafety office has done excellent work on it.
9/7/20230
Episode Artwork

Risky Biz News: China cracks down on Southeast Asian scam call centers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/6/20230
Episode Artwork

Between Two Nerds: When states are at the mercy of tech company policy

In this edition of Between Two Nerds Tom Uren and The Grugq look at how companies often make unilateral decisions that constrain states’ behaviour, for better and worse.
9/5/20230
Episode Artwork

Risky Biz News: Okta Super Administrator accounts targeted

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/4/20230
Episode Artwork

Risky Biz Sponsor Interview: Why Island raised over $250m to build an enterprise browser

In this Risky Business News sponsor interview Tom Uren talks to Mike Fey, CEO and co-founder of Island about the idea of an ‘enterprise browser’. Tom and Mike discuss what an enterprise browser actually is, what problems it solves, and why browsers focussed on business requirements haven’t been a product category until now.
9/4/20230
Episode Artwork

Risky Biz News: Chinese APT sneaks trojaned Signal app into Play Store

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
9/1/20230
Episode Artwork

Srsly Risky Biz: The UK snoopers' charter won't stop security patches

In this podcast Patrick Gray and Tom Uren about proposed changes to the UK’s Investigatory Powers Act. Some pundits are saying the changes will clear the way for the government to prevent tech companies from rolling out security patches. They’re wrong. They also look at a new Mandiant report that dives deeper into a recent Chinese group’s campaign that compromised Barracuda Email Security Gateways. The report provides a wonderful overview of the campaign.
8/31/20230
Episode Artwork

Risky Biz News: FBI nukes Qakbot botnet

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/30/20230
Episode Artwork

Between Two Nerds: Know thyself

In this edition of Between Two Nerds Tom Uren and The Grugq look at how asset inventory tools aren’t a substitute for knowing what a business values.
8/29/20230
Episode Artwork

Risky Biz News: Kroll SIM-swapped in attack targeting crypto platforms

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/28/20230
Episode Artwork

Risky Biz News: WinRAR zero-day used to hack stock and crypto traders

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/25/20230
Episode Artwork

Srsly Risky Biz: Why did Russia deploy hackers to war zones?

In this podcast Patrick Gray and Tom Uren talk about how Ukraine has countered Russia’s cyber operations. They also look at various initiatives the US government is taking to secure open source software and ask whether it is getting serious about FOSS.
8/25/20230
Episode Artwork

Risky Biz News: South Korea investigates Chinese "spy chips"

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/23/20230
Episode Artwork

Between Two Nerds: Hacking CCTV cameras for fun and profit

In this edition of Between Two Nerds, Tom Uren and The Grugq examine the history of CCTV hacking and what different groups get out of these hacks.
8/22/20230
Episode Artwork

Risky Biz News: Foreign intelligence services are targeting the US space sector

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/21/20230
Episode Artwork

Risky Biz Sponsor Interview: Using AI to do security research

In this Risky Business News sponsor interview Tom Uren talks to Dan Guido, CEO of Trail of Bits, about AI. Dan thinks AI technologies will be a “game changer”. But he also thinks the conversation around AI is not very sophisticated just yet.
8/21/20230
Episode Artwork

Risky Biz News: PowerShell's official package repo is a supply chain mess

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/18/20230
Episode Artwork

Risky Biz News: Lockbit is posting fictitious leaks, is close to implosion

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/16/20230
Episode Artwork

Between Two Nerds: The juice jacking mass delusion

In this edition of Between Two Nerds Tom Uren and The Grugq look at why ‘juice jacking’ is a forever fear even though its not a real-world threat.
8/15/20230
Episode Artwork

Risky Biz News: CSRB to investigate Microsoft hack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/14/20230
Episode Artwork

Risky Biz Sponsor Interview with Jacob Torrey of Thinkst Labs

In this Risky Business News sponsor interview Tom Uren talks to Jacob Torrey, Thinkst’s Head of Labs. Jacob produces ThinkstScapes, a brilliant quarterly summary of the most interesting security research from around the world. In this interview Jacob talks about his favourite research of this issue, why Thinkst invests the time and effort in producing ThinkstScapes and also talks about Thinkst Citation, a companion product that contains information about nearly 70,000 security talks going all the way back to 1993.
8/13/20230
Episode Artwork

