Podcasts

A poorly patched bug is being exploited in Fortinet firewalls, hackers go after security testing environments, Jordanian police used Cellebrite against activists, and new Cisco and SmarterMail zero-days.

Tom Uren and Amberleigh Jack talk about the rise of technologies that can undermine internet blackouts such as Starlink and its relatively new direct-to-cell service. Authoritarian internet shutdowns and disasters happen often enough that governments should think about how to take advantage of these new technologies rather than just reacting when crises arise.

They also discuss the nomination of General Joshua Rudd as head of NSA and US Cyber Command.

This episode is also available on Youtube.

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.

This week news includes:

• Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
• US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
• MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
• Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
• Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
• GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back

Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.

This episode is also available on Youtube.

Canonical’s Snap Store hit by domain resurrection attacks, Russia will use AI to detect VPN users, Iranian hackers switch to Starlink during internet outage, and Greece arrests SMS blasters… by dumb luck.

In this edition of Between Two Nerds Tom Uren and The Grugq talk about what information warfare even is, revisit a 30-year-old paper and examine why Western governments struggle with the concept.

This episode is also available on Youtube.

Germany seeks more hacking and surveillance powers for its intelligence service, Finland intends to criminalize the spreading of false information, patriotic “French” social media goes quiet during Iran’s internet outage, and hackers are extorting GrubHub.

In this Risky Business sponsored interview, Tom Uren talks to Justin Kohler, Chief Product Officer at SpecterOps, about how attack paths exist in the seams between different identity or permissions management domains.

In isolation, for example, both your Github and your AWS deployment could follow best practices. But bring them together and you’ve got problems. Bloodhound’s OpenGraph lets you find and fix these otherwise invisible attack paths.

China bans Israeli and US cybersecurity products, Sean Plankey is re-nominated for CISA Director, RAM price hikes are likely to impact the cost of firewalls, and Lumen sinkholes the Kimwolf DDoS botnet.

Tom Uren and Amberleigh Jack talk about the Chinese government’s reactive approach to tackling scam compounds. It’s driven by bad news on domestic media and therefore focusses on the compounds that are targeting Chinese citizens. Rather than eliminating the industry, that may instead be shaping the industry to focus on other countries and particularly Americans.

They also discuss the role of disruptive cyber operations in the US’s raid to capture Venezuelan President Nicolás Maduro.

This episode is also available on Youtube.

Russia fines 33 telcos for surveillance non-compliance, AVCheck admin is arrested in Amsterdam, Poland repels an attack on its power grid, and voice cloning defenses can be bypassed.