A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: New DNS attack impacts a quarter of all open DNS resolvers

In this podcast Tom Uren and Patrick Gray discuss the wild story of a Chinese illegal gambling operation that involves human trafficking, shell companies, money laundering, hundreds of thousands of websites and sponsorship of European football teams. They also talk about why a potential CSRB review of CrowdStrike’s disaster should focus… not on CrowdStrike, but instead on the legacy practice of security vendors having kernel-level access to Windows. Finally, Tom is happy that the FTC is going to investigate ‘surveillance pricing’.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: New Russian ICS malware cuts heat to 600 Ukrainian apartment buildings

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether the rise of cloud computing has been a boon or a curse for cyber espionage agencies.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems

In this Risky Business News sponsored interview, Tom Uren talks to Feross Aboukhadijeh, CEO and Founder of Socket about how open source repositories are riddled with horrible software. Feross explains why it makes a difference if a package is vulnerable, malicious or just unwanted and how current transparency mechanisms such as CVEs and the NVD just aren’t suitable for the challenge of open source repositories.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Trickbot dev arrested in Moscow

In this podcast Tom Uren and Adam Boileau talk about how countries are using cyber security reports and advisories to win friends and influence people; why having gaping holes in US federal government security is situation normal; and efforts to make up for the disappearance of Twitter’s trust and safety team.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Konfety gang creates an alternate reality for its mobile ad fraud

In this edition of Between Two Nerds Tom Uren and The Grugq discuss Shashank Joshi’s notes from a recent Oxford Cyber forum. Topics include the role of 0days and who is ahead when it comes to offensive cyber operations. The pair refer to observations made in this thread.

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, Director of Security Research at runZero, about keeping up with the stream of vulnerabilities in the KEV list and OT devices and runZero’s research into the SSH protocol.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Squarespace DNS hijack spree hits crypto sites, everyone else watch out!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Apple warns iPhone users of new spyware attacks

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: US takes down RT's Twitter bot farm

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how bureaucracies should deal with outstandingly talented individuals.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Devicie Technical Product Manager Tom Plant on the upcoming Windows 10 end-of-support and the looming Great Windows 11 Migration.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: A ransomware attack is putting lives at risk across South Africa

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Ransomware attacks increase hospital mortality rates

In this podcast Tom Uren and Patrick Gray talk about how South Korean internet regulations inadvertently encouraged a large ISP to hack their own customers to cut down on torrent traffic. They also look at state-backed hackers behaving very badly.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Unauth RCE in OpenSSH—a scary combination of words

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why governments have failed to protect the private sector from state-backed cyber espionage.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News returns! The catch-up edition :(

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jimmy Mesta, CTO and Co-Founder of Rad Security (formerly KSOC). Jimmy explains how Rad Security has replaced signature-based detections with a new concept the company calls “behavioral fingerprints” or “verified runtime fingerprints,” which can detect malicious activity in cloud environments using a wider set of indicators. Show notes Cloud native workload fingerprinting

In this podcast Tom Uren and Patrick Gray talk about how Optus’s 2022 data breach went down and how the company had been vulnerable for years. They also look at the US government’s ban on Kaspersky products, why it makes sense and why the ban took a long time to arrive.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Russia wants its own CISA

In this podcast Tom Uren and Patrick Gray talk about a new report that explores how China’s vulnerability discovery and research ecosystem is linked to state sponsored espionage. This research finds that a relatively small number of people are responsible for an outsize contribution to vulnerability discovery. They also talk about difficulties at CISA’s Joint Cyber Defence Collaborative initiative and why it should be retired. Show notes From Vegas to Chengdu: Hacking Contests, Bug Bounties, and China’s Offensive Cyber Ecosystem

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Apple's WWDC 2024 security lineup

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the use of cyber operations in Ukraine is informative but information is incomplete. Rather than clarifying the role of cyber operations in conventional warfare there is still a lot of room for confirmation bias.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Microsoft relents on Windows 11 Recall

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Panther Senior Engineering Manager Nicholas Hakmiller on how the IT market is adapting to the cybersecurity skill shortage by training regular software talent in detection engineering, how AI is not there yet, and how Panther excels at spotting initial account compromise. Show notes Panther

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Tom Uren and Patrick Gray talk about Russia’s escalating actions in Europe in the lead up to elections and the Paris Olympics. They combine disruptive cyber elements, disinformation and real-world covert action.

A short podcast updating listeners on the security news of the last few days, prepared by Catalin Cimpanu and read by Claire Aird.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about law enforcement agencies trolling cyber criminals when they carry out disruption operations, and why it might be counterproductive.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Nucleus Security co-founder and COO Scott Kuffer about recent trends the company has observed among customers when it came to patch management and how service level agreements (SLAs) became a sign of an organization’s security health. Show notes Vulnerability Management Benchmarking: Metrics and Practices of Highly Effective Organizations - Recording

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Law enforcement disrupts six malware botnets

In this podcast Tom Uren and Patrick Gray talk about continued discussion about the creation of a Cyber Force. It’s a discussion that won’t go away and shows there is an underlying feeling that Cyber Command could do better. They also discuss how Scattered Spider is like Hollywood and how TikTok’s report on influence campaigns will do nothing to convince people it is not a national security risk.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: IR reports are not protected documents, multiple judges rule

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the role of the state in tackling ransomware. They discuss why action has been slow and ineffective, and what it will take to truly change the situation.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to Justin Kohler, VP of the Bloodhound team at SpecterOps about ‘attack paths’, the ways that malicious actors maneuver through Active Directory to elevate their privileges. They discuss how and why they arise and what you can do about them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Backdoor found in court AV recording software

In this podcast Tom Uren and Patrick Gray talk about a UK government proposal that would see ransomware victims seek government approval before making ransom payments. They also talk about why governments need to be more proactive about defending democracy and why that is difficult.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: DNSBomb attack is here! Pew pew pew!!!