Risky Biz News: Russia blocks OpenVPN and WireGuard VPN protocols

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/11/20230
Episode Artwork

Srsly Risky Biz: Why Russia's Plan to Hide Spy Data Will Fail

In this podcast Patrick Gray and Tom Uren talk about how the Russian government is planning to alter databases to hide their spies from open source investigations. It’s a nice try, but we don’t think it will work. They also look at contrasting stories that illustrate how law enforcement agencies can facial recognition technology responsibly, but can also royally screw things up.
8/10/20230
Episode Artwork

Risky Biz News: Sandworm hackers target Ukraine's military systems

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/9/20230
Episode Artwork

Between Two Nerds: China's Changing Cyber Espionage Playbook

In this edition of Between Two Nerds Tom Uren and The Grugq ask whether Chinese operations are becoming stealthier and why? Is it a top-down directive to be careful? Or do the operations themselves require more stealth?
8/8/20230
Episode Artwork

Risky Biz News: Ransomware attack cripples hospitals across five US states

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/7/20230
Episode Artwork

Sponsored: Tines CEO Eoin Hinchy on burnout in SOC teams

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how organisations can maximise the potential of their security teams during an economic downturn, with a concentration on why human error and burnout caused by excessive workloads on security teams can be a risk.
8/7/20230
Episode Artwork

Risky Biz News: Microsoft botches Azure bug fix

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/4/20230
Episode Artwork

Srsly Risky Biz: On Microsoft, Wyden's Bark May Have Some Bite

In this podcast Patrick Gray and Tom Uren talk about how Microsoft’s lackadaisical cloud product security is attracting the ire of important politicians. They also examine a presidential advisory board report into Section 702 collection and discuss why oversight in intelligence collection is important.
8/3/20230
Episode Artwork

Risky Biz News: "American" cloud provider is allegedly an Iranian bulletproof host

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
8/2/20230
Episode Artwork

Between Two Nerds: The Rights and Wrongs of IP Theft

In this edition of Between Two Nerds Tom Uren and The Grugq look at the arguments against intellectual property theft and why there isn’t universal agreement that it should be prohibited.
8/1/20230
Episode Artwork

Sponsored: Andrew Morris on the future of GreyNoise's honeypot network

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder and CEO Andrew Morris about the company’s vast network of honeypots, and how they’re preparing to take it to the next phase.
7/31/20230
Episode Artwork

Risky Biz News: Calls to investigate Microsoft over SolarWinds, Storm-0558

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
7/31/20230
Episode Artwork

Risky Biz News: SEC adopts new cybersecurity rules

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/28/20230
Episode Artwork

Srsly Risky Biz: In Beijing, the Fourth Amendment is Still For Sale

In this podcast Patrick Gray and Tom Uren talk about draft US legislation that aims to stop law enforcement from circumventing the Fourth Amendment by simply buying data on US citizens. It’s a good move, but the overall data ecosystem needs broader reform. They also discuss new reports into the ransomware ecosystem. There is both good news and bad news, but data gaps still make it difficult for policymakers to have a good handle on how to respond.
7/27/20230
Episode Artwork

Risky Biz News: Norwegian government hacked with MobileIron zero-day

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/26/20230
Episode Artwork

Between Two Nerds: When iPhones aren't good enough

In this edition of Between Two Nerds Tom Uren and The Grugq look at when it makes sense for governments to invest in building their own secure phone
7/25/20230
Episode Artwork

Sponsored: Everything you want to know about BYO vulnerable driver attacks but are afraid to ask

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about vulnerable drivers, BYOVD attacks, and the problem with driver-based attacks.
7/24/20230
Episode Artwork

Risky Biz News: Ransomware victims stop paying up

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/23/20230
Episode Artwork

Risky Biz News: Microsoft capitulates on cloud security logs

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/21/20230
Episode Artwork

Srsly Risky Biz: Time for Cloud Transparency

In this podcast Patrick Gray and Tom Uren talk about recent breaches of JumpCloud and Microsoft cloud services. It’s great they disclosed these incidents voluntarily, but cloud companies are so important that detailed postmortems shouldn’t be voluntary. They also discuss the Biden administration’s cyber security strategy implementation plan and the opportunity to collect email destined for the US military by typo-squatting on the ‘.ml’ domain.
7/20/20230
Episode Artwork

