App Store

Google Play

Details page - Device banner - 894x1036

Step into an infinite world of stories

Listen and read

risky.biz

Regular cybersecurity news updates from the Risky Business team...

Risky Business News

UPDATED AUDIO: An earlier version of this podcast audio contained an editing mistake that desynchronised Patrick and Tom’s audio.

In this podcast Tom Uren and Patrick Gray talk about the cyber espionage implications of Chinese AI firm DeepSeek’s recently released models. They will certainly be picked up by various APT crews to try and accelerate their campaigns.

They also discuss the UK NCSC’s attempt to quantify ‘comedy bugs’ and whether EU sanctions against Russian military intelligence officers for a five-year-old cyber espionage campaign targeting Estonia are pointless.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: DeepSeek a boon for Chinese APTs

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

 
 
 Show notes
 
 
 Risky Bulletin: Supply chain attack at AdsPower browser platform

Risky Bulletin: Browser extension supply chain attack hits AdsPower

In this edition of Between Two Nerds Tom Uren and The Grugq talk about Israeli spyware vendor Paragon, how and why it positions itself to sell to the US market, and how its capabilities might work.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 TechCrunch report
 
 The tweet we discuss
 
 Dropping Italy as a customer

Between Two Nerds: A Paragon of virtue

In this podcast Tom Uren and Patrick Gray talk about Apple’s refusal to obey a UK government order to provide the capability to access to encrypted iCloud data. Its the latest round in the ongoing government vs technology fights over warrant-proof encryption, and again it looks like governments will lose.

They also talk about good news in the fight against ransomware. Government actions are putting pressure on the cyber criminal ecosystem, splintering groups and even making it hard to for crooks to convert cryptocurrency to hard cash.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: Governments are losing the crypto wars

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jimmy Mesta, CTO and Co-Founder of Rad Security (formerly KSOC). Jimmy talks about how companies adopting new AI-based technologies may accidentally expose their infrastructure and data to new threats.

 
 
 Show notes
 
 
 I discovered a fun party trick for the next time you get an AI phone call

Risky Bulletin: Sandworm deploys Tor nodes on hacked networks

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the United State’s Vulnerabilities Equities Program, which balances the need for intelligence collection with the need to protect the public. The government recently revealed that in 2023 it released 39 vulnerabilities, but what does this really tell us?

This episode is also available on Youtube.

 
 
 Show notes
 
 
 The unclassified VEP appendix
 
 Kim Zetter's Zero Day substack

Between Two Nerds: Is 39 vulnerabilities a lot?

VC giant Insight Partners gets social engineered, OpenSSH patches an attacker-in-the-middle bug, Ecuador’s parliament hit by cyberattacks, and a Monero zero-day awaits a patch.

 
 
 Show notes

Risky Bulletin: Insight Partners discloses security breach

In this podcast Tom Uren and Patrick Gray talk about the idea of launching a retaliatory campaign to hack Chinese telcos in response to Salt Typhoon’s targeting of US ones. US Senator Mark Warner floated the idea as a way to persuade the Chinese government to pull back Salt Typhoon, but we think that kind of campaign has merit regardless.

They also discuss how Samoa’s CERT calling out APT40 is a big deal. It’s striking to see a small country of 200,000 people calling out Chinese hacking.

This episode is also available on Youtube.

 
 
 Show notes

Srsly Risky Biz: Why America needs its own Salt Typhoon

The BlackBasta ransomware group implodes, Russian military hackers target Signal with QR codes, Microsoft patches a Power Pages zero-day, and Meta sues a man who hacked accounts and extorted users.

 
 
 Show notes

Risky Bulletin: BlackBasta implodes, internal chats leak online

Oracle’s Health Tech division gets hacked and its customers extorted, the Italian government admits it used Paragon to spy on an NGO, a WordPress feature is being abused to silently install malicious plugins, and the Dutch public prosecutor pulls systems offline after a cyber incident.

 
 
 Show notes

Risky Bulletin: Oracle's healthtech division hacked, customers extorted

Listen and read

Other podcasts you might like ...