A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray and Tom Uren talk about how the NSA suffered collateral damage from the US’s lax data privacy environment. They also discuss how to respond to aggressive adversaries, how the current SEC cyber security disclosure regime is pointless and finally admit they occasionally get things wrong.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the war in Ukraine is showing how useful mobile devices are in war. Using them is risky, but those risks need to be managed. They refer to this report which examines location tracking in the battlefield.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

NOTE: We initially published the wrong mp3 for this episode. It has been corrected! In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.

In this podcast Patrick Gray and Tom Uren talk about how the SEC’s new disclosure rules that mean companies have four days to report cyber security incidents once they’ve formally decided that they are material. So far, companies are very much erring on the side of caution. They also look at the criticism of the CSRB’s board composition. Tom thinks these critiques are misguided. The cyber security landscape is so fractured that if the board were made up of faceless bureaucrats it would get very limited traction.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how having so much data available about Americans feels creepy, yet there is little visible harm to individuals. But there are still reasons to be worried.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation’s critical infrastructure.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how although the PRC has pivoted to quieter living-off-the-land approaches, they don’t really care about stealth. They just want long-term access. So this means noisily digging in to networks and targeting end-of-life devices. They also look at the FTC’s settlement against geolocation data broker Outlogic. It’s a win, but it’s built on shaky foundations.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how Stuxnet was an ‘inevitability gamechanger’, how much we now know about the operation and how much the Dutch government should have known at the time.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this Risky Business News sponsor interview Tom Uren talks to Ken Westin, Field CISO at Panther about how the rise of cloud and hybrid IT architectures requires a new type of SIEM.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this podcast Adam Boileau and Tom Uren talk about how cyber operations are being used in conflicts in both Ukraine and the Middle East. Some of these operations make sense but others seem pointless or even counterproductive.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk with infosec and anti-virus veteran Martijn Grooten about how the infosec industry has changed over the years.

In this Risky Business News sponsor interview Tom Uren talks to Chris St Myers, Stairwell’s head of threat research, about managing the risk from software you absolutely must use. Show notes Stairwell's Inception Platform

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Patrick Grey and Tom Uren talk about whether election interference will take place in the Taiwanese, US and Russian elections that are all taking place in 2024. They also look at a ChatGPT-powered online harassment campaign.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about recent hints that the Ukrainian government has figured out how to make use of the IT Army

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Patrick Grey and Tom Uren talk about how threat actors abusing legitimate tools (aka living off the land) is the new normal. Everyone is doing it, from activists to cybercriminals to nation states. It’s a worry because defender’s standard practices really aren’t set up to detect and deal with that kind of behaviour. They also discuss how cyber incidents in the US and UK amongst providers of key real estate services are disrupting house sales.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the latest Russian cyber attacks on the Ukrainian energy grid.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Brian Dye, CEO of Corelight about the value of data from NDR tools when it comes to longer term incident response.

In this podcast Adam Boileau and Tom Uren talk the rise of the Indian hack-for-hire industry. It doesn’t get the same attention that high-profile iPhone ‘zero-click’ hacking does, but its a global scourge that undermines legal processes. They also discuss the AlphV ransomware group reporting a company to the SEC for not disclosing a breach that it caused.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about how being more open about cyber security threats is great for marketing and has also forced cyber security companies to pick sides and make value judgements.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s VP of Solutions Architecture and Alliances about the state of authentication and what Passkeys are all about.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Adam Boileau and Tom Uren talk about two very significant cyber incidents. In the first, LockBit attacked the US arm of China’s biggest bank and the disruption left the bank owing USD$9bn at the end of the day. The other disrupted 40% of Australia’s port traffic. They also examine the reasons why it makes sense for banks to do more regarding fraud.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about International Humanitarian Law aka the Rules of War in cyberspace. These rules don’t really make sense in cyberspace, but despite that we think talking about them (and other norms of behaviour) is still worthwhile

In this Risky Business News sponsor interview Tom Uren talks to Ryan Mahoney, Product Director at Gigamon. The TLS 1.3 encryption standard makes passive network monitoring inside your network difficult without break and inspect contortions. But Gigamon has what they call a “precryption” solution!