Risky Biz News: A Citrix 0day RCE is being actively exploited

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/19/20230
Episode Artwork

Between Two Nerds: Shaping ransomware group behaviour

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of actively shaping ransomware group behaviour to get the type of behaviour we’d prefer.
7/18/20230
Episode Artwork

Risky Biz News: JumpCloud compromised by APT group

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
7/17/20230
Episode Artwork

Risky Biz News: Microsoft likely compromised in US Government hack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.
7/14/20230
Episode Artwork

Srsly Risky Biz: WeChat's Privacy Policy Is Useless

In this podcast Patrick Gray and Tom Uren talk about Citizen Lab’s analysis of WeChat’s behaviour and its privacy policy. That report misses the point: WeChat is an integral part of the PRC’s architecture of censorship and repression, and the Chinese government isn’t constrained by WeChat’s privacy policy. They also discuss a new report that proposes a human-centred framework for assessing client-side Child Sexual Abuse Material (CSAM) detection technologies. It’s a step forward because it makes clearer the tradeoffs that are being made when these technologies are suggested.
7/13/20230
Episode Artwork

Risky Biz News: Microsoft nukes 100 malicious drivers

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/12/20230
Episode Artwork

Risky Biz Sponsor Interview with Scott Hanson from Kroll on Detection-as-Code

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Scott Hanson, Head of Global Security Operations at Kroll, on how the company has adopted Detection-as-Code for its approach to writing, managing, and rolling out detection rules for its customers.
7/10/20230
Episode Artwork

Risky Biz News: Mastodon plugs a horror-show bug

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/10/20230
Episode Artwork

Risky Biz News: Ransomware cripples Japan's largest cargo port

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/7/20230
Episode Artwork

Srsly Risky Biz: The Russia vs US Extradition Tug of War

In this podcast Patrick Gray and Tom Uren talk about the regular extradition battles that occur between the US and Russia whenever a Russian cybercriminal is arrested in a third country. It’s less about protecting cybercriminals and more about Russia trying to poke the USA in the eye. They also discuss recent Ukrainian hacktivist operations that have been extremely successful, but also don’t seem to have had any really meaningful impact.
7/6/20230
Episode Artwork

Between Two Nerds: Should journalists be protected against spyware?

In this edition of Between Two Nerds Tom Uren and The Grugq look at the EU’s proposed media freedom act and how one of its goals is to protect journalists from spyware.
7/4/20230
Episode Artwork

Risky Biz News: $922 million worth of crypto stolen in H1 2023

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/4/20230
Episode Artwork

Sponsor Interview: RunZero adds passive scanning for OT networks

In this Risky Business News sponsor interview Tom Uren talks to RunZero’s CEO Chris Kirsch about how RunZero has evolved from an IT network active scanning product to one that can now discover assets on OT and cloud environments using both active and passive scanning approaches.
7/3/20230
Episode Artwork

Risky Biz News: Prigozhin's troll farms in limbo after Wagner mutiny

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
7/3/20230
Episode Artwork

Risky Biz News: Philippine authorities free 2,700 "cybercrime slaves"

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/30/20230
Episode Artwork

Srsly Risky Biz: The SEC Gets Personal

In this podcast Patrick Gray and Tom Uren talk about the US Securities Exchange Commission warning SolarWinds executives that it is planning to bring enforcement actions against them. This is a big deal and really signifies that the SEC wants companies to be much more open about cybersecurity incident disclosures. They also discuss the outcomes from a European law enforcement operation against the EncroChat ‘crimephone’. It was an absolutely stunning success, but what does it mean for the future of the access debate? Show notes The boom, the bust and the adjust | by Maor Shwartz | Jun, 2023 | Medium
6/29/20230
Episode Artwork

Risky Biz News: LetMeSpy gets hacked

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/28/20230
Episode Artwork

Risky Biz News: SEC moves on SolarWinds executives

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/26/20230
Episode Artwork

Risky Biz News: Apple patches "Triangulation" zero-days

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/23/20230
Episode Artwork

Srsly Risky Biz: Why China's Barracuda Hacks Are Just Plain Rude

In this podcast Patrick Gray and Tom Uren talk about the PRC’s campaign compromising Barracuda Email Security Gateways. It doesn’t quite break international “norms”, but it is definitely on the nose. They also discuss Albania’s police raid of an Iranian opposition refugee camp which is said to be hosting a hacking cell that targeted Iran’s government.
6/22/20230
Episode Artwork

