app_store_button

google_play_button

is Device Banner Block 894x1036

Stígðu inn í heim af óteljandi sögum

Hlustaðu og lestu

risky.biz

Regular cybersecurity news updates from the Risky Business team...

Risky Business News

Belarus deployed spyware on journalists’ phones, a man is arrested for installing malware on a ferry, France arrests the hacker behind an Interior Ministry email server breach, and new Cisco and SonicWall zero-days.

 
 
 Show notes
 
 
 Risky Bulletin: Belarus deploys spyware on journalists' phones

Risky Bulletin: Belarus deploys spyware on journalists' phones

Tom Uren and Patrick Gray talk about America’s increasing dependence on Chinese manufacturers for electrical sector equipment. This doesn’t seem like a good idea when China is hacking electric utilities for sabotage and PLA researchers are dreaming up ways to attack the grid.

They also discuss the possibility that the US was responsible for a cyber attack on Venezuela’s state oil company and how Russian state-backed hacktivism is so dumb.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: Like Huawei, but for electricity

Most smart devices run outdated web browsers, Ukrainian hacktivists breach a major Russian defense contractor, ransomware hits Venezuela’s state-owned oil company, and hackers are trying to extort PornHub with stolen user data.

 
 
 Show notes
 
 
 Risky Bulletin: Most smart devices run outdated web browsers

Risky Bulletin: Most smart devices run outdated web browsers

In this edition of Between Two Nerds Tom Uren and The Grugq talk to Hamid Kashfi, CEO and founder of DarkCell, talk about the Iranian cyber espionage scene.

Kashfi talks about how the regime once forced people to hack and crushed the domestic security research scene. He describes how and why the government has changed its approach and is now reaping the rewards of improved Iranian capabilities.

This episode is available on Youtube.

 
 
 Show notes
 
 
 The "Mossad or not" threat model by James Mickens
 
 Shamoon wiper
 
 iLO rootkit

Between Three Nerds: The evolution of Iranian cyber espionage

Russia is hiring African freelancers for disinformation campaigns, the US is preparing to let contractors run offensive cyber operations, Germany blames Russia for the hack of its air traffic control agency, and Apple patches two WebKit zero-days.

 
 
 Show notes
 
 
 Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns

Risky Bulletin: African freelancers behind anti-US and anti-French disinfo campaigns

In this sponsored interview Casey Ellis is joined by Push Security’s Field CTO, Mark Orlando. They chat about the ways that browser-based attacks are evolving and how Push Security is finding and cataloging them.

 
 
 Show notes
 
 
 ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants
 
 Introducing our guide to phishing detection evasion techniques

Risky Bulletin: EU has a problem attracting and retaining cyber talent

Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Criminal Court prepares for cyber-enabled genocide, and Cambodia busts a warehouse full of SMS blasters.

 
 
 Show notes
 
 
 Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

APTs go after the React2Shell vulnerability just hours after public disclosure. CISA remains without a director after the nomination stalls again, NSA is down 2,000 staff this year, and Intellexa is still active despite sanctions.

 
 
 Show notes

Risky Bulletin: APTs go after the React2Shell vulnerability within hours

Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations.

They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.

And finally, we are not reassured by China’s white paper about being a good cyber citizen.

This episode is also available of Youtube.

 
 
 Show notes
 
 
 Assessing Irresponsibility in Cyber Operations
 
 AWS on state actors bridging cyber and kinetic warfare

Sponsored: ConsentFix and Push Security's browser attack taxonomy

Hlustaðu og lestu

Other podcasts you might like ...