Podcasts

Cybercrime losses surpassed $20 billion last year, authorities disrupt a Russian router botnet that intercepted email logins, Iran hacks PLCs across the US, and exploitation hits ComfyUI and Flowise-AI-servers.

In this episode, investigative journalist Geoff White joins James Wilson for a look into the complex machine that is North Korea’s IT worker infiltration scheme. They discuss the interview process, what happens once the workers are actually hired, how value is maximised for the regime, and how the money moves around. It’s even more diabolical than the headlines divulge.

On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it…
• …Unless you’re one of their Project Glasswing partners
• The world isn’t short on bugs, though. F5, Fortinet, Progress ShareFile, and TrueConf are all getting rekt by humans
• GPU Rowhammering goes in the GPU, past the IOMMU and back into the host-side Nvidia driver
• North Korea is spending serious time and money on its crypto hacking
• Just when the US needs CISA most, they slash its budget some more!

This week’s episode is sponsored by identity verification firm, Persona. Tying digital actions to actual human identities isn’t just for banking know-your-customer any more. Persona’s Benjamin Crait says know-your-staff checks belong in high-value flows inside your organisation, too.

This episode is also available on Youtube.

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Iran’s cyber forces have been used during the ongoing war so far.

Cambodia prepares harsher prison terms for scam compound operators, an Italian museum moves valuables into a bank vault after a cyberattack, hackers exploit a bug in Vite-based apps and sites, and a supply chain attack hits an e-learning platform.

In this Risky Business sponsored interview, James Wilson chats with Airlock Digital co-founders, David Cottingham and Daniel Schell, about how they’re moving up the stack from file-based allowlisting to application-based allowlisting. David and Daniel explain how they’re making a seamless and quite logical move into application allowlisting, but with a new take on the technique.

In this episode, James Wilson chats with Brad Arkin (former CISO of Adobe, Cisco and Salesforce) to talk about the mounting pressure that CISOs are under in the AI era. Attackers are operating at unprecedented scale, and internal users are adopting AI faster than security teams can keep up. This requires CISOs to bend on things that would have otherwise been a hard-no in the past, and revisit some fundamental controls that might have seemed too difficult previously.

In this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI.

Part one features recollections from:

• Jeff Moss (The Dark Tangent), DefCon and Black Hat founder
• Chris Wysopal (Weld Pond), L0pht member, co-founder, @Stake
• Kevin Poulsen (Dark Dante), 1990s hacker turned journalist
• Elias Levy (Aleph One), author of Smashing the Stack for Fun and Profit, Phrack, 1996

How the World Got Owned is produced in partnership with SentinelOne.

In this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI.

Part one features recollections from:

• Jeff Moss (The Dark Tangent), DefCon and Black Hat founder
• Chris Wysopal (Weld Pond), L0pht member, co-founder, @Stake
• Kevin Poulsen (Dark Dante), 1990s hacker turned journalist
• Elias Levy (Aleph One), author of Smashing the Stack for Fun and Profit, Phrack, 1996

How the World Got Owned is produced in partnership with SentinelOne.

Russia wants to revoke small ISP licenses, a cyberattack has disrupted access to US newspaper archives, Node.js pauses bug bounty program after its funding lapses and Apple backports patches for DarkSword.