Risky Biz News: Albania raids Iranian MEK camp for running a "hacker center"

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/21/20230
Episode Artwork

Between Two Nerds: Go Big or Go Home

In this edition of Between Two Nerds Tom Uren and The Grugq look at three different state operations that have recently been outed and what these operations tell us about how these states are behaving.
6/20/20230
Episode Artwork

Risky Biz News: Microsoft admits it got DDoSed by Anonymous Sudan

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/19/20230
Episode Artwork

Risky Biz News: Russian LockBit affiliate arrested in… the US?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/16/20230
Episode Artwork

Srsly Risky Biz: IC Reform Wanted, Decent Privacy Laws Needed

In this podcast Patrick Gray and Tom Uren talk about a new report examining how the US intelligence communities uses data it buys. It finds that data you can buy now rivals or exceeds what intelligence agencies can collect, but the IC overall doesn’t treat the data with the sensitivity and care that it deserves. Fixing IC policy is one thing, but that won’t help at all with foreign adversaries or even local US law enforcement. US needs good data privacy law that cleans up the whole field. They also look at new research that examines how lawyers’ incentives to protect clients mean that incident response is hamstrung when it comes to discovering root causes and learning lessons.
6/15/20230
Episode Artwork

Risky Biz News: CISA orders federal agencies to secure internet-exposed routers, firewalls, and VPNs

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/14/20230
Episode Artwork

Risky Biz News: Ukrainian hackers wipe Russian telco's equipment

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.
6/12/20230
Episode Artwork

Between Two Nerds: The Hallmarks of a State

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the elements that make them think an operation is state-backed.
6/12/20230
Episode Artwork

Risky Biz News: Throw your Barracudas into a wood chipper plz

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
6/9/20230
Episode Artwork

Srsly Risky Biz: ASD's Charm Offensive

In this podcast Patrick Gray and Tom Uren talk about why China and Russia are increasingly outing US cyber espionage operations and what they hope to get out of it. They also discuss a new documentary that reveals more information about some of ASD’s offensive cyber operations and and also looks at how the organisation helped track down the Bali bombers.
6/8/20230
Episode Artwork

Risky Biz News: Clop linked to MOVEit hacks, over 100 orgs breached so far

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
6/7/20230
Episode Artwork

Between Two Nerds: What it takes to be a Cyber Power II

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different cyber powers leverage companies through coercive power, regulation and the attraction of values.
6/6/20230
Episode Artwork

Risky Biz News: Windows finally gets SMB signing by default

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
6/5/20230
Episode Artwork

Sponsored: Chris St. Myers on hunting new and old threats using Stairwell's Inception platform

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Chris St. Myers, Threat Intelligence Lead at Stairwell, on the how the company Inception platform can be used for finding old or new threats that sometimes may go unnoticed.
6/5/20230
Episode Artwork

Risky Biz News: Yo Vladimir! All your iPhones are belong to us!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
6/2/20230
Episode Artwork

Srsly Risky Biz: Why Volt Typhoon is so worrying

6/1/20230
Episode Artwork

Risky Biz News: Iranian hacktivists breach president's office, leak sensitive files

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/31/20230
Episode Artwork

Between Two Nerds: Hiding from the State

In this edition of Between Two Nerds Tom Uren and The Grugq look at how criminals – and spies – try to protect themselves from state adversaries.
5/30/20230
Episode Artwork

Sponsored: Catalin Cimpanu talks CISA KEV with Nucleus Security

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on how the company has been tapping into CISA’s KEV database for insights on vulnerability management and vulnerability prioritization.
5/29/20230
Episode Artwork

Risky Biz News: NSO Group has new owners

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/29/20230
Episode Artwork

Risky Biz News: Chinese APT attacks US critical infrastructure

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.
5/26/20230
Episode Artwork

Srsly Risky Biz: G-Men Gone Wild

In this podcast Patrick Gray talks to Tom Uren about the FBI’s overenthusiastic use of foreign intelligence data collected with the Foreign Intelligence Surveillance Act’s Section 702 powers.
5/25/20230
Episode Artwork