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast Adam Boileau and Tom Uren talk about Microsoft’s Secure Future Initiative. It’s been likened to the company’s 2002 Trustworthy Computing initiative, but compared to that it is a massive disappointment. They also discuss how the European-wide police operation against EncroChat unravelled when a UK intelligence analyst warned her friends with criminal links that the service had been compromised.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the internet-melting 1988 Morris Worm and how cyber security has changed since then.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Huxley Barbee, Security Evangelist at runZero finding the unknown unknowns and what even is a security evangelist anyway.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast host Adam Boileau and Tom Uren talk about the confluence of hacking and real-world violence. They also discuss the SEC’s decision to charge SolarWinds and its CISO for not being transparent enough about SolarWinds’ real cybersecurity risks. Unfortunately, almost all companies have cyber security problems but disclose them only in very generic ways.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss what is really at stake when it comes to cyber security.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Patrick Garrity, VP of Marketing and security researcher at Nucleus Security, on the rise and evolution of vulnerability threat intel and how CISA KEV’s new ransomware section will be a game changer. Show notes Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast guest host Adam Boileau and Tom Uren talk about the recent Ukrainian hacktivist group’s hack and burn attack on a ransomware gang. This makes us think there are definitely opportunities for Western cyber outfits. They also discuss why companies should think about human rights when they make contingency plans for crises like war.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss “spooky effects” aka when agencies play silly buggers with target computers.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Resourcely CEO Travis McPeak about the modern DevOps ecosystem and how just giving developers tools with security baked in keeps everyone safe and happy, and how that’s easier than expecting your software engineers to become cybersecurity experts overnight.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this podcast guest host Patrick Gray and Tom Uren talk about a CISA and NSA advisory that lists the 10 most common network misconfigurations they. It’s 101-level stuff and is particularly sobering because CISA and NSA don’t look at run of the mill networks, they look at important ones. CISA thinks part of the problem is vendors that make insecure-by-default products. They also talk about a new Five Eyes security intelligence leader summit that warns of PRC intellectual property theft.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how changing circumstances change the risk/reward balance and change whether effects operations are worthwhile.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about the recent Microsoft Digital Defense Report and the problems that come with trying to properly secure PowerShell. Show notes Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider Resources for deprecated features in the Windows client - What's new in Windows | Microsoft Learn The evolution of Windows authentication | Windows IT Pro Blog Is Securing PowerShell a Lost Cause? - by Allan Liska

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast guest host Patrick Gray and Tom Uren talk about research that discovered that EU-based spyware was being used to target EU and US officials. Will that encourage EU governments to take action against spyware? They also discuss Belgian concerns that the PRC will take advantage of a Chinese logistics firm with a hub in Liège for espionage. Finally, they discuss whether hacktivists will follow International Humanitarian Law (IHL or the Rules of Law) rules about hactivism in wartime. Almost certainly not, but Tom still thinks its worth talking about and promoting responsible behaviour.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine the opportunities that ransomware gangs and business email compromise/romance scammers have to collaborate.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren asks Martin Cannard, VP of Product Strategy at Netwrix, how privileged access management can help defend organisations. ‘Advanced Persistent Teenagers’ regularly use social engineering techniques to compromise highly privileged accounts, but that doesn’t mean it’s instantly game over for defenders.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the NSA’s creation of a new AI Security Center. One of it’s roles is to help protect AI intellectual property and so maintain the US’s AI advantage. They also look at a new Mandiant report that looks at vulnerabilities that are exploited in the wild. This research finds a shift away from the top three vendors (Microsoft, Apple and Google) and there are rich pickings for threat actors at the network edge.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether offensive cyber operations against ransomware groups have succeeded or failed. And how would we even know?

In this Risky Business News sponsor interview Tom Uren talks to Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, about the state of play in the cybercrime ecosystem. People and organisations are getting better at protecting themselves from scams and compromises, but criminals will use every possible avenue to reach people and scam them.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Seriously Risky Business Patrick Gray and Tom Uren talk about the possibility of diverting youths from a life of serious cybercrime. It’ll be tough. They also talk about a Ukrainian government report into changes in Russian cyber activity.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine how US and UK strategies to use cyber power differ but are in some ways mirror images of each other.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Stairwell Principal Reverse Engineer Silas Cutler about Akira’s recent server leak and attacker infrastructure.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Seriously Risky Biz guest host Adam Boileau talks with Tom Uren about what Microsoft’s recent breach by a Chinese-based threat actor tells us about the company’s security culture. There were several serious governance failures that allowed this incident to happen. They also look at a new UK government effort to reassure companies that they won’t be punished (as much) for seeking help from the NCSC.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq examine how AI can help cyber criminals and scammers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Red Canary Principal Readiness Engineer Gerry Johansen about the need to prepare IR plans in advance and why that’s just as important as the IR playbook itself.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about a new UN report that says that hundreds of thousands of innocent people are being forced into working in online crypto and romance scams. They also look at new age verification laws that aim to make it more difficult for children to see pornography. It’s a complex topic, but Australia’s eSafety office has done excellent work on it.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how companies often make unilateral decisions that constrain states’ behaviour, for better and worse.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Mike Fey, CEO and co-founder of Island about the idea of an ‘enterprise browser’. Tom and Mike discuss what an enterprise browser actually is, what problems it solves, and why browsers focussed on business requirements haven’t been a product category until now.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren about proposed changes to the UK’s Investigatory Powers Act. Some pundits are saying the changes will clear the way for the government to prevent tech companies from rolling out security patches. They’re wrong. They also look at a new Mandiant report that dives deeper into a recent Chinese group’s campaign that compromised Barracuda Email Security Gateways. The report provides a wonderful overview of the campaign.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at how asset inventory tools aren’t a substitute for knowing what a business values.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how Ukraine has countered Russia’s cyber operations. They also look at various initiatives the US government is taking to secure open source software and ask whether it is getting serious about FOSS.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds, Tom Uren and The Grugq examine the history of CCTV hacking and what different groups get out of these hacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to Dan Guido, CEO of Trail of Bits, about AI. Dan thinks AI technologies will be a “game changer”. But he also thinks the conversation around AI is not very sophisticated just yet.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at why ‘juice jacking’ is a forever fear even though its not a real-world threat.