In this edition of Between Three Nerds Tom Uren and The Grugq talk to Elena Grossfeld about the strategic culture of Russian intelligence organisations. In the discussion we refer to Elena’s paper on Russia’s declining satellite reconnaissance capability and she talks about ‘lustration’, the removal of public officials who are associated with a tainted political regime. Elena is researching Russian and Soviet intelligence culture at Kings College London and is on X @kloosha. Show notes Russia’s Declining Satellite Reconnaissance Capabilities and Its Implications for Security and International Stability

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Germany sues Microsoft for details on past hack

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Proofpoint senior threat intelligence analyst Selena Larson about the latest changes in the threat actor landscape in the aftermath of several law enforcement takedowns and Microsoft tech stack changes. Show notes DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Tom Uren and Patrick Gray talk about Amnesty International’s research into Indonesia’s use of spyware implicated in human rights abuses. They also talk about proposed regulation that would dock payments to US hospitals that don’t meet minimum cyber security standards and why the idea needs some tweaking.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Ebury botnet compromises entire ISPs and hosting providers

The regular two nerds have the week off, but the former Director of the CIA’s Center for Cyber Intelligence Andy Boyd joins Patrick Gray for a rollicking conversation in front of a live audience in San Francisco. Grugq and Tom return next week!

In this Risky Business News sponsored interview, Adam Boileau talks to Okta’s Cassio Sampaio about how cloud-native applications can move authorisation into a centralised model. This brings real benefits for consistency, control and auditing in distributed applications, beyond just the authentication part Okta is normally known for.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Black Basta group spam-bombs victims and then calls to help

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: 68 tech companies pledge to CISA's Secure by Design project

In this podcast Tom Uren and Adam Boileau talk about how Microsoft’s reprioritisation of security after recent breaches and a scathing CSRB report seem to be influencing other companies. They are now touting their security chops, so could it be that security is actually becoming a competitive advantage? They also talk about law enforcement trying to make life difficult for the LockBit ringleader and how the Change Healthcare disaster had deeper underlying causes beyond “no MFA on Citrix”.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different types of secrecy obsessed organisations learn. The Grugq mentions the book Mafia Organisations: The Visible Hand of Criminal Enterprise by Maurizio Catino.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Microsoft ties security goals to executive compensation

In this Risky Business News sponsored interview, Tom Uren talks to Marco Slaveiro, Thinkst’s CTO about staying current with modern attack trends and not falling for the trap of optimising to catch red teams.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Tom Uren and Adam Boileau talk about how there is a growing consensus between regulators and lawmakers on the key problems of modern tech companies. They also dive into how to deal with malicious foreign actors buying their way onto domestic cloud infrastructure and how drones are actually just like modern cars.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the life cycle of 0days, dissect the conventional wisdom and talk about how 0days are never truly ‘burnt’.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to CEO and founder of Socket, Feross Aboukhadijeh about the open source software and supply chain security. Feross says the software ecosystem has evolved in ways that make it more vulnerable to trust-based attacks (such as seen in XZ Utils) and discusses what can be done to defend against this type of supply chain subversion.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Patrick Gray. You can find the newsletter version of this podcast here.

In this podcast Adam Boileau and Tom Uren talk about what there is to learn from Mandiant’s report into the GRU Sandworm crew. Are the Russians a model for other actors, or just a get-‘er-done bunch of pragmatists? They also talk about an attempt to build a World Cybercrime Index, assessing different national cybercrime specialisations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to Dan Guido, the CEO of security research company Trail of Bits. Dan and Tom discuss DARPA’s upcoming AI cyber challenge, in which Trail of Bits will compete to solve very difficult bug discovery challenges. They also talk about Trail of Bits’ approach to making some of its own tools available to the community.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read today by Patrick Gray, as Claire Aird is unwell. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how open source software is inherently vulnerable to malicious ‘good samaritan’ attacks and what to do about it. They also talk about a recent breach at data analytics company Sisense, how dependency on Microsoft is a strategic risk, and US Cyber Command’s view of the world.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at Google’s review of 0days in 2023. They discuss what this kind of information tells us and how Google’s perspective influences the report.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to Daniel Schell and David Cottingham, the CTO and CEO of Airlock Digital. They discuss the security standard that drove innovation and the genesis of Airlock Digital and also how to make sure that standards don’t become box-checking exercises.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here

In this podcast Patrick Gray and Tom Uren talk about how different states are transgressing what we want to be norms of online behaviour. They also look at the framing around new bipartisan privacy legislation and why vendors should have positive security obligations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the tradecraft used in the compromise of the XZ open source data compression project.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the tradecraft used in the compromise of the XZ open source data compression project.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder Andrew Morris about last year’s vulnerability exploitation trends, how the company’s AI system works, and Catalin makes a fool of himself because he can’t pronounce ‘abnormalities.’ Show notes GreyNoise 2023 Internet Exploitation Retrospective Report

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder Andrew Morris about last year’s vulnerability exploitation trends, how the company’s AI system works, and Catalin makes a fool of himself because he can’t pronounce ‘abnormalities.’ Show notes GreyNoise 2023 Internet Exploitation Retrospective Report

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the weighty tome of CISA’s critical infrastructure reporting legislation, CIRCIA, and compare different approaches to defining regulation. They also look at moves to better protect customers from being tracked by the telco protocol Signalling System 7.

