Videos

News, analysis and product demos

Srsly Risky Biz: US investment in spyware skyrockets

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed.

They also discuss the in-principle agreement for TikTok to remain in the US. It’s a win-win: a win for China and a win for TikTok, but not so much a win for US national security.

Risky Business Weekly (807): Shai-Hulud npm worm wreaks old-school havoc

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • Shai-Hulud worm propagates via npm and steals credentials
  • Jaguar Land Rover attack may put smaller suppliers out of business
  • Leaked data emerges from the vendor behind the Great Firewall of China
  • Vastaamo hacker walks free while appeal is underway
  • Why is a senator so mad about Kerberos?

This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks. …

Soap Box: runZero shakes up vulnerability management

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.

With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.

It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.

Between Two Nerds: The limits of cyber power

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state’s cyber power.

Srsly Risky Biz: Exploiting authorisation sprawl is the new black

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm.

They also talk about Apple’s Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices.

Risky Business Weekly (806): Apple's Memory Integrity Enforcement is a big deal

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • Apple ruins exploit developers’ week with fresh memory corruption mitigations
  • Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack
  • Salesloft says its GitHub was the initial entry point for its compromise
  • Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”
  • Rogue certs for 1.1.1.1 appear to be just (stupid) testing
  • Jaguar Land Rover ransomware attackers are courting trouble

This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!…

Snake Oilers: Nebulock, Vali Cyber and Cape

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:

Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.

Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments….

Between Two Nerds: The death of the exploit

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage.

Srsly Risky Biz: Google sharpens its cyber knife

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It’s a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace.

They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That’s a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government.

And it turns out that Apple’s dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary.

Risky Business Weekly (805): On the Salesloft Drift breach and "OAuth soup"

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Tom Uren
Tom Uren

Policy & Intelligence

The Grugq
The Grugq

Independent Security Researcher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • The Salesloft breach and why OAuth soup is a problem
  • The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed
  • Google says it will stand up a “disruption unit”
  • Microsoft writes up a ransomware gang that’s all-in on the cloud future
  • Aussie firm hot-mics its work-from-home employees’ laptops
  • Youtube scam baiters help the feds take down a fraud ring

This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please!…