Videos

Tom Uren and Amberleigh Jack talk about a groundswell of calls from European officials to build cyber capabilities to strike back against adversaries. There are good reasons that countries should have their own cyber capabilities, but if you don’t have the political will to strike back, having a magic cyber weapon doesn’t really make a difference.

They also talk about ‘distillation attacks’. They are a way that AI developers can steal the secret sauce of advanced models just by asking questions. It looks like American companies need government assistance if the US wants to keep its AI lead.

There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks.

There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this.

But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem.

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover:

• Palo Alto threat researchers want to attribute to China, but its management says shush
• An increasing proportion of ransomware is data extortion. Is this good?
• Cambodia says it’s going to dismantle scam compounds
• CISA sufferers through yet another shutdown
• Google Gemini’s training secrets are being systematically harvested to improve other LLMs
• Academics assess SaaS password managers’ resilience against a malicious server

This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows. …

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether middle powers should be investing in military cyber capabilities.

Tom Uren and Amberleigh Jack talk about Microsoft CEO Satya Nadella’s messaging around personnel changes at the top of its security organisation. These signal a focus on selling security products rather than on making secure products.

They also discuss Expedition Cloud, a Chinese cyber range that replicated the critical infrastructure of neighbouring countries, apparently to develop and fine-tune cyber disruption operations.

Finally, they talk about what we’ve learnt about the role of cyber operations in the US bombing of Iranian nuclear facilities. It was far bigger than we previously thought.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Microsoft reshuffles security leadership. It doesn’t spark joy.
• Russia is hacking the Winter Olympics. Again. But y tho?
• China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others
• Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products
• An unknown hero blocks 23/tcp on the US internet backbone
• And James Wilson pops into talk about Claude’s go at a C compiler

This episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t?…

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why the world is destined to be perpetually insecure.

Tom Uren and Amberleigh Jack talk about Google’s cyber disruption unit taking aim at the IPIDEA residential proxy network. The network was a cybercrime enabler that was used by hundreds of threat actors for crime and espionage. More of this kind of disruption please.

They also discuss SpaceX’s rapid action to stop the Russian military using Starlink terminals to guide drones deep into Ukrainian territory.

Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:

• Notepad++ update supply chain attack has been attributed to China
• The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess
• The Epstein files claim he had a personal hacker?
• Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default
• The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again.
• Telco hides a free trip in its privacy policy, someone actually reads it and wins!…

In this edition of Between Two Nerds Tom Uren and The Grugq discuss the recent Russian attack on Polish electricity infrastructure.