In this podcast Patrick Gray and Tom Uren talk about the weighty tome of CISA’s critical infrastructure reporting legislation, CIRCIA, and compare different approaches to defining regulation. They also look at moves to better protect customers from being tracked by the telco protocol Signalling System 7.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how states have very different views about manipulating the information environment aka ‘information warfare’.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how states have very different views about manipulating the information environment aka ‘information warfare’.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely co-founder and CEO Travis McPeak about how the DevOps ecosystem has evolved and ushered the need for DevSecOps, and how the company provides and manages its secure-by-default templates.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely co-founder and CEO Travis McPeak about how the DevOps ecosystem has evolved and ushered the need for DevSecOps, and how the company provides and manages its secure-by-default templates.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about recent US and UK action including indictments and sanctions levied on PRC Ministry of State Security related hackers. In contrast to previous indictments, this one focuses a lot on the hacking of government officials and parliamentarians. That’s new. They also look at a new report that lays out the case for a US Cyber Force.

In this podcast Patrick Gray and Tom Uren talk about recent US and UK action including indictments and sanctions levied on PRC Ministry of State Security related hackers. In contrast to previous indictments, this one focuses a lot on the hacking of government officials and parliamentarians. That’s new. They also look at a new report that lays out the case for a US Cyber Force.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh describes how Sublime implemented the concept of attack surface reduction to email security last year, how it works, and what customers are saying about it. Show notes ASR rules for Sublime We're excited to launch Attack Surface Reduction for email.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Josh Kamdjou, co-founder and CEO of Sublime Security. Josh describes how Sublime implemented the concept of attack surface reduction to email security last year, how it works, and what customers are saying about it. Show notes ASR rules for Sublime We're excited to launch Attack Surface Reduction for email.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick. They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick. They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about ‘Document 79’, a PRC government document that calls for the Chinese companies in finance, energy and other sectors, to remove foreign software from their IT systems by 2027. They also talk about the difficulties that Microsoft is facing in permanently removing SVR hackers from its systems.

In this podcast Patrick Gray and Tom Uren talk about ‘Document 79’, a PRC government document that calls for the Chinese companies in finance, energy and other sectors, to remove foreign software from their IT systems by 2027. They also talk about the difficulties that Microsoft is facing in permanently removing SVR hackers from its systems.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at recent efforts to disrupt ransomware gangs and discuss what could make these efforts more effective.

In this edition of Between Two Nerds Tom Uren and The Grugq look at recent efforts to disrupt ransomware gangs and discuss what could make these efforts more effective.

In this Risky Business News sponsored interview, Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances. Derek covers the different reasons organisations are investing in Passkeys, what organisations need to know to deploy them successfully, and warns that too often current deployments are too focused on authorisation rather than looking at the end user holistically.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances. Derek covers the different reasons organisations are investing in Passkeys, what organisations need to know to deploy them successfully, and warns that too often current deployments are too focused on authorisation rather than looking at the end user holistically.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the recent kerfuffle in Germany after a WebEx discussion between senior air force officials was leaked by Russian propagandists. Its interesting to see Russia using raw intelligence to try and shape German actions and they conclude that WebEx would have been fine if it had been used properly. They also talk about a new executive order aimed at preventing bulk sale of Americans’ sensitive personal data to countries of concern. This is the best short term option, but they contrast this with the ad tech ecosystem to explore what controls on the collection of data might look like.

In this podcast Patrick Gray and Tom Uren talk about the recent kerfuffle in Germany after a WebEx discussion between senior air force officials was leaked by Russian propagandists. Its interesting to see Russia using raw intelligence to try and shape German actions and they conclude that WebEx would have been fine if it had been used properly. They also talk about a new executive order aimed at preventing bulk sale of Americans’ sensitive personal data to countries of concern. This is the best short term option, but they contrast this with the ad tech ecosystem to explore what controls on the collection of data might look like.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the shift that has taken place in Ukraine’s cyber strategy as it has gone on the front foot and its cyber forces have launched multiple cyber strikes in the last few months. They discuss reasons why Ukraine might want to make this change and ask whether it makes sense.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the shift that has taken place in Ukraine’s cyber strategy as it has gone on the front foot and its cyber forces have launched multiple cyber strikes in the last few months. They discuss reasons why Ukraine might want to make this change and ask whether it makes sense.

In this Risky Business News sponsored interview, Tom Uren talks to Vijit Nair, Corelight’s VP of Product, about how cloud security was once an afterthought but is now on the improve.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsored interview, Tom Uren talks to Vijit Nair, Corelight’s VP of Product, about how cloud security was once an afterthought but is now on the improve.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the White House’s push for memory safe programming languages and software measurability. They also discuss Nevada’s moves against end to end encryption for children and the national security concerns with commercial data sales to geopolitical rivals. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the White House’s push for memory safe programming languages and software measurability. They also discuss Nevada’s moves against end to end encryption for children and the national security concerns with commercial data sales to geopolitical rivals. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq apologise for repeating a quote that is purported to be Russian cyber doctrine, but is not. They also wonder why this phenomena has happened before with the so-called Gerasimov doctrine. Show notes UN Document A/56/164 Add. 1 p2 UN Document A/55/140, p5 UN Document A/54/213 Searching for Russian Cyber Doctrine by Oleg Shakirov Gerasimov Doctrine

In this edition of Between Two Nerds Tom Uren and The Grugq apologise for repeating a quote that is purported to be Russian cyber doctrine, but is not. They also wonder why this phenomena has happened before with the so-called Gerasimov doctrine. Show notes UN Document A/56/164 Add. 1 p2 UN Document A/55/140, p5 UN Document A/54/213 Searching for Russian Cyber Doctrine by Oleg Shakirov Gerasimov Doctrine

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how the unique features of AI and ML algorithms are more suited to blue teamers and defending networks rather than attackers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how the unique features of AI and ML algorithms are more suited to blue teamers and defending networks rather than attackers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about a recent leak from a PRC cyber espionage contractor i-SOON. The leak sheds light on China’s cyber salt mines and the system’s hyper-capitalist, pay-for-results, approach to stealing secrets.