In this Risky Business News sponsor interview Tom Uren talks to Jacob Torrey, Thinkst’s Head of Labs. Jacob produces ThinkstScapes, a brilliant quarterly summary of the most interesting security research from around the world. In this interview Jacob talks about his favourite research of this issue, why Thinkst invests the time and effort in producing ThinkstScapes and also talks about Thinkst Citation, a companion product that contains information about nearly 70,000 security talks going all the way back to 1993.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how the Russian government is planning to alter databases to hide their spies from open source investigations. It’s a nice try, but we don’t think it will work. They also look at contrasting stories that illustrate how law enforcement agencies can facial recognition technology responsibly, but can also royally screw things up.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq ask whether Chinese operations are becoming stealthier and why? Is it a top-down directive to be careful? Or do the operations themselves require more stealth?

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Tines co-founder and CEO Eoin Hinchy about how organisations can maximise the potential of their security teams during an economic downturn, with a concentration on why human error and burnout caused by excessive workloads on security teams can be a risk.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about how Microsoft’s lackadaisical cloud product security is attracting the ire of important politicians. They also examine a presidential advisory board report into Section 702 collection and discuss why oversight in intelligence collection is important.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the arguments against intellectual property theft and why there isn’t universal agreement that it should be prohibited.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with GreyNoise founder and CEO Andrew Morris about the company’s vast network of honeypots, and how they’re preparing to take it to the next phase.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about draft US legislation that aims to stop law enforcement from circumventing the Fourth Amendment by simply buying data on US citizens. It’s a good move, but the overall data ecosystem needs broader reform. They also discuss new reports into the ransomware ecosystem. There is both good news and bad news, but data gaps still make it difficult for policymakers to have a good handle on how to respond.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at when it makes sense for governments to invest in building their own secure phone

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about vulnerable drivers, BYOVD attacks, and the problem with driver-based attacks.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about recent breaches of JumpCloud and Microsoft cloud services. It’s great they disclosed these incidents voluntarily, but cloud companies are so important that detailed postmortems shouldn’t be voluntary. They also discuss the Biden administration’s cyber security strategy implementation plan and the opportunity to collect email destined for the US military by typo-squatting on the ‘.ml’ domain.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of actively shaping ransomware group behaviour to get the type of behaviour we’d prefer.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about Citizen Lab’s analysis of WeChat’s behaviour and its privacy policy. That report misses the point: WeChat is an integral part of the PRC’s architecture of censorship and repression, and the Chinese government isn’t constrained by WeChat’s privacy policy. They also discuss a new report that proposes a human-centred framework for assessing client-side Child Sexual Abuse Material (CSAM) detection technologies. It’s a step forward because it makes clearer the tradeoffs that are being made when these technologies are suggested.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Scott Hanson, Head of Global Security Operations at Kroll, on how the company has adopted Detection-as-Code for its approach to writing, managing, and rolling out detection rules for its customers.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the regular extradition battles that occur between the US and Russia whenever a Russian cybercriminal is arrested in a third country. It’s less about protecting cybercriminals and more about Russia trying to poke the USA in the eye. They also discuss recent Ukrainian hacktivist operations that have been extremely successful, but also don’t seem to have had any really meaningful impact.

In this edition of Between Two Nerds Tom Uren and The Grugq look at the EU’s proposed media freedom act and how one of its goals is to protect journalists from spyware.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this Risky Business News sponsor interview Tom Uren talks to RunZero’s CEO Chris Kirsch about how RunZero has evolved from an IT network active scanning product to one that can now discover assets on OT and cloud environments using both active and passive scanning approaches.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the US Securities Exchange Commission warning SolarWinds executives that it is planning to bring enforcement actions against them. This is a big deal and really signifies that the SEC wants companies to be much more open about cybersecurity incident disclosures. They also discuss the outcomes from a European law enforcement operation against the EncroChat ‘crimephone’. It was an absolutely stunning success, but what does it mean for the future of the access debate? Show notes The boom, the bust and the adjust | by Maor Shwartz | Jun, 2023 | Medium

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about the PRC’s campaign compromising Barracuda Email Security Gateways. It doesn’t quite break international “norms”, but it is definitely on the nose. They also discuss Albania’s police raid of an Iranian opposition refugee camp which is said to be hosting a hacking cell that targeted Iran’s government.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this edition of Between Two Nerds Tom Uren and The Grugq look at three different state operations that have recently been outed and what these operations tell us about how these states are behaving.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about a new report examining how the US intelligence communities uses data it buys. It finds that data you can buy now rivals or exceeds what intelligence agencies can collect, but the IC overall doesn’t treat the data with the sensitivity and care that it deserves. Fixing IC policy is one thing, but that won’t help at all with foreign adversaries or even local US law enforcement. US needs good data privacy law that cleans up the whole field. They also look at new research that examines how lawyers’ incentives to protect clients mean that incident response is hamstrung when it comes to discovering root causes and learning lessons.