Risky Biz News: FinFisher execs charged in Germany

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.
5/24/20230
Episode Artwork

Between Two Nerds: Cyber Pinch Points

In this edition of Between Two Nerds Tom Uren and The Grugq look at the concept of cyber “pinch points”, a place of vulnerability that can be targeted to bring an opponent to their knees. These points of vulnerability must surely but Tom and The Grugq wonder how easy they are to identify beforehand.
5/23/20230
Episode Artwork

Risky Biz News: China bans American chips, FBI feels heat over "improper" FISA searches

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.
5/22/20230
Episode Artwork

Risky Biz Sponsor Interview: Haroon Meer on the importance of honeypots

In this Risky Business News sponsor interview Tom Uren asks Thinkst Canary’s Haroon Meer about Mandiant CEO Kevin Mandia’s seven tips for cyber defenders. Honeypots appear at position number three, but Tom wonders what they actually achieve and how mature your security program needs to be before they it can take advantage of them.
5/21/20230
Episode Artwork

Risky Biz News: Google will delete inactive accounts

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/19/20230
Episode Artwork

Srsly Risky Biz: Crimephones are a cop's best friend

In this edition of the Seriously Risky Biz podcast Patrick Gray and Tom Uren talk about the trajectory of crimephones from criminals’ best friend to greatest liability. These devices were bad for police at the beginning, but they’ve become a net positive for law enforcement efforts, leading to hundreds of arrests, tonnes of seized drugs and deeper insight into criminal operations.
5/18/20230
Episode Artwork

Risky Biz News: US charges, sanctions WazaWaka

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/17/20230
Episode Artwork

Between Two Nerds: The Culture of the Snake

In this edition of Between Two Nerds Tom Uren and The Grugq look at last week’s Snake malware joint cybersecurity advisory and dive into what it tells us about the FSB.
5/16/20230
Episode Artwork

Between Two Nerds: The Culture of the Snake

In this edition of Between Two Nerds Tom Uren and The Grugq look at last week’s Snake malware joint cybersecurity advisory and dive into what it tells us about the FSB.
5/16/20230
Episode Artwork

Risky Biz News: The VMProtect source code leaks. Again.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.
5/15/20230
Episode Artwork

Selena Larson on how cybercriminals use threat intelligence

In this Risky Business News sponsor interview Tom Uren asks Proofpoint’s Selena Larson about how threat actors reacted en masse after Microsoft blocked various types of macros. Cyber criminals used a variety of different techniques to evade these blocks. In part this happened quickly because of knowledge sharing by the cyber threat intelligence community.
5/15/20230
Episode Artwork

Risky Biz News: Gmail to warn users on dark web password exposures

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/12/20230
Episode Artwork

Risky Biz News: FBI takes down Turla's Snake malware

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/10/20230
Episode Artwork

Between Two Nerds: Why cyber insurance is great in theory but not in practice

In this edition of Between Two Nerds Tom Uren and The Grugq look at how cyber insurance should theoretically improve security and examine what actually happens in practice.
5/9/20230
Episode Artwork

Risky Biz News: DEFCON attendees will target AI models

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/8/20230
Episode Artwork

Sponsor Interview with Material Security's Chris Long

In this Risky Business News sponsor interview Tom Uren asks Material Security’s Director of Security Chris Long about what ittakes to run a “modern” phishing workflow. Chris thinks there are opportunities to take identify and take advantage of “phishing superusers”, employees who are a cut above when it comes to uncovering phishing and other malicious activities. Phishing is also the “point of the spear” for defenders — it provides an entry point into attacker activities that enable all sorts of potential detection opportunities.
5/7/20230
Episode Artwork

Risky Biz News: No jail time for Uber's Joe Sullivan

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/5/20230
Episode Artwork

Srsly Risky Biz: Iran Fake’s It Till It Makes It

In this podcast Patrick Gray and Tom Uren take a whirlwind tour examining the different ways countries conduct cyber-enabled influence operations. Iran, China and the UK all have different approaches and we have our favourite. China has a new counter-epsionage law and even though it hasn’t been formerly passed yet already foreign companies are getting in trouble for doing due diligence or corporate intelligence type work. The real point here is to tighten information control, and the wording is so broad that it leaves tremendous scope for the PRC to use the law whenever it wants to send a message. Finally, the two discuss concrete examples of intelligence derived from Section 702 of the US FISA Act. 702 allows US intelligence agencies to compel service providers to help conduct targeted surveillance of foreigners outside the US and will expire at the end of the year unless Congress renews it.
5/4/20230
Episode Artwork

