Risky Bulletin podcast

1
Risky Bulletin: US indicts i-Soon and APT27 hackers 5:24

for 1 day siden5:24

5:24

The US indicts the i-Soon and APT27 hackers, the BADBOX botnet gets disrupted again,authorities seize the Garantex crypto exchange, and the FBI arrests hackers who stole Taylor Swift concert tickets. Show notes

1
Srsly Risky Biz: Starlink an internet lifeline for pig butchering compounds 22:03

for 3 dager siden22:03

22:03

In this podcast Tom Uren and Patrick Gray discuss how Starlink is providing an internet lifeline for scam compounds that have had their internet access cut by Thai authorities. Starlink has a very poor track record dealing with unauthorised use, but it is time for the company to develop the processes to keep on top of these problems. They also discuss how President Trump’s actions that favour Russia will make Five Eyes partners take stock, particularly when it comes to HUMINT intelligence sharing. Finally they examine the did-it-happen-or-not stand-down of US Cyber Command’s Russian operations. This episode is also available on Youtube . Show notes…

1
Risky Bulletin: Research turns any Bluetooth device into an AirTag 5:54

for 4 dager siden5:54

5:54

Researchers turn any Bluetooth device into an AirTag tracker, VMware patches three ESXi zero-days, France debates encryption backdoors, and a fifth of the stolen Bybit funds are now untraceable. Show notes

1
RBTALKS6: Will Thomas on the Black Basta leaks 25:06

for 5 dager siden25:06

25:06

In this Risky Business Talks interview we invited Will Thomas to talk about the recent leak of internal chats from the Black Basta ransomware group. Will is a SANS Instructor, co-author of the SANS FOR589 course, and the co-founder of a community research project for CTI analysts called Curated Intelligence. Will walks us through the Black Basta leak and uses the group’s attack on US healthcare provider Ascension to break down how the gang operated. Show notes Risky Bulletin: BlackBasta implodes, internal chats leak online BlackBasta’s internal chats just got exposed BlackBasta Chat Logs BlackBastaGPT BlackBasta Leaks: Lessons from the Ascension Health attack Inside the Black Basta Leak: How Ransomware Operators Gain Access…

1
Between Two Nerds: NSA's 9 to 5 hacking campaign 35:29

for 5 dager siden35:29

35:29

In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into incident response reports from Chinese cybersecurity firms that attribute the hack of one of the country’s top seven defence universities to the US National Security Agency. These reports were collated and translated into English by the security researcher known as Inversecos (https://x.com/inversecos). This episode is also available on Youtube . Show notes NSA (Equation Group) TTPs from a Chinese lens Northwestern Polytechnical University at the China Defence Universities tracker Risky Business podcast discussion with Inversecos…

1
Risky Bulletin: Trump admin halts Russia cyber operations 7:33

for 6 dager siden7:33

7:33

The Trump administration stops treating Russian hackers as a threat, Meta seeks a permanent NSO injunction, new Cellebrite zero-days come to light, and big name Russian cyber criminals get … home detention. Show notes

1
Sponsored: Prowler on the Open Cloud Security Movement 13:53

for 6 dager siden13:53

13:53

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Toni de la Fuente, founder and CEO of cloud security firm Prowler. Toni talks about his company’s latest effort, the Open Cloud Security Movement, an initiative to get more cloud security vendors to open-source their core projects. Show notes Open Cloud Security Prowler on Github Risky Biz Product demo: Prowler, the free and open source cloud security platform…

1
Risky Bulletin: Cellebrite fires Serbia as a customer 6:44

for 9 dager siden6:44

6:44

Cellebrite bans Serbia from using its products, Chinese hackers breached the Belgian security service, the Republican National Committee hid a Chinese hack and Microsoft removes malicious extensions from the VSCode Marketplace. Show notes

1
Srsly Risky Biz: Canada's expulsion from Five Eyes would be a disaster 24:18

for 10 dager siden24:18

24:18

Tom Uren and Patrick Gray talk about the White House apparently considering kicking Canada out of the Five Eyes intelligence alliance to apply pressure on the country. It’s a terrible idea and even thinking about it undermines the strength of the alliance. They also discuss Sweden’s proposed legislation that would order apps like WhatsApp and Signal to store messages so they could be provided under warrant to authorities. The story is a vignette of the ongoing encryption debate, but we think apps like Signal will leave the country rather than comply. Finally, they talk about how the illicit cryptocurrency ecosystem is evolving in response to government action such as takedowns and sanctions. This episode is also available on Youtube . Show notes…

