Podcasts

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

Normal Seriously Risky Biz correspondent Tom Uren is on leave this week, so there’s some lunatics-running-the-asylum energy in the episode. Patrick Gray wrote this week’s newsletter, and Adam Boileau asks him what exactly we are to do with Microsoft? They’re so big, and their security posture of late has us all sobbing into our Azure dashboards. Pat advocates for less carrot, and several varieties of stick.

They also talk through where ransomware disruption is going to have to head next. What more creative, less … uh… law-and-order options do we have for imposing cost on actors in pariah states?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Turns out AI is still bad code review after all,
• Mintlify loses a bunch of Github tokens,
• Everything old is new again with the UDP loop DoS,
• Know-your-(recon satellite)-customer is hard,
• Microsoft takes away Russia’s powershell, solving living off the land,
• And much, much more

This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.

In this edition of Between Two Nerds Tom Uren and The Grugq look at Russia’s recent leak of an intercepted German military discussion. From an intelligence point of view the content of the discussion is only moderately interesting, but Russia decided to leak it in an attempt to influence European attitudes towards providing military aid to Ukraine.

In this Risky Business News sponsor interview, Catalin Cimpanu talks with George Glass, Senior Vice-President for Kroll’s Cyber Risk business. George covers the company’s latest report, a Kimsuky attack on ConnectWise ScreenConnect devices with a new malware strain named ToddlerShark.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast here.

In this podcast Patrick Gray and Tom Uren talk about ‘Document 79’, a PRC government document that calls for the Chinese companies in finance, energy and other sectors, to remove foreign software from their IT systems by 2027.

They also talk about the difficulties that Microsoft is facing in permanently removing SVR hackers from its systems.