In this podcast Patrick Gray and Tom Uren talk about a recent leak from a PRC cyber espionage contractor i-SOON. The leak sheds light on China’s cyber salt mines and the system’s hyper-capitalist, pay-for-results, approach to stealing secrets.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine Russian cyber doctrine and how it was applied in the early days of its invasion of Ukraine. They mention this Human Rights Watch report which examined how international humanitarian law was applied in the 2003 invasion of Iraq.

In this edition of Between Two Nerds Tom Uren and The Grugq examine Russian cyber doctrine and how it was applied in the early days of its invasion of Ukraine. They mention this Human Rights Watch report which examined how international humanitarian law was applied in the 2003 invasion of Iraq.

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero’s Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsored interview, Tom Uren talks to Rob King, runZero’s Director of security research. The pair talk about the world of Operational Technology protocols and how Rob dissects these protocols to be sure that active discovery of OT devices is safe.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about what to do about commercial spyware. A new Google TAG report is a great primer on the ecosystem. They also talk about Ukraine’s shift in cyber strategy. It is now carrying out and publicising that it is launching destructive cyber operations. Finally, they look at all the reasons why banning ransomware payments is a bad idea.

In this podcast Patrick Gray and Tom Uren talk about what to do about commercial spyware. A new Google TAG report is a great primer on the ecosystem. They also talk about Ukraine’s shift in cyber strategy. It is now carrying out and publicising that it is launching destructive cyber operations. Finally, they look at all the reasons why banning ransomware payments is a bad idea.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict. They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict. They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what up and coming countries should expect from a cyber command and whether they should invest in them.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what up and coming countries should expect from a cyber command and whether they should invest in them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Haroon Meer of Thinkst Canary. They discuss how network attackers win, how their tactics have changed over time and what this means for network defenders.

In this Risky Business News sponsor interview Tom Uren talks to Haroon Meer of Thinkst Canary. They discuss how network attackers win, how their tactics have changed over time and what this means for network defenders.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about how the NSA suffered collateral damage from the US’s lax data privacy environment. They also discuss how to respond to aggressive adversaries, how the current SEC cyber security disclosure regime is pointless and finally admit they occasionally get things wrong.

In this podcast Patrick Gray and Tom Uren talk about how the NSA suffered collateral damage from the US’s lax data privacy environment. They also discuss how to respond to aggressive adversaries, how the current SEC cyber security disclosure regime is pointless and finally admit they occasionally get things wrong.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the war in Ukraine is showing how useful mobile devices are in war. Using them is risky, but those risks need to be managed. They refer to this report which examines location tracking in the battlefield.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the war in Ukraine is showing how useful mobile devices are in war. Using them is risky, but those risks need to be managed. They refer to this report which examines location tracking in the battlefield.

NOTE: We initially published the wrong mp3 for this episode. It has been corrected! In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

NOTE: We initially published the wrong mp3 for this episode. It has been corrected! In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about how the SEC’s new disclosure rules that mean companies have four days to report cyber security incidents once they’ve formally decided that they are material. So far, companies are very much erring on the side of caution. They also look at the criticism of the CSRB’s board composition. Tom thinks these critiques are misguided. The cyber security landscape is so fractured that if the board were made up of faceless bureaucrats it would get very limited traction.

In this podcast Patrick Gray and Tom Uren talk about how the SEC’s new disclosure rules that mean companies have four days to report cyber security incidents once they’ve formally decided that they are material. So far, companies are very much erring on the side of caution. They also look at the criticism of the CSRB’s board composition. Tom thinks these critiques are misguided. The cyber security landscape is so fractured that if the board were made up of faceless bureaucrats it would get very limited traction.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how having so much data available about Americans feels creepy, yet there is little visible harm to individuals. But there are still reasons to be worried.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how having so much data available about Americans feels creepy, yet there is little visible harm to individuals. But there are still reasons to be worried.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation’s critical infrastructure.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation’s critical infrastructure.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how although the PRC has pivoted to quieter living-off-the-land approaches, they don’t really care about stealth. They just want long-term access. So this means noisily digging in to networks and targeting end-of-life devices. They also look at the FTC’s settlement against geolocation data broker Outlogic. It’s a win, but it’s built on shaky foundations.

In this podcast Adam Boileau and Tom Uren talk about how although the PRC has pivoted to quieter living-off-the-land approaches, they don’t really care about stealth. They just want long-term access. So this means noisily digging in to networks and targeting end-of-life devices. They also look at the FTC’s settlement against geolocation data broker Outlogic. It’s a win, but it’s built on shaky foundations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Stuxnet was an ‘inevitability gamechanger’, how much we now know about the operation and how much the Dutch government should have known at the time.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Stuxnet was an ‘inevitability gamechanger’, how much we now know about the operation and how much the Dutch government should have known at the time.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Ken Westin, Field CISO at Panther about how the rise of cloud and hybrid IT architectures requires a new type of SIEM.

In this Risky Business News sponsor interview Tom Uren talks to Ken Westin, Field CISO at Panther about how the rise of cloud and hybrid IT architectures requires a new type of SIEM.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how cyber operations are being used in conflicts in both Ukraine and the Middle East. Some of these operations make sense but others seem pointless or even counterproductive.

