Risky Business Cybersecurity

In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies. This episode is also available on Youtube. Show notes The I-Soon cyber espionage contractor data leak

Japan passes a new active cyber defense law, printer software gets shipped with malware, a UK telco leaks user data and geolocation via its 4G network, and Volkswagen patches major bugs in its mobile app. Show notes

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem. Show notes

Coinbase was extorted by hackers who bribed employees for user data, America’s largest steel producer halts production after a cyberattack, Scattered Spider shifts to targeting US retailers, and the US abandons plans to protect Americans from data brokers. Show notes

In this special edition of the Seriously Risky Business podcast Patrick Gray speaks with former NSA Cybersecurity Director Rob Joyce and former director of the CIA’s Center for Cyber Intelligence Andy Boyd. The talk about what offensive cyber could look like under Trump 2.0, and the shake-up the intelligence community is going through under various White House initiatives. This episode is also available on Youtube. Show notes

The EU launches its own vulnerability database, a Turkish APT deploys a zero-day in Iraq, North Korea tasks an APT to Ukraine, and Spain will probe cyber’s role in last month’s energy grid collapse. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether the US should steal intellectual property from Chinese companies. This episode is also available on Youtube. Show notes Stewart Baker’s Lawfare article Bunny Huang’s ‘Essential Guide to Electronics in Shenzhen’ BTN44 on the rights and wrongs of intellectual property theft Corelight sponsor interview with James Pope

The Kaleidoscope ad fraud network infects 2.5 million devices a month, Germany seizes the eXch crypto-mixing service, the US takes down the Anyproxy botnet, and Chrome will use on-device AI to detect tech support scams. Show notes

In this Risky Bulletin sponsor interview James Pope, Director of Technical Enablement, talks to Tom Uren about his experience running networks and security centres at Black Hat conferences around the world. Pope talks about the challenges of running a SOC at a hacker conference, how conference networks around the world have a different character and talks about all the weird and wonderful security snafus he has found. Show notes

France says Russia’s influence operations are achieving results, Crowdstrike lays off 5% of its staff, a hacker dumps LockBit’s ransomware database, and a ransomware attack slows production at a major US medical device maker. Show notes

Tom Uren and Patrick Gray talk about how the US is planning to take the gloves off in cyberspace and conduct much more aggressive offensive cyber operations. US responses to cyber espionage have not been very aggressive to date, but Tom is not convinced that cyber punches are required, so much as blows that really hurt. The pair also discuss TeleMessage, the Signal clone the Trump cabinet has been using. The app managed to sidestep certification and assessment processes and ended up being used by various agencies in the US government. And the White House. It’s a mystery how this happened. This episode is also available on Youtube. Show notes

NSO Group ordered to pay Meta $167 million dollars, the White House tells N-S-A to cut 8% of its civilian staff, the US sanctions a Myanmar militia group leader for cyber scams, and one of the Nomad Bridge hackers gets arrested in Israel. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq talk about an in-depth report on a Ukrainian hacking control panel. The panel shows how the Ukrainian group thinks about hacking operations and the pair discuss why the report exists and what it achieves. This episode is also available on Youtube. Show notes Bulldog backdoor web panel analysis

The Trump admin’s Signal clone gets hacked, a six-year-old backdoor comes to life to hijack online stores, a Phishing kingpin identified as a 24-year-old Chinese man, and Ireland fines TikTok for transferring EU user data to China. Show notes

In this Risky Bulletin sponsor interview Mike Wiaceck, CEO and founder of Stairwell, explains why he believes security is really a data storage and retrieval problem. He demonstrates how that pays off with in the analysis of new malware. Show notes

New Microsoft accounts will be passwordless by default, a Chinese APT is hijacking software updates, the US dominates EU cybersecurity market, and Commvault discloses a breach. Show notes

Tom Uren and Patrick Gray talk about a SentinelOne report about how it is constantly targeted by both cybercriminal and state-backed hackers. Security firms are high-value targets, so constant attacks on them are the new normal. They also discuss an article that calls Signal “a kind of dark matter of American politics and media”. Many policy discussions occur on the app, and this explains the Trump administration’s extensive use of the app. This episode is also available on Youtube. Show notes

The French government calls out Russian hacks for the first time, Marks & Spencer sends staff home after a ransomware attack, China accuses America of hacking a major cryptography provider, and AirBorne vulnerabilities impact Apple’s AirPlay. Show notes

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the Southeast Asian criminal syndicates that run online scam compounds. Should organisations like US Cyber Command or the UK’s National Cyber Force target these gangs with disruption operations? This episode is also available on Youtube. Show notes UN Office of Drugs and Crime on Southeast Asian transnational cyber scammers

A new prompt injection attack is effective against all the big AI models, Poland says Facebook is failing to remove malicious ads, Africa’s largest telco discloses a security breach, and hackers breach Malaysian brokerage accounts. Show notes