app_store_button

google_play_button

Device Banner Block-copy 894x1036

Astu lugude lõputusse maailma

Loe ja kuula

risky.biz

Regular cybersecurity news updates from the Risky Business team...

Risky Business News

Russian police arrest the Meduza-Stealer trio, a Former L-3Harris manager pleads guilty to selling exploits to Russia, the US hacked Venezuela in 2020, and Windows 11 Administrator Protection goes live.

 
 
 Show notes
 
 
 Risky Bulletin: Russia arrests Meduza Stealer group

Risky Bulletin: Russia arrests Meduza Stealer group

Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It’s a terrible look, but it doesn’t mean the private sector can’t be trusted to develop exploits.

They also discuss a new report’s recommendations to empower the Office of the National Cyber Director. It’s a good idea, but it won’t make up for the cuts in funding and personnel across the Trump administration’s cyber portfolio.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: Peter Williams, Ex-ASD, Pleads Guilty to Selling Eight Exploits to Russia

HackingTeam’s successor is targeting Russia and Belarus, X users must re-enroll their security keys, Chrome will put HTTP behind a warning dialogue, and 15 people are expected to plead guilty in an Italian hacking scandal.

 
 
 Show notes
 
 
 Risky Bulletin: HackingTeam successor linked to recent Chrome zero-days

Risky Bulletin: HackingTeam is back!

In this edition of Between Two Nerds Tom Uren and The Grugq dissect a recent Chinese CERT report that the NSA had hacked China’s national time keeping service.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 MSS Weixin post 
 
 CN-CERT technical analysis
 
 Global Times on X
 
 BTN110: The NSA's nine to five hacking campaign

Between Two Nerds: NSA gets its mojo back!

A bug in Microsoft WSUS is under attack, Thailand revokes the citizenship of scam-linked businessman, the US charges high tech poker cheat, and Iran’s top hacking school is breached.

 
 
 Show notes
 
 
 Risky Bulletin: Russian bill would require researchers to report bugs to the FSB

Risky Bulletin: WSUS bug under attack

In this sponsored podcast Patrick Gray chats with Knocknoc CEO Adam Pointon about why true Zero Trust architectures never really got there. Spinning up ZTNA access to core applications and slapping SSO prompts on everything else is great, but if we’re honest, it’s not really Zero Trust. So, how and why did we get here?

 
 
 Show notes

Risky Bulletin: iOS 26 change deletes clues of old spyware infections

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense.

They also talk about how the ransomware ecosystem is splintering, and one operator’s relatively quick journey from being an affiliate to a platform operator.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 From Chaos to Capability: Building the US Market for Offensive Cyber
 
 Devman's RaaS Launch

Srsly Risky Biz: Hacking for Godot

A worm hits VS Code users, F5 was breached via its own devices back in 2023, Korea Telecom’s CEO says he’ll resign following a recent security breach, and the Boy Scouts will award cybersecurity merit badges.

 
 
 Show notes
 
 
 Risky Bulletin: Clever worm hits the DevOps scene

Risky Bulletin: Clever worm hits the VS Code scene

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Joe Devanny, senior lecturer from King’s College London, all about India’s missing cyber power. It has all the ingredients to become a cyber superpower, but so far, hasn’t shown the motivation.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Interpreting India's Cyber Statecraft by Joe Devanny and Arthur Laudrain
 
 Dr Joeseph Devanny
 
 Sponsor interview: How AI turbocharges SOC analysts h

Between Three Nerds: India, the sleeping cyber superpower

An npm supply chain attack uses AI to steal credentials and crypto-wallet keys, Google establishes a cyber disruption unit, a ransomware attack disrupts more than 200 Swedish municipalities, and Salt Typhoon hacks have now hit more than 80 countries.

 
 
 Show notes
 
 
 Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys

Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys

Loe ja kuula

Muud podcastid, mis võivad sulle meeldida ...