In this podcast Adam Boileau and Tom Uren talk about how cyber operations are being used in conflicts in both Ukraine and the Middle East. Some of these operations make sense but others seem pointless or even counterproductive.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk with infosec and anti-virus veteran Martijn Grooten about how the infosec industry has changed over the years.

In this edition of Between Two Nerds Tom Uren and The Grugq talk with infosec and anti-virus veteran Martijn Grooten about how the infosec industry has changed over the years.

In this Risky Business News sponsor interview Tom Uren talks to Chris St Myers, Stairwell’s head of threat research, about managing the risk from software you absolutely must use. Show notes Stairwell's Inception Platform

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Chris St Myers, Stairwell’s head of threat research, about managing the risk from software you absolutely must use. Show notes Stairwell's Inception Platform

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Patrick Grey and Tom Uren talk about whether election interference will take place in the Taiwanese, US and Russian elections that are all taking place in 2024. They also look at a ChatGPT-powered online harassment campaign.

In this podcast Patrick Grey and Tom Uren talk about whether election interference will take place in the Taiwanese, US and Russian elections that are all taking place in 2024. They also look at a ChatGPT-powered online harassment campaign.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about recent hints that the Ukrainian government has figured out how to make use of the IT Army

In this edition of Between Two Nerds Tom Uren and The Grugq talk about recent hints that the Ukrainian government has figured out how to make use of the IT Army

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Patrick Grey and Tom Uren talk about how threat actors abusing legitimate tools (aka living off the land) is the new normal. Everyone is doing it, from activists to cybercriminals to nation states. It’s a worry because defender’s standard practices really aren’t set up to detect and deal with that kind of behaviour. They also discuss how cyber incidents in the US and UK amongst providers of key real estate services are disrupting house sales.

In this podcast Patrick Grey and Tom Uren talk about how threat actors abusing legitimate tools (aka living off the land) is the new normal. Everyone is doing it, from activists to cybercriminals to nation states. It’s a worry because defender’s standard practices really aren’t set up to detect and deal with that kind of behaviour. They also discuss how cyber incidents in the US and UK amongst providers of key real estate services are disrupting house sales.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the latest Russian cyber attacks on the Ukrainian energy grid.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the latest Russian cyber attacks on the Ukrainian energy grid.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Brian Dye, CEO of Corelight about the value of data from NDR tools when it comes to longer term incident response.

In this Risky Business News sponsor interview Tom Uren talks to Brian Dye, CEO of Corelight about the value of data from NDR tools when it comes to longer term incident response.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

NOTE: We have removed this podcast audio from our feed due to a legal action against the Reuters article on which this discussion is based. In this podcast Adam Boileau and Tom Uren talk the rise of the Indian hack-for-hire industry. It doesn’t get the same attention that high-profile iPhone ‘zero-click’ hacking does, but its a global scourge that undermines legal processes. They also discuss the AlphV ransomware group reporting a company to the SEC for not disclosing a breach that it caused.

In this podcast Adam Boileau and Tom Uren talk the rise of the Indian hack-for-hire industry. It doesn’t get the same attention that high-profile iPhone ‘zero-click’ hacking does, but its a global scourge that undermines legal processes. They also discuss the AlphV ransomware group reporting a company to the SEC for not disclosing a breach that it caused.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how being more open about cyber security threats is great for marketing and has also forced cyber security companies to pick sides and make value judgements.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how being more open about cyber security threats is great for marketing and has also forced cyber security companies to pick sides and make value judgements.

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances about the state of authentication and what Passkeys are all about.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances about the state of authentication and what Passkeys are all about.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Adam Boileau and Tom Uren talk about two very significant cyber incidents. In the first, LockBit attacked the US arm of China’s biggest bank and the disruption left the bank owing USD$9bn at the end of the day. The other disrupted 40% of Australia’s port traffic. They also examine the reasons why it makes sense for banks to do more regarding fraud.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about International Humanitarian Law aka the Rules of War in cyberspace. These rules don’t really make sense in cyberspace, but despite that we think talking about them (and other norms of behaviour) is still worthwhile

In this Risky Business News sponsor interview Tom Uren talks to Ryan Mahoney, Product Director at Gigamon. The TLS 1.3 encryption standard makes passive network monitoring inside your network difficult without break and inspect contortions. But Gigamon has what they call a “precryption” solution!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Adam Boileau and Tom Uren talk about Microsoft’s Secure Future Initiative. It’s been likened to the company’s 2002 Trustworthy Computing initiative, but compared to that it is a massive disappointment. They also discuss how the European-wide police operation against EncroChat unravelled when a UK intelligence analyst warned her friends with criminal links that the service had been compromised.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the internet-melting 1988 Morris Worm and how cyber security has changed since then.

