Risky Bulletin
Regular cybersecurity news updates from the Risky Business team...
Episodes
A security researcher scores $250,000 for a Chrome bug, WinRAR patches another zero-day, new vulnerabilities found in the Tetra communications protocol, and a researcher gains access to Microsoft’s internal network for fun… and no profit.
Show notes
In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys.
Show notes
Federal agencies told to patch a new Exchange flaw, millions of sites are vulnerable to HTTP desync attacks, Trend Micro patches a zero-day, and the Salesforce data breaches continue.
Show notes
Russian companies must migrate to domestic ERP systems, Ohio’s public sector will have to approve ransom payments in public, Chanel and Cisco disclose data breaches, and a Thai hospital gets fined over the the dumbest data breach ever.
Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq dissect the Belarusian Cyber Partisans hack of Russian airline Aeroflot. Despite the short-term impact, the airline will likely bounce back quite quickly. But it is still a big win for the Cyber Partisans.
This episode is also available on Youtube.
Show notes
...China accuses the US of new cyberattacks, a $14.5b crypto hack discovered five years later, the US National Cyber Director is named, and Lovense considers legal action over a security flaw disclosure.
Show notes
In this week’s sponsor interview, Tines’ Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they’ve seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover?
Show n...
Russia spies on local embassies via ISPs, a Canadian man jailed for stealing Internet Apes, Signal threatens to leave Australia, and Russian pharmacies go down after a cyberattack.
Show notes
Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn’t deter Chinese hackers, so it is time to try something different.
They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two.
...Russia’s national airline cancels more than 100 flights following a cyberattack, the FBI seizes $2.4 million from the Chaos ransomware, Kazakhstan arrests a ransomware suspect, and Kyrgyzstan nationalizes internet access.
Show notes
Microsoft investigates a MAPP leak as the source of the SharePoint zero-day, US law enforcement takes down the BlackSuit ransomware portal, an Arizona woman is imprisoned for running a North Korean laptop farm, and Allianz life insurance suffers a security breach.
Show notes
-
...
In this sponsored interview, Nucleus Security co-founder and COO, Scott Kuffer joins Casey Ellis to chat about how vulnerability management evolved into quite a lot more than just patch prioritization.
Show notes
Microsoft rolls out better logging for incident responders, the SharePoint hacking spree hits major US agencies, Ukraine arrests the admin of a well-known hacking forum, and China launches a national Digital ID system.
Show notes
Three Chinese APTs are behind the recent SharePoint zero-day attacks, the UK wants to ban the public sector from paying ransoms, Russia takes down a malware operation, and South Korea charges airline employees over selling celebrity data.
Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether China’s ‘cyber militia’ make sense and what they could be good for.
This episode is also available on Youtube.
Show notes
An Iranian security firm is behind an airline hacking spree, Chinese hackers breach Singapore’s critical infrastructure, new SharePoint and CrushFTP zero-days are being used in the wild, and Japan releases free ransomware decrypters.
Show notes
In this Risky Business sponsored interview, Thinkst Canary CEO Haroon Meer chats to Casey Ellis about the company’s impressive growth over the past decade, and how it approached that path a little differently to other firms. Haroon’s advice for young startup founders: Is your problem worth solving? And can you actually solve it? And… Love your customers.
...Hackers bypass FIDO keys with a new phishing technique, a mobile surveillance vendor deploys an SS7 exploit, ransomware hits South Korea’s largest insurance provider, and law enforcement agencies dismantle a pro-Kremlin DDoS group.
Show notes
Tom Uren and Amberleigh Jack talk about Huawei’s contract to manage storage for Spain’s lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004!
They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that...
Salt Typhoon breaches a US state’s National Guard, Ukrainian hackers wipe the servers of a Russian drone maker, the UK relocates Afghans caught up in a data leak, and Microsoft outsources some US government work to China.
Show notes
Popular Podcasts
UConn basketball star Azzi Fudd brings her championship swag to iHeart Women’s Sports with Fudd Around and Find Out, a weekly podcast that takes fans along for the ride as Azzi spends her final year of college trying to reclaim the National Championship and prepare to be a first round WNBA draft pick. Ever wonder what it’s like to be a world-class athlete in the public spotlight while still managing schoolwork, friendships and family time? It’s time to Fudd Around and Find Out!
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The latest news in 4 minutes updated every hour, every day.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!