app_store_button

google_play_button

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

risky.biz

Regular cybersecurity news updates from the Risky Business team...

Risky Business News

The EU has a problem attracting and retaining cyber talent, the CEO of Coupang resigns following the company’s security breach, Microsoft expands its bug bounty program to cover third party code, and Chrome and Gogs patch zero-days.

 
 
 Show notes
 
 
 Risky Bulletin: EU has a problem attracting and retaining cyber talent

Risky Bulletin: EU has a problem attracting and retaining cyber talent

Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Criminal Court prepares for cyber-enabled genocide, and Cambodia busts a warehouse full of SMS blasters.

 
 
 Show notes
 
 
 Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers

APTs go after the React2Shell vulnerability just hours after public disclosure. CISA remains without a director after the nomination stalls again, NSA is down 2,000 staff this year, and Intellexa is still active despite sanctions.

 
 
 Show notes

Risky Bulletin: APTs go after the React2Shell vulnerability within hours

Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations.

They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.

And finally, we are not reassured by China’s white paper about being a good cyber citizen.

This episode is also available of Youtube.

 
 
 Show notes
 
 
 Assessing Irresponsibility in Cyber Operations
 
 AWS on state actors bridging cyber and kinetic warfare

Srsly Risky Biz: When cyber campaigns cross a line

In this edition of Between Two Nerds Tom Uren and The Grugq wonder whether it is possible to deter states from cyber espionage with doxxing and other disruption measures.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Department 40 exposed
 
 Charming Kitten exposed

Between Two Nerds: Beating back state espionage

In this Risky Business News sponsor interview, Mike Lashlee, CSO of Mastercard talks to Tom Uren about why the company got into threat intelligence.

Mike talks about bringing together payments insights with threat intel to get strong signals about fraud or crime, the benefits of international collaboration and when it makes sense for your CSO to also be the CISO.

 
 
 Show notes

Srsly Risky Biz: DeepSeek and Musk's Grok both toe the party line

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the differences between telcos and cloud companies. Does the nature of the business force cloud companies to be better at security?

This episode is also available on Youtube.

 
 
 Show notes
 
 
 FCC looks to torch Biden-era cyber rules sparked by Salt Typhoon mess
 
 Netflix's Chaos Monkey
 
 Brian in Pittsburgh
 
 BTN145
 
 Ultra

Between Two Nerds: Telcos bad, Cloud good.

Tom Uren and Amberleigh Jack talk about Anthropic’s discovery of an “AI-orchestrated” cyber espionage campaign. To Tom, it feels a research project, but it’s pretty clear it will be really useful for threat actors that aren’t focussed on specific high-priority targets. Think ransomware, Chinese intellectual property theft and North Korean hackers. But it won’t be so good for Western intelligence agencies.

They also discuss Google’s legal disruption of the China-based Lighthouse phishing as a service operation. Surprisingly, it seems to be working!

Finally, they talk about why the memory safe Rust language has been a triple win for Android.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: AI-Powered espionage will favor China

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the strategic “logic” of Russian wiper attacks on the Ukrainian grain sector.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 ESET report
 
 Soesanto and Gajos at Lawfare

Risky Bulletin: APTs go after the React2Shell vulnerability within hours

Listen and read

Other podcasts you might like ...