Podcasts

In this podcast Patrick Gray talks to Tom Uren about the RESTRICT Act, proposed US legislation that tries to deal with the problems posed by technologies from foreign adversaries. RESTRICT gives the US government powers to deal with companies like Kaspersky, Huawei and now TikTok on an ongoing basis, rather than muddling through in an ad hoc way each time a problem company pops up. It also requires that the Secretary of Commerce come up with processes and procedures to deal with and mitigate these types of threats, rather than the current whack-a-mole approach.

They also discuss a draft Cambodian cyber security law and experts’ concerns that it could be abused by the Cambodian government to maintain its grip on power. This law has many similarities to Australian critical infrastructure law and Tom and Pat discuss the reasons behind the law in Australia. There’s a straight line between a serious ransomware incident in Australia and the resulting law, but still, Cambodia’s government remains authoritarian.

Finally, they look at a Carnegie report on Chinese manipulation of international standards setting organisations. It’s a good report and explains what is going on — Chinese manipulation does happen occasionally, but it is “largely unsuccessful”.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Threat actors are really enjoying home networks and BYOD these days…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why our LastPass/DPRK hunch weakened
• CISA launches ransomware warning program
• Is the Ring data extortion real?
• White House flags cloud service security regulation
• Pig Butchering overtakes BEC as top cybercrime earner
• Much more!

In this edition of Between Two Nerds Tom Uren and The Grugq look at how different countries take different approaches to talent identification and recruitment. How much of a difference does it make? And why do countries have these different approaches?

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound.

If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin.

Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

In this podcast Patrick Gray talks to Tom Uren about the recently released US National Cyber Security Strategy. Tom really likes it because it sets out how the US will “win” by reshaping who is liable when crapware hits the fan. It’s got other stuff in it too…

Tom and Pat also discuss the story of an MSS agent being busted when trying to steal intellectual property from the aviation industry. He used the same iphone for both his personal life and his spying and his iCloud backups were an intelligence bonanza. These backups not only had messages to potential recruits, they also had had audio of meetings he’d recorded where he was discussing his approach to espionage.

Finally, we talk about the security risks that arise from the use of Chinese ship-to-shore cranes at ports. Apparently these are chock full of sensors and could be spying on port logistics.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Kaitlyn Sawrey.

You can find the newsletter version of this podcast click here.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why the White House’s cybersecurity strategy is actually quite good
• The LastPass breach was probably DPRK
• UEFI bootkits are going downmarket, and this is bad
• GitHub will scan repos for secrets
• A look at some interesting DJI drone research
• Much, much more

This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show