In this Risky Business News sponsor interview Tom Uren talks to Huxley Barbee, Security Evangelist at runZero finding the unknown unknowns and what even is a security evangelist anyway.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast host Adam Boileau and Tom Uren talk about the confluence of hacking and real-world violence. They also discuss the SEC’s decision to charge SolarWinds and its CISO for not being transparent enough about SolarWinds’ real cybersecurity risks. Unfortunately, almost all companies have cyber security problems but disclose them only in very generic ways.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what is really at stake when it comes to cyber security.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on the rise and evolution of vulnerability threat intel and how CISA KEV’s new ransomware section will be a game changer. Show notes Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast guest host Adam Boileau and Tom Uren talk about the recent Ukrainian hacktivist group’s hack and burn attack on a ransomware gang. This makes us think there are definitely opportunities for Western cyber outfits. They also discuss why companies should think about human rights when they make contingency plans for crises like war.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss “spooky effects” aka when agencies play silly buggers with target computers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely CEO Travis McPeak about the modern DevOps ecosystem and how just giving developers tools with security baked in keeps everyone safe and happy, and how that’s easier than expecting your software engineers to become cybersecurity experts overnight.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast guest host Patrick Gray and Tom Uren talk about a CISA and NSA advisory that lists the 10 most common network misconfigurations they. It’s 101-level stuff and is particularly sobering because CISA and NSA don’t look at run of the mill networks, they look at important ones. CISA thinks part of the problem is vendors that make insecure-by-default products. They also talk about a new Five Eyes security intelligence leader summit that warns of PRC intellectual property theft.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how changing circumstances change the risk/reward balance and change whether effects operations are worthwhile.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about the recent Microsoft Digital Defense Report and the problems that come with trying to properly secure PowerShell. Show notes Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider Resources for deprecated features in the Windows client - What's new in Windows | Microsoft Learn The evolution of Windows authentication | Windows IT Pro Blog Is Securing PowerShell a Lost Cause? - by Allan Liska

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast guest host Patrick Gray and Tom Uren talk about research that discovered that EU-based spyware was being used to target EU and US officials. Will that encourage EU governments to take action against spyware? They also discuss Belgian concerns that the PRC will take advantage of a Chinese logistics firm with a hub in Liège for espionage. Finally, they discuss whether hacktivists will follow International Humanitarian Law (IHL or the Rules of Law) rules about hactivism in wartime. Almost certainly not, but Tom still thinks its worth talking about and promoting responsible behaviour.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine the opportunities that ransomware gangs and business email compromise/romance scammers have to collaborate.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren asks Martin Cannard, VP of Product Strategy at Netwrix, how privileged access management can help defend organisations. ‘Advanced Persistent Teenagers’ regularly use social engineering techniques to compromise highly privileged accounts, but that doesn’t mean it’s instantly game over for defenders.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the NSA’s creation of a new AI Security Center. One of it’s roles is to help protect AI intellectual property and so maintain the US’s AI advantage. They also look at a new Mandiant report that looks at vulnerabilities that are exploited in the wild. This research finds a shift away from the top three vendors (Microsoft, Apple and Google) and there are rich pickings for threat actors at the network edge.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether offensive cyber operations against ransomware groups have succeeded or failed. And how would we even know?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, about the state of play in the cybercrime ecosystem. People and organisations are getting better at protecting themselves from scams and compromises, but criminals will use every possible avenue to reach people and scam them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Seriously Risky Business Patrick Gray and Tom Uren talk about the possibility of diverting youths from a life of serious cybercrime. It’ll be tough. They also talk about a Ukrainian government report into changes in Russian cyber activity.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine how US and UK strategies to use cyber power differ but are in some ways mirror images of each other.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Stairwell Principal Reverse Engineer Silas Cutler about Akira’s recent server leak and attacker infrastructure.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Seriously Risky Biz guest host Adam Boileau talks with Tom Uren about what Microsoft’s recent breach by a Chinese-based threat actor tells us about the company’s security culture. There were several serious governance failures that allowed this incident to happen. They also look at a new UK government effort to reassure companies that they won’t be punished (as much) for seeking help from the NCSC.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine how AI can help cyber criminals and scammers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Red Canary Principal Readiness Engineer Gerry Johansen about the need to prepare IR plans in advance and why that’s just as important as the IR playbook itself.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about a new UN report that says that hundreds of thousands of innocent people are being forced into working in online crypto and romance scams. They also look at new age verification laws that aim to make it more difficult for children to see pornography. It’s a complex topic, but Australia’s eSafety office has done excellent work on it.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how companies often make unilateral decisions that constrain states’ behaviour, for better and worse.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Mike Fey, CEO and co-founder of Island about the idea of an ‘enterprise browser’. Tom and Mike discuss what an enterprise browser actually is, what problems it solves, and why browsers focussed on business requirements haven’t been a product category until now.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren about proposed changes to the UK’s Investigatory Powers Act. Some pundits are saying the changes will clear the way for the government to prevent tech companies from rolling out security patches. They’re wrong. They also look at a new Mandiant report that dives deeper into a recent Chinese group’s campaign that compromised Barracuda Email Security Gateways. The report provides a wonderful overview of the campaign.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how asset inventory tools aren’t a substitute for knowing what a business values.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how Ukraine has countered Russia’s cyber operations. They also look at various initiatives the US government is taking to secure open source software and ask whether it is getting serious about FOSS.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds, Tom Uren and The Grugq examine the history of CCTV hacking and what different groups get out of these hacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Dan Guido, CEO of Trail of Bits, about AI. Dan thinks AI technologies will be a “game changer”. But he also thinks the conversation around AI is not very sophisticated just yet.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at why ‘juice jacking’ is a forever fear even though its not a real-world threat.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Jacob Torrey, Thinkst’s Head of Labs. Jacob produces ThinkstScapes, a brilliant quarterly summary of the most interesting security research from around the world. In this interview Jacob talks about his favourite research of this issue, why Thinkst invests the time and effort in producing ThinkstScapes and also talks about Thinkst Citation, a companion product that contains information about nearly 70,000 security talks going all the way back to 1993.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how the Russian government is planning to alter databases to hide their spies from open source investigations. It’s a nice try, but we don’t think it will work. They also look at contrasting stories that illustrate how law enforcement agencies can facial recognition technology responsibly, but can also royally screw things up.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq ask whether Chinese operations are becoming stealthier and why? Is it a top-down directive to be careful? Or do the operations themselves require more stealth?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how organisations can maximise the potential of their security teams during an economic downturn, with a concentration on why human error and burnout caused by excessive workloads on security teams can be a risk.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how Microsoft’s lackadaisical cloud product security is attracting the ire of important politicians. They also examine a presidential advisory board report into Section 702 collection and discuss why oversight in intelligence collection is important.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the arguments against intellectual property theft and why there isn’t universal agreement that it should be prohibited.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder and CEO Andrew Morris about the company’s vast network of honeypots, and how they’re preparing to take it to the next phase.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about draft US legislation that aims to stop law enforcement from circumventing the Fourth Amendment by simply buying data on US citizens. It’s a good move, but the overall data ecosystem needs broader reform. They also discuss new reports into the ransomware ecosystem. There is both good news and bad news, but data gaps still make it difficult for policymakers to have a good handle on how to respond.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at when it makes sense for governments to invest in building their own secure phone