1
Risky Bulletin: Signal threatens to leave Sweden over backdoor request 6:59

for 11 dager siden6:59

6:59

Signal threatens to leave Sweden over backdoor request, the EU sanctions a North Korean general linked to two APTs, Australia bans Kaspersky products on government systems and Google will use QR codes for Gmail authentication. Show notes

1
Between Two Nerds: Hacking's first principles 29:52

for 12 dager siden29:52

29:52

In this edition of Between Two Nerds Tom, Uren and The Grugq examine the fundamental principles of network exploitation as described in Matthew Monte’s ‘Network Attacks and Exploitation: A Framework’ book using recent hacks as case studies. This episode is also available on Youtube . Show notes Network Attacks and Exploitation: A Framework Google's Signal hacking report Device code phishing…

1
Risky Bulletin: North Korean hackers steal $1.5 billion from Bybit 6:56

for 13 dager siden6:56

6:56

North Korean hackers steal one and a half billion dollars from Bybit, Apple disables iCloud backup encryption in the UK, stream-jacking hits the e-sports world and Palau faces its third ransomware attack in six years. Show notes

1
Sponsored: Nucleus Security on asset correlation and asset linking 12:23

for 13 dager siden12:23

12:23

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Aaron Attarzadeh, Enterprise Security Engineer at Nucleus. Aaron goes into new concepts for the vulnerability management scene, such as asset correlation and asset linking. Show notes

1
Risky Bulletin: BlackBasta implodes, internal chats leak online 6:00

for 16 dager siden6:00

6:00

The BlackBasta ransomware group implodes, Russian military hackers target Signal with QR codes, Microsoft patches a Power Pages zero-day, and Meta sues a man who hacked accounts and extorted users. Show notes

1
Srsly Risky Biz: Why America needs its own Salt Typhoon 21:01

for 17 dager siden21:01

21:01

In this podcast Tom Uren and Patrick Gray talk about the idea of launching a retaliatory campaign to hack Chinese telcos in response to Salt Typhoon’s targeting of US ones. US Senator Mark Warner floated the idea as a way to persuade the Chinese government to pull back Salt Typhoon, but we think that kind of campaign has merit regardless. They also discuss how Samoa’s CERT calling out APT40 is a big deal. It’s striking to see a small country of 200,000 people calling out Chinese hacking. This episode is also available on Youtube . Show notes…

Risky Bulletin

1
Risky Bulletin: Insight Partners discloses security breach 4:16

for 18 dager siden4:16

4:16

VC giant Insight Partners gets social engineered, OpenSSH patches an attacker-in-the-middle bug, Ecuador’s parliament hit by cyberattacks, and a Monero zero-day awaits a patch. Show notes

Risky Bulletin

1
Between Two Nerds: Is 39 vulnerabilities a lot? 30:04

for 19 dager siden30:04

30:04

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the United State’s Vulnerabilities Equities Program, which balances the need for intelligence collection with the need to protect the public. The government recently revealed that in 2023 it released 39 vulnerabilities, but what does this really tell us? This episode is also available on Youtube . Show notes The unclassified VEP appendix Kim Zetter's Zero Day substack…

Risky Bulletin

1
Risky Bulletin: Sandworm deploys Tor nodes on hacked networks 7:43

for 20 dager siden7:43

7:43

Sandworm deploys Tor nodes on hacked networks, the UK drops military training for cyber staff, Salt Typhoon’s hacking spree continues, and Russian APTs adopt device code phishing. Show notes

Risky Bulletin

1
Sponsored: Rad Security on new AI adoption risks for enterprises 12:22

for 20 dager siden12:22

12:22

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jimmy Mesta, CTO and Co-Founder of Rad Security (formerly KSOC). Jimmy talks about how companies adopting new AI-based technologies may accidentally expose their infrastructure and data to new threats. Show notes I discovered a fun party trick for the next time you get an AI phone call…

Risky Bulletin

1
Srsly Risky Biz: Governments are losing the crypto wars 18:32

for 24 dager siden18:32

18:32

In this podcast Tom Uren and Patrick Gray talk about Apple’s refusal to obey a UK government order to provide the capability to access to encrypted iCloud data. Its the latest round in the ongoing government vs technology fights over warrant-proof encryption, and again it looks like governments will lose. They also talk about good news in the fight against ransomware. Government actions are putting pressure on the cyber criminal ecosystem, splintering groups and even making it hard to for crooks to convert cryptocurrency to hard cash. This episode is also available on Youtube . Show notes…

