app_store_button

google_play_button

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

risky.biz

Regular cybersecurity news updates from the Risky Business team...

Risky Business News

Tom Uren and Amberleigh Jack talk about new research that shows the Chinese-made DeepSeek-R1 AI model produces insecure code when prompts include topics that the Chinese Communist Party dislikes. It’s interesting research, but the CCP doesn’t have a monopoly on imposing AI bias.

They also discuss the complete doxxing of the Iranian cyber espionage group known as APT35 or Charming Kitten.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: DeepSeek and Musk's Grok both toe the party line

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the differences between telcos and cloud companies. Does the nature of the business force cloud companies to be better at security?

This episode is also available on Youtube.

 
 
 Show notes
 
 
 FCC looks to torch Biden-era cyber rules sparked by Salt Typhoon mess
 
 Netflix's Chaos Monkey
 
 Brian in Pittsburgh
 
 BTN145
 
 Ultra

Between Two Nerds: Telcos bad, Cloud good.

Tom Uren and Amberleigh Jack talk about Anthropic’s discovery of an “AI-orchestrated” cyber espionage campaign. To Tom, it feels a research project, but it’s pretty clear it will be really useful for threat actors that aren’t focussed on specific high-priority targets. Think ransomware, Chinese intellectual property theft and North Korean hackers. But it won’t be so good for Western intelligence agencies.

They also discuss Google’s legal disruption of the China-based Lighthouse phishing as a service operation. Surprisingly, it seems to be working!

Finally, they talk about why the memory safe Rust language has been a triple win for Android.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: AI-Powered espionage will favor China

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the strategic “logic” of Russian wiper attacks on the Ukrainian grain sector.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 ESET report
 
 Soesanto and Gajos at Lawfare

Between Two Nerds: Russia's cyber war on wheat

Europol takes down servers behind three malware operations, the US sanctions another Burmese military group linked to scam compounds, Google backs down from mandatory Android developer registration, and Checkout-dot-com donates its ransom to cybercrime researchers instead of paying hackers.

 
 
 Show notes
 
 
 Risky Bulletin: Europol takes down Elysium, VenomRAT, and Rhadamanthys infrastructure

Risky Bulletin: Europol takes down Elysium, VenomRAT, and Rhadamanthys

Tom Uren and Amberleigh Jack talk about a new Reuters’ report that reveals how Meta is knowingly raking in cash from scam advertisements. It’s around $16 billion worth, and in documents Meta calculates that it outweighs the costs of possible regulatory action.

They also discuss recent state-backed supply chain attacks that have, so far, remained targeted and responsible. Finally they look at the UK’s decision to stop sharing intelligence with the US about suspected drug boats in the Caribbean.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: Meta's fraud profit scandal

Internal data leaks from another Chinese security firm, a US Congressional Budget Office breach has not been contained, the Cyber infosharing act likely to be extended until January, and we have a new OWASP Top 10.

 
 
 Show notes
 
 
 Risky Bulletin: Another Chinese security firm has its data leaked

Risky Bulletin: Another Chinese security firm has its data leaked

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how cyber criminals and even state actors are being dumb about using AI.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Google's AI Threat Tracker
 
 Script framework

Between Two Nerds: Why AI in malware is lame

Myanmar starts demolishing the KK Park scam compound, the US Congressional Budget Office gets hacked by a foreign APT, Chrome will remove risky X-S-L-T support, and scammers in Singapore will get the cane.

 
 
 Show notes

Risky Bulletin: Myanmar scam compound goes boom!

In this sponsored interview Casey Ellis chats to Toni de la Fuente, founder and CEO of Prowler, an open source platform for cloud security. They chat about how and why Prowler selectively applies AI to ensure it adds value rather than just because they can.

 
 
 Show notes

Risky Bulletin: US indicts two rogue cybersecurity employees for ransomware attacks

Hlustaðu og lestu

Other podcasts you might like ...