Videos

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally.

Dropzone makes AI agents that conduct alert investigations in your SOC, but will the SOC as we know it even exist in the future?

Ed has a deep expertise in SOC tech, having previously led AI/ML detection engineering at Extrahop. This interview is a fantastic look at what the future may bring for detection and response professionals.

Tom Uren and James Wilson talk about Tom’s trip to NATO’s Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like.

They also look at the US military’s admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and is just the most visible manifestation of the national security risks of this kind of data sloshing around. If Iran is analysing this data in wartime, China is doing it in peacetime for intelligence and counter-espionage purposes.

On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.

They cover:

• Adversaries are tracking US troop locations with commercially available location data
• A new Signal phishing campaign is going after message backups
• 404 Media is suing ICE to get its spyware contract with REDLattice (lol)
• Microsoft’s tone-deaf response to ‘never justifiable’ zero-day disclosures
• Mini Shai-Hulud pops up again just as Glassworm gets shattered…

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the ways in which intelligence agencies are like cults.

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:

• TeamPCP breached GitHub’s internal repos. Now what?
• Some absolute plonker glued Coruna to a hijacked npm package
• CISA is worried about about open source and wants third party submissions for KEV
• AI infrastructure is “systemically” insecure
• Much, much more

This week’s episode is sponsored by allowlisting vendor Airlock Digital. Airlock’s founders David Cottingham and Daniel Schell join Patrick Gray to talk about Microsoft briefly flagging DigitCert’s root certificate as malware. Fun! …

Tom Uren and James Wilson talk about moves from several European governments to ditch Signal and set up their own encrypted messaging systems for internal government use. These efforts are motivated by concerns about phishing and sovereignty, but the solutions being adopted are imperfect and will come with their own set of problems. Signal fills a space that can’t be filled with sovereign capability.

They also talk about Fast16 malware. We are only now learning about the second arm of a mid-2000s campaign to delay Iran’s nuclear weapons program that included the infamous Stuxnet worm.

Risky Business #838 – GitHub investigates possible breach

On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.

They cover:

• GitHub announced a possible breach
• CISA leaks important creds, keys in public repo
• Awful vulnerability in Bitlocker renders it useless without a PIN
• So. Many. Patches.
• Polish Government urges officials to ditch Signal for mSzyfr
• Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder, Haroon Meer, is this week’s sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn’t trivially easy….

In this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where students learn how to hack for the state. Its curriculum is extremely explicit about how the hacking and propaganda operations are relevant to state operations. They discuss whether this is an advantage for Russia’s cyber program and look at what Western intelligence agencies do instead.

In this edition of Risky Business Features Ollie Whitehouse, the CTO of the UK’s National Cyber Security Centre, joins Patrick Gray and James Wilson to talk about why “patch faster” will only get organisations so far in the face of the AI “bugpocalypse”.

As Ollie explains, organisations will need to reduce internet-facing attack surface and make better architecture decisions as 0day discovery speeds up.

In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler.

Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud security business. In this interview Toni talks us through how AI is changing the game for him as an open source project owner, and as a vendor. In short, reports of the death of IT and security tooling at the hands of frontier models have been greatly exaggerated.