Afleveringen
-
In this edition of Between Two Nerds Tom Uren and The Grugq talk about an in-depth report on a Ukrainian hacking control panel. The panel shows how the Ukrainian group thinks about hacking operations and the pair discuss why the report exists and what it achieves.
This episode is also available on Youtube.
Show notes Bulldog backdoor web panel analysis -
The Trump admin’s Signal clone gets hacked, a six-year-old backdoor comes to life to hijack online stores, a Phishing kingpin identified as a 24-year-old Chinese man, and Ireland fines TikTok for transferring EU user data to China.
Show notes -
Zijn er afleveringen die ontbreken?
-
In this Risky Bulletin sponsor interview Mike Wiaceck, CEO and founder of Stairwell, explains why he believes security is really a data storage and retrieval problem. He demonstrates how that pays off with in the analysis of new malware.
Show notes -
New Microsoft accounts will be passwordless by default, a Chinese APT is hijacking software updates, the US dominates EU cybersecurity market, and Commvault discloses a breach.
Show notes -
Tom Uren and Patrick Gray talk about a SentinelOne report about how it is constantly targeted by both cybercriminal and state-backed hackers. Security firms are high-value targets, so constant attacks on them are the new normal.
They also discuss an article that calls Signal “a kind of dark matter of American politics and media”. Many policy discussions occur on the app, and this explains the Trump administration’s extensive use of the app.
This episode is also available on Youtube.
Show notes -
The French government calls out Russian hacks for the first time, Marks & Spencer sends staff home after a ransomware attack, China accuses America of hacking a major cryptography provider, and AirBorne vulnerabilities impact Apple’s AirPlay.
Show notes -
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the Southeast Asian criminal syndicates that run online scam compounds. Should organisations like US Cyber Command or the UK’s National Cyber Force target these gangs with disruption operations?
This episode is also available on Youtube.
Show notes UN Office of Drugs and Crime on Southeast Asian transnational cyber scammers -
A new prompt injection attack is effective against all the big AI models, Poland says Facebook is failing to remove malicious ads, Africa’s largest telco discloses a security breach, and hackers breach Malaysian brokerage accounts.
Show notes -
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Edward Wu, founder and CEO of Dropzone AI. Edward talks about the impact AI in modern-day SOC teams and how its role slowly becomes a force multiplier and productivity boost rather than workforce replacement.
Show notes -
Cybercriminals stole more than $16 billion last year, Iran tries to hack an EU official, the Lazarus Groups pulls off a successful watering hole and zero-day attack, and WhatsApp adds new chat privacy features.
Show notes -
Tom Uren and Adam Boileau talk about how scam compound criminal syndicates are responding to strong government action by moving operations overseas. It’s good they are being affected, but they are shifting into new countries that don’t have the ability to counter industrial-scale transnational organised crime.
They also discuss CISA’s Secure by Design initiative and that key people behind the program have left the organisation. Given prospective job cuts at CISA it is hard to see the initiative getting a lot of love, but international cyber security authorities should pick up the slack.
This episode is also available on Youtube.
Show notes Cyberfraud in the Mekong reaches inflection point, UNODC reveals -
Russian military personnel targeted with Android spyware, Trump defends Hegseth after second Signalgate scandal, CISA’s Secure by Design leaders depart the agency, and forced-labour cyber scam compounds expand globally.
Show notes -
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether cyber operations can be ‘strategic’, that is, can they affect the fate of nations.
This episode is also available on Youtube.
Show notes -
Zoom has a remote control feature so of course crypto thieves are abusing it, hackers make $700 million in unauthorised stock trades, a Chinese APT leaks its exploits and Euro MPs traveling to Hungary are offered anti-spying pouches for their phones.
Show notes -
In this Risky Bulletin sponsor interview Shane Harding, CEO of Devicie, talks to Tom Uren about trends in the enterprise software and security market that he thinks will have huge impacts. Software is becoming smarter and aims to solve problems rather than simply provide capabilities and Microsoft has embarked on a big push into the SME security market.
Show notes -
Chris Krebs resigns from SentinelOne and vows to fight, the Thai army and police doxed pro-democracy dissidents, CISA extends MITRE’s CVE contract, and Apple patches two iOS zero-days.
Show notes -
Tom Uren and Patrick Gray discuss Trump’s order singling out Chris Krebs, former head of CISA, that requires investigations into Krebs and also punishes his employer. It is a move deliberately designed to chill dissent and they look at what the cyber security industry will likely do in response, which is probably not much.
The pair also discuss what is being interpreted as an admission that Chinese senior leadership is behind the Volt Typhoon hacking of US critical infrastructure.
This episode is also available on Youtube.
Show notes -
MITRE corporation says funding cuts will impact the CVE database, China accuses NSA employees of an Asian Winter Games hack, a ransomware attack disrupts dialysis clinics, the CA/Browser Forum will limit TLS certificate lifetime to 47 days, and 4chan gets hacked.
Show notes -
In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of global critical infrastructure. One common example is submarine cables, which are globally important but are vulnerable because they are hard to defend. But what about services from tech giants? Are they global critical infrastructure?
This episode is also available on Youtube.
Show notes -
China privately admits to hacking American critical infrastructure, the US Treasury was compromised by password spraying, America will sign a global spyware agreement after all, and a Chinese APT is abusing the Windows Sandbox to hide its malware.
Show notes - Laat meer zien
