Risky Bulletin

Russia wants to revoke small ISP licenses, a cyberattack has disrupted access to US newspaper archives, Node.js pauses bug bounty program after its funding lapses and Apple backports patches for DarkSword. Show notes Risky Bulletin: Russia will revoke licenses for unruly ISPs

Tom Uren and Amberleigh Jack talk about how incredibly good AI models have gotten at finding and exploiting vulnerabilities. That will upend the cyber security industry and it has implications for state cyber organisations such as NSA and Cyber Command. They also discuss how broadband wireless communications links are critical in the war in Ukraine. After losing access to Starlink, Russian forces are doubling down on using equipment from American company Ubiquiti. This episode is also available on Youtube. Show notes

Iranian password spraying targets Israel ahead of missile strikes, a major npm package gets hacked, Iran says it will bomb US tech firms in the Middle East, and Flint24 hackers are sentenced to prison in Russia. Show notes Risky Bulletin: Iranian password sprays came first, then came the missiles

In this edition of Between Two Nerds Tom Uren and The Grugq talk about hacking and scams. While hacking is disappearing as a threat for most people, it is a new golden age for scammers. Even Tom has been scammed! This episode is also available on Youtube. Show notes We Are All Targets, How Renegade Hackers Invented Cyber War and Unleashed an Age of Global Chaos The $1.25 million scam

Apple adds a ClickFix warning to macOS, Handala hacks Kash Patel’s personal email, Balancer crypto platform shuts down after last year’s hack, and the EU proposes a ban on AI nudify apps. Show notes Risky Bulletin: Apple adds ClickFix warning to macOS terminal

In this Risky Business sponsored interview, James Wilson chats with Adam Pointon, CEO of Knocknoc, about how AI is making old school security controls and paradigms like deny-by-default cool again. Today, patches are being reversed by AI systems into exploits in a matter of hours. The days of being able to rely on timely patching as a primary control are over. James talks to Adam about this new reality and how Knocknoc can help. Show notes

Russia will use a custom crypto-algorithm for its 5G network, the Hungarian opposition accuses the government of using spyware, Kaspersky says it tied Coruna to the “Operation Triangulation” attacks, and malware was deployed on thousands of Luxembourg government phones. Show notes Risky Bulletin: Russia to use custom crypto-algorithm for its 5G network

Tom Uren and Amberleigh Jack talk about FBI Director Kash Patel admitting to Congress that the Bureau is buying American’s location data and using it to generate valuable intelligence. That’s concerning, because commercially available information can be used in tremendously invasive ways and the FBI can buy it without needing a warrant. They also discuss the FCC’s surprising move to ban foreign-made consumer routers. It’s not about security, it is just about reshoring manufacturing. And finally they discuss the Trump administration’s plan for unleashing the private sector. This episode is also available on Youtube. Show notes

Intellexa’s CEO is angry with Greek authorities, the FTC bans new foreign-made routers, Google launches a threat disruption unit, and German police warned companies about software bugs… in the middle of the night. Show notes Risky Bulletin: The Intellexa CEO is pissed!!!

In this edition of Between Two Nerds Tom Uren and The Grugq discuss how Google just keeps on finding iOS exploit kits. Is iPhone security busted? And why are Russian state hackers after crypto? This episode is also available on Youtube. Show notes Google on Coruna Google on DarkSword iVerify on DarkSword Lookout on DarkSword Coruna deep dive

Russian intelligence services compromised thousands of Signal accounts, the Trivy vulnerability scanner is abused in a supply chain attack, Oracle issues an out-of-band patch for its Fusion Middleware, and the FBI takes down the Aisuru and Kimwolf botnets. Show notes Risky Bulletin: GitHub is starting to have a real malware problem

In this Risky Business sponsored interview, Casey Ellis chats to Fletcher Heisler, founder and CEO of open source identity provider, Authentik. They chat about Extended Identity Access Management (XIAM), the company’s new acronym that has been seven years in the making. Show notes

A second iOS hacking framework has been found in the wild, Belgium launches its own government communications app, AWS kills S3 bucketsquatting and a cyberattack cripples car breathalyzers. Show notes Risky Bulletin: AWS kills bucketsquatting

Tom Uren and Amberleigh Jack talk about how successfully achieving America’s war goals could force Iran to double down on cyber power. It’s resilient to bombing and is the cheapest, quickest way for the regime to get some wins post-war. They also discuss Meta stepping back from end-to-end encryption on Instagram’s direct messages. There is a time and place for E2EE messages, so good riddance. Finally, they discuss the one weird trick President Trump uses to make his smartphone conversations useless for foreign intelligence services. This episode is also available on Youtube. Show notes