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about vulnerable drivers, BYOVD attacks, and the problem with driver-based attacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about recent breaches of JumpCloud and Microsoft cloud services. It’s great they disclosed these incidents voluntarily, but cloud companies are so important that detailed postmortems shouldn’t be voluntary. They also discuss the Biden administration’s cyber security strategy implementation plan and the opportunity to collect email destined for the US military by typo-squatting on the ‘.ml’ domain.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of actively shaping ransomware group behaviour to get the type of behaviour we’d prefer.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about Citizen Lab’s analysis of WeChat’s behaviour and its privacy policy. That report misses the point: WeChat is an integral part of the PRC’s architecture of censorship and repression, and the Chinese government isn’t constrained by WeChat’s privacy policy. They also discuss a new report that proposes a human-centred framework for assessing client-side Child Sexual Abuse Material (CSAM) detection technologies. It’s a step forward because it makes clearer the tradeoffs that are being made when these technologies are suggested.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Scott Hanson, Head of Global Security Operations at Kroll, on how the company has adopted Detection-as-Code for its approach to writing, managing, and rolling out detection rules for its customers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the regular extradition battles that occur between the US and Russia whenever a Russian cybercriminal is arrested in a third country. It’s less about protecting cybercriminals and more about Russia trying to poke the USA in the eye. They also discuss recent Ukrainian hacktivist operations that have been extremely successful, but also don’t seem to have had any really meaningful impact.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the EU’s proposed media freedom act and how one of its goals is to protect journalists from spyware.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to RunZero’s CEO Chris Kirsch about how RunZero has evolved from an IT network active scanning product to one that can now discover assets on OT and cloud environments using both active and passive scanning approaches.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the US Securities Exchange Commission warning SolarWinds executives that it is planning to bring enforcement actions against them. This is a big deal and really signifies that the SEC wants companies to be much more open about cybersecurity incident disclosures. They also discuss the outcomes from a European law enforcement operation against the EncroChat ‘crimephone’. It was an absolutely stunning success, but what does it mean for the future of the access debate? Show notes The boom, the bust and the adjust | by Maor Shwartz | Jun, 2023 | Medium

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the PRC’s campaign compromising Barracuda Email Security Gateways. It doesn’t quite break international “norms”, but it is definitely on the nose. They also discuss Albania’s police raid of an Iranian opposition refugee camp which is said to be hosting a hacking cell that targeted Iran’s government.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at three different state operations that have recently been outed and what these operations tell us about how these states are behaving.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about a new report examining how the US intelligence communities uses data it buys. It finds that data you can buy now rivals or exceeds what intelligence agencies can collect, but the IC overall doesn’t treat the data with the sensitivity and care that it deserves. Fixing IC policy is one thing, but that won’t help at all with foreign adversaries or even local US law enforcement. US needs good data privacy law that cleans up the whole field. They also look at new research that examines how lawyers’ incentives to protect clients mean that incident response is hamstrung when it comes to discovering root causes and learning lessons.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the elements that make them think an operation is state-backed.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about why China and Russia are increasingly outing US cyber espionage operations and what they hope to get out of it. They also discuss a new documentary that reveals more information about some of ASD’s offensive cyber operations and and also looks at how the organisation helped track down the Bali bombers.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different cyber powers leverage companies through coercive power, regulation and the attraction of values.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Chris St. Myers, Threat Intelligence Lead at Stairwell, on the how the company Inception platform can be used for finding old or new threats that sometimes may go unnoticed.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how criminals – and spies – try to protect themselves from state adversaries.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on how the company has been tapping into CISA’s KEV database for insights on vulnerability management and vulnerability prioritization.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the FBI’s overenthusiastic use of foreign intelligence data collected with the Foreign Intelligence Surveillance Act’s Section 702 powers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the concept of cyber “pinch points”, a place of vulnerability that can be targeted to bring an opponent to their knees. These points of vulnerability must surely but Tom and The Grugq wonder how easy they are to identify beforehand.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren asks Thinkst Canary’s Haroon Meer about Mandiant CEO Kevin Mandia’s seven tips for cyber defenders. Honeypots appear at position number three, but Tom wonders what they actually achieve and how mature your security program needs to be before they it can take advantage of them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of the Seriously Risky Biz podcast Patrick Gray and Tom Uren talk about the trajectory of crimephones from criminals’ best friend to greatest liability. These devices were bad for police at the beginning, but they’ve become a net positive for law enforcement efforts, leading to hundreds of arrests, tonnes of seized drugs and deeper insight into criminal operations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at last week’s Snake malware joint cybersecurity advisory and dive into what it tells us about the FSB.

