Podcast
Risky Bulletin
Hosted by Risky Business Media · EN
Regular cybersecurity news updates from the Risky Business team...
413episodes
Episodes
Newest firstAll episodes
Risky Bulletin: Creds for 74,000 Fortinet devices leaked
Yesterday00:11:00Summary readyA LOT of Fortinet creds have leaked online, Canada’s spy agency allowed to remove a botnet from Canadian devices, a supply chain attack hits the Mastra AI framework, and Europol disrupts SocGolish. Show notes Risky Bulletin: Canada’s spy agency allowed to remove a botnet from Canadian devices
SummarySrsly Risky Biz: Anthropic has artificial, but not emotional, intelligence
2d ago00:31:22Summary readyTom Uren and James Wilson talk about Anthropic rolling out its latest models only to have them effectively banned by the US government within days. Although the administration’s process for assessing new models is, ahem, amorphous, Anthropic is doing itself no favours by dismissing its concerns. The company needs to show some emotional intelligence and learn how to manage upwards. They also discuss Section 702 Foreign Intelligence Surveillance Act collection. The law authorising it has lapsed amidst political shenanigans, but it looks like collection can continue until next year. Plenty of time for kicking of political footballs! This episode is also available on YouTube Show notes
SummaryRisky Bulletin: China arrests Silver Fox cybercrime group suspects
3d ago00:10:54Summary ready66 members of the Silver Fox cybercrime group arrested in China, the EU will help Ukraine in the event of a major cyberattack, MS-ISAC loses 70% of its members after a DHS funding cut, and S-BOMs are still not widely adopted. Show notes Risky Bulletin: China arrests Silver Fox cybercrime group suspects
SummaryBetween Two Nerds: Why NATO and cyber don't mix
4d ago00:28:37Summary readyIn this edition of Between Two Nerds Tom Uren and The Grugq talk about how NATO is set up to deter conventional conflict, and how that approach is fundamentally unsuited for ongoing, everyday cyber operations that are intended to confound adversaries. This episode is also available on YouTube. Show notes
SummaryRisky Bulletin: Arch Linux supply chain attack hits 1,900 packages
5d ago00:11:14Summary readyAlmost 2,000 Arch Linux packages have been infected with malware in a supply chain attack, FISA surveillance powers expire for the first time since 2008, the FBI takes down a Chinese phishing service, and a major supply chain attack hits the WordPress ecosystem. Show notes Risky Bulletin: Arch Linux supply chain attack spreads to 1,900+ AUR packages
SummarySponsored: Ent on using AI to track human behavior on the endpoint
5d ago00:19:36Summary readyIn this Risky Business sponsored interview, Catalin Cimpanu talks with Brandon Dixon, co-founder and CTO of Ent AI, about the company’s innovative use of local LLMs to track user behavior on the endpoint, and add context to suspicious events to detect or prevent malicious activity. Show notes Brandon Dixon on LinkedIn
SummaryRisky Bulletin: CISA tightens patching rules amid bug deluge
1w ago00:09:49Summary readyCISA changes federal patching rules due to AI, a House Republican was hacked by Russia, ShinyHunters go on an Oracle hacking spree, and npm will block auto-run install scripts by default. Show notes Risky Bulletin: In the age of AI, CISA changes federal patching rules
SummarySponsored: Understanding CI/CD attack paths
1w ago00:15:48Summary readyIn this sponsored episode, James Wilson chats with SpecterOps CTO Jared Atkinson about the central role that GitHub has played in recent supply chain compromises. GitHub is where code gets built, tested, and shipped to devices, cloud, and on-prem environments. Understanding the paths an attacker can use to get into GitHub, and where they can pivot to from there, is essential to securing your GitHub repos and CI/CD pipelines. Show notes
SummarySrsly Risky Biz: Europe wants to wean itself off US tech
1w ago00:19:48Summary readyTom Uren and James Wilson talk about the European Union’s digital sovereignty push. A divorce from US tech giants is on the cards, but building sovereign infrastructure and chip capacity will be hard. From an American perspective this is an entirely predicable own-goal. You can have internationally competitive tech giants or you can have an aggressive and coercive foreign policy. You can’t have both at the same time. They also discuss the reanimated corpse of NSO Group. It’s in a hole, but it just keeps digging. This episode is also available on YouTube Show notes
SummaryRisky Bulletin: Nightmare Eclipse drops fresh 0day
1w ago00:11:27Summary readyNightmare Eclipse drops a fresh zero day, Meta says NSO is targeting WhatsApp users again, hackers breach France’s Tchap secure messenger network, Putin disables some Kremlin security cameras, and Gmail be gone! Russia bans logins from foreign email addresses. Show notes Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp
Summary