Risky Biz News: Apple and Google partner to kill AirTag stalking

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/3/20230
Episode Artwork

Between Two Nerds: Cyber Deterrence part II

In this edition of Between Two Nerds Tom Uren and The Grugq dive further into deterrence based on both reader feedback and recent news about Iranian destructive operations. One of the requirements for effective deterrence is transparency and people sometimes assume that states have good information about what their cyber operators are doing. But we discuss the universal incentives that encourage state actors to exaggerate their current operations. If this is happening deterrence won’t work because leaders will think they are already getting away with murder.
5/2/20230
Episode Artwork

Risky Biz News: Hacker exposes Bitcoin addresses operated by Russian intelligence

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
5/1/20230
Episode Artwork

Risky Biz News: Cl0p goes all-in on Papercut bug

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/28/20230
Episode Artwork

Srsly Risky Biz: North Korea's "Vibes-based" targeting

In this podcast Patrick Gray talks to Tom Uren about North Korea’s “double” or “threaded” supply chain attack via Trading Technologies and 3CX. This type of “access begets access” approach makes total sense and Tom thinks it will likely be a standard approach for North Korea. Microsoft has released a couple of reports over the month that indicate Iran is increasingly willing to launch destructive cyber attacks. One Iranian group, Mango Sandstorm, has been destroying on-prem and cloud environments. Another, Mint Sandstorm, has been targeting a wide swathe of US critical infrastructure. It’s a worry. Finally, Tom and Pat discuss cyber security company Team Cyrmu’s sale of netflow to US government agencies, which has been controversial in the press because of potential privacy violations. Tom spoke to the company and based on what we learnt there isn’t a privacy concern here. But the broader principle that data purchases be examined for privacy risks still stands.
4/27/20230
Episode Artwork

Risky Biz News: Google Authenticator can now sync data to Google accounts

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/26/20230
Episode Artwork

Risky Biz News: CISA will rescue abandoned open source security tool

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/24/20230
Episode Artwork

Between Two Nerds: Cyber Deterrence

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether cyber operations are any good at deterrence. Tom thinks that attributes of the domain mean that it is just no good for deterrence. The Grugq, however, thinks that it can be, although perhaps not in a state vs state context.
4/24/20230
Episode Artwork

Risky Biz News: 3CX was a supply chain attack in a supply chain attack

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/21/20230
Episode Artwork

Srsly Risky Biz: After Viasat, Space Systems Get Scrutiny

In this podcast Patrick Gray talks to Tom Uren about a report by CSC 2.0 that recommends the US government designate space systems as critical infrastructure. Lots of satellites systems are already covered under other critical infrastructure sectors such as communication or defence, but Tom agrees that there are some good reasons to carve out a space-specific critical infrastructure sector. They also talk about the US State Department working on developing a portfolio of cyber diplomacy “offerings”, ranging from disaster relief funding, to technical capacity building, through to policy-level cyber education. This seems like a great idea.
4/20/20230
Episode Artwork

Risky Biz News: Apple's Lockdown Mode wins against iOS zero-day

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/19/20230
Episode Artwork

Between Two Nerds: The NCF's Practical Guide to Offensive Cyber Operations

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the UK’s National Cyber Force’s recently published “Responsible Cyber Power in Practice” document. The Grugq thinks he’s been plagiarised, while Tom wonders whether the NCF’s “doctrine of cognitive effects” highlights the limits of cyber operations. It’s a good document and will be influential in shaping how people discuss offensive operations (those that disrupt, degrade, destroy etc).
4/18/20230
Episode Artwork