In this edition of Between Two Nerds Tom Uren and The Grugq look at last week’s Snake malware joint cybersecurity advisory and dive into what it tells us about the FSB.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

In this Risky Business News sponsor interview Tom Uren asks Proofpoint’s Selena Larson about how threat actors reacted en masse after Microsoft blocked various types of macros. Cyber criminals used a variety of different techniques to evade these blocks. In part this happened quickly because of knowledge sharing by the cyber threat intelligence community.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how cyber insurance should theoretically improve security and examine what actually happens in practice.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren asks Material Security’s Director of Security Chris Long about what ittakes to run a “modern” phishing workflow. Chris thinks there are opportunities to take identify and take advantage of “phishing superusers”, employees who are a cut above when it comes to uncovering phishing and other malicious activities. Phishing is also the “point of the spear” for defenders — it provides an entry point into attacker activities that enable all sorts of potential detection opportunities.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren take a whirlwind tour examining the different ways countries conduct cyber-enabled influence operations. Iran, China and the UK all have different approaches and we have our favourite. China has a new counter-epsionage law and even though it hasn’t been formerly passed yet already foreign companies are getting in trouble for doing due diligence or corporate intelligence type work. The real point here is to tighten information control, and the wording is so broad that it leaves tremendous scope for the PRC to use the law whenever it wants to send a message. Finally, the two discuss concrete examples of intelligence derived from Section 702 of the US FISA Act. 702 allows US intelligence agencies to compel service providers to help conduct targeted surveillance of foreigners outside the US and will expire at the end of the year unless Congress renews it.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq dive further into deterrence based on both reader feedback and recent news about Iranian destructive operations. One of the requirements for effective deterrence is transparency and people sometimes assume that states have good information about what their cyber operators are doing. But we discuss the universal incentives that encourage state actors to exaggerate their current operations. If this is happening deterrence won’t work because leaders will think they are already getting away with murder.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about North Korea’s “double” or “threaded” supply chain attack via Trading Technologies and 3CX. This type of “access begets access” approach makes total sense and Tom thinks it will likely be a standard approach for North Korea. Microsoft has released a couple of reports over the month that indicate Iran is increasingly willing to launch destructive cyber attacks. One Iranian group, Mango Sandstorm, has been destroying on-prem and cloud environments. Another, Mint Sandstorm, has been targeting a wide swathe of US critical infrastructure. It’s a worry. Finally, Tom and Pat discuss cyber security company Team Cyrmu’s sale of netflow to US government agencies, which has been controversial in the press because of potential privacy violations. Tom spoke to the company and based on what we learnt there isn’t a privacy concern here. But the broader principle that data purchases be examined for privacy risks still stands.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether cyber operations are any good at deterrence. Tom thinks that attributes of the domain mean that it is just no good for deterrence. The Grugq, however, thinks that it can be, although perhaps not in a state vs state context.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about a report by CSC 2.0 that recommends the US government designate space systems as critical infrastructure. Lots of satellites systems are already covered under other critical infrastructure sectors such as communication or defence, but Tom agrees that there are some good reasons to carve out a space-specific critical infrastructure sector. They also talk about the US State Department working on developing a portfolio of cyber diplomacy “offerings”, ranging from disaster relief funding, to technical capacity building, through to policy-level cyber education. This seems like a great idea.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the UK’s National Cyber Force’s recently published “Responsible Cyber Power in Practice” document. The Grugq thinks he’s been plagiarised, while Tom wonders whether the NCF’s “doctrine of cognitive effects” highlights the limits of cyber operations. It’s a good document and will be influential in shaping how people discuss offensive operations (those that disrupt, degrade, destroy etc).

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq contrast between different cyber operations that occurred in 2016. In one, US Cyber Command used cyber operations to attack ISIS’ propaganda operations. In the other, Russian cyber operators interfered with US Presidential elections. US action was tightly scoped, measurable and an underwhelming success, whereas Russian activity was nebulous and hard to measure but could have changed the course of the election.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the a thought bubble floated by military cyber professionals that the US armed forces needs a US Cyber Force. The justification is a bit light on and Tom doesn’t really think the proposal makes sense. They also discuss US Cyber Command’s “Hunt Forward” operations. In these operations partner countries invite CYBERCOM in to hunt for adversary activity. Access to networks is touchy stuff, though, so CYBERCOM spends a lot of time and effort in diplomatic efforts convincing potential partner agencies. We think these types of activities are great but in some parts of the world — think Asia — a warmer and fuzzier branding might be the go.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at what the real problems with TikTok are. Many people are focussing on risks we think are irrelevant or overblown, but it is a massively influential app under Chinese Communist Party control.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the natural advantages that network defenders have. Despite this “home ground advantage” hackers still have a great deal of success and Tom and The Grugq look at what does work in favour of attackers.

Description: A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the RESTRICT Act, proposed US legislation that tries to deal with the problems posed by technologies from foreign adversaries. RESTRICT gives the US government powers to deal with companies like Kaspersky, Huawei and now TikTok on an ongoing basis, rather than muddling through in an ad hoc way each time a problem company pops up. It also requires that the Secretary of Commerce come up with processes and procedures to deal with and mitigate these types of threats, rather than the current whack-a-mole approach. They also discuss a draft Cambodian cyber security law and experts’ concerns that it could be abused by the Cambodian government to maintain its grip on power. This law has many similarities to Australian critical infrastructure law and Tom and Pat discuss the reasons behind the law in Australia. There’s a straight line between a serious ransomware incident in Australia and the resulting law, but still, Cambodia’s government remains authoritarian. Finally, they look at a Carnegie report on Chinese manipulation of international standards setting organisations. It’s a good report and explains what is going on — Chinese manipulation does happen occasionally, but it is “largely unsuccessful”.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different countries take different approaches to talent identification and recruitment. How much of a difference does it make? And why do countries have these different approaches?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.