Risky Bulletin

1
Between Two Nerds: A Paragon of virtue 22:34

for 26 dager siden22:34

22:34

In this edition of Between Two Nerds Tom Uren and The Grugq talk about Israeli spyware vendor Paragon, how and why it positions itself to sell to the US market, and how its capabilities might work. This episode is also available on Youtube . Show notes TechCrunch report The tweet we discuss Dropping Italy as a customer…

Risky Bulletin

1
Risky Bulletin: Browser extension supply chain attack hits AdsPower 6:13

for 30 dager siden6:13

6:13

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. Show notes Risky Bulletin: Supply chain attack at AdsPower browser platform

Risky Bulletin

1
Srsly Risky Biz: DeepSeek a boon for Chinese APTs 18:23

for 4 weeks siden18:23

18:23

UPDATED AUDIO: An earlier version of this podcast audio contained an editing mistake that desynchronised Patrick and Tom’s audio. In this podcast Tom Uren and Patrick Gray talk about the cyber espionage implications of Chinese AI firm DeepSeek’s recently released models. They will certainly be picked up by various APT crews to try and accelerate their campaigns. They also discuss the UK NCSC’s attempt to quantify ‘comedy bugs’ and whether EU sanctions against Russian military intelligence officers for a five-year-old cyber espionage campaign targeting Estonia are pointless. This episode is also available on Youtube . Show notes…

Risky Bulletin

1
Risky Bulletin: UK Prime Minister's personal email hacked by Russia 6:41

for 5 weeks siden6:41

6:41

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. Show notes Risky Bulletin: Crypto-stealer makes it on the iOS App Store

Risky Bulletin

1
Between Two Nerds: How the internet gets Salt Typhoon wrong 22:23

for 5 weeks siden22:23

22:23

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the compromise of US telecommunications companies by Chinese hackers has very little to do with US government lawful intercept laws. This episode is also available on Youtube . Show notes

Risky Bulletin

1
Risky Bulletin: US authorities sound the alarm on a medical device backdoor 6:32

for 5 weeks siden6:32

6:32

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. Show notes Risky Bulletin: CISA & FDA warn of backdoor in patient monitor

Risky Bulletin

1
Sponsored: Thinkst on Defending off the Land 14:04

for 5 weeks siden14:04

14:04

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Thinkst CTO Marco Slaviero about a concept called Defending off the Land, a way to detect attacks and even deceive and frustrate attackers. Show notes Defending off the land: Agentless defenses available today Assortment of scripts and tools for our Blackhat EU 2024 talk Thinkst Citation Create a Canarytoken. Deploy it somewhere.…

Risky Bulletin

1
Risky Bulletin: Authorities seize the Cracked and Nulled cybercrime forums 6:52

for 5 weeks siden6:52

6:52

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. Show notes Risky Bulletin: Authorities seize Cracked and Nulled cybercrime forums

Risky Bulletin

1
Risky Bulletin: EU sanctions three GRU hackers 6:18

for 6 weeks siden6:18

6:18

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. Show notes Risky Bulletin: EU sanctions three GRU hackers

Risky Bulletin

1
Risky Bulletin: Public transport in Tbilisi is free after anti-government hack 5:51

for 6 weeks siden5:51

5:51

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. Show notes Risky Bulletin: Tbilisi public transport goes free after anti-government hack

TERRO T300B Liquid Ant Killer, 12 Bait Stations

Apple Watch Series 10 [GPS 46mm case] Smartwatch with Jet Black Aluminium Case with Black Sport Band - M/L. Fitness Tracker, ECG App, Always-On Retina Display, Water Resistant

Fourth Wing (The Empyrean Book 1)

Podcaster verdt å lytte til

Risky Bulletin

Risky Bulletin

Podcaster verdt å lytte til

Velkommen til Player FM!

Ancel AD310 Classic Enhanced Universal OBD II Scanner Car Engine Fault Code Reader CAN Diagnostic Scan Tool, Read and Clear Error Codes for 1996 or Newer OBD2 Protocol Vehicle (Black)

SUUSON Upgraded 3-in-1 Car Phone Holder Mount [Powerful Suction] Phone Mount for Car Dashboard Air Vent Windshield,for All iPhone Android Phone (Black)

Amazon Basics 4-Pack CR2032 Lithium Coin Cell Battery, Compatible with AirTag, 3 Volt, Long Lasting Power, Mercury-Free

Purina Fancy Feast Grilled Wet Cat Food Seafood Collection in Wet Cat Food Variety Pack - (Pack of 24) 3 oz. Cans

Hurtigreferanseguide