Risky Biz News: Israeli spyware vendor QuaDream has allegedly shut down

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/17/20230
Episode Artwork

Risky Biz News: Microsoft and Fortra declare war on cracked Cobalt Strike

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/7/20230
Episode Artwork

Risky Biz News: Genesis Market goes boom

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/5/20230
Episode Artwork

Between Two Nerds: Why Glowing Symphony Feels So Small

In this edition of Between Two Nerds Tom Uren and The Grugq contrast between different cyber operations that occurred in 2016. In one, US Cyber Command used cyber operations to attack ISIS’ propaganda operations. In the other, Russian cyber operators interfered with US Presidential elections. US action was tightly scoped, measurable and an underwhelming success, whereas Russian activity was nebulous and hard to measure but could have changed the course of the election.
4/3/20230
Episode Artwork

Risky Biz News: Microsoft to fix OneNote's malspam problem

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
4/2/20230
Episode Artwork

Risky Biz News: North Korean hackers behind supply chain attack on 3CX

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/31/20230
Episode Artwork

Srsly Risky Biz: Army. Navy. Air Force. Cyber Force?

In this podcast Patrick Gray talks to Tom Uren about the a thought bubble floated by military cyber professionals that the US armed forces needs a US Cyber Force. The justification is a bit light on and Tom doesn’t really think the proposal makes sense. They also discuss US Cyber Command’s “Hunt Forward” operations. In these operations partner countries invite CYBERCOM in to hunt for adversary activity. Access to networks is touchy stuff, though, so CYBERCOM spends a lot of time and effort in diplomatic efforts convincing potential partner agencies. We think these types of activities are great but in some parts of the world — think Asia — a warmer and fuzzier branding might be the go.
3/30/20230
Episode Artwork

Risky Biz News: White House bars federal agencies from using rogue commercial spyware

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/29/20230
Episode Artwork

Between Two Nerds: The Real Problem with TikTok

In this edition of Between Two Nerds Tom Uren and The Grugq look at what the real problems with TikTok are. Many people are focussing on risks we think are irrelevant or overblown, but it is a massively influential app under Chinese Communist Party control.
3/27/20230
Episode Artwork

Risky Biz News: CISA rolls out pre-ransomware notification system

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/26/20230
Episode Artwork

Risky Biz News: FTC to scrutinize cloud providers' business practices

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/24/20230
Episode Artwork

Risky Biz News: BreachForums shuts down for good

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/22/20230
Episode Artwork

Between Two Nerds: The Balance between Offence and Defence

In this edition of Between Two Nerds Tom Uren and The Grugq look at the natural advantages that network defenders have. Despite this “home ground advantage” hackers still have a great deal of success and Tom and The Grugq look at what does work in favour of attackers.
3/21/20230
Episode Artwork

Risky Biz News: Horror show 0days hit Samsung smartphones

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/20/20230
Episode Artwork

Risky Biz News: Google wants to reduce lifespan of TLS certificates to 90 days

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/17/20230
Episode Artwork

Srsly Risky Biz: The RESTRICT Act Is Not About TikTok

In this podcast Patrick Gray talks to Tom Uren about the RESTRICT Act, proposed US legislation that tries to deal with the problems posed by technologies from foreign adversaries. RESTRICT gives the US government powers to deal with companies like Kaspersky, Huawei and now TikTok on an ongoing basis, rather than muddling through in an ad hoc way each time a problem company pops up. It also requires that the Secretary of Commerce come up with processes and procedures to deal with and mitigate these types of threats, rather than the current whack-a-mole approach. They also discuss a draft Cambodian cyber security law and experts’ concerns that it could be abused by the Cambodian government to maintain its grip on power. This law has many similarities to Australian critical infrastructure law and Tom and Pat discuss the reasons behind the law in Australia. There’s a straight line between a serious ransomware incident in Australia and the resulting law, but still, Cambodia’s government remains authoritarian. Finally, they look at a Carnegie report on Chinese manipulation of international standards setting organisations. It’s a good report and explains what is going on — Chinese manipulation does happen occasionally, but it is “largely unsuccessful”.
3/16/20230
Episode Artwork

Risky Biz News: CISA establishes ransomware warning pilot program

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/15/20230
Episode Artwork

Between Two Nerds: Cyber Powers and Talent Pipelines

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different countries take different approaches to talent identification and recruitment. How much of a difference does it make? And why do countries have these different approaches?
3/14/20230
Episode Artwork

Risky Biz News: The US Government wants to regulate cloud security

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/13/20230
Episode Artwork

Risky Biz News: Hackers steal data on US House members

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
3/10/20230