Risky Bulletin

RubyGems adds dependency-cooldowns to counter supply chain attacks, AT&T and IBM are accused of hiding foreign hacks, Cisco warns of a new SD-WAN zero-day, and Google layoffs hit security teams.



Show notes



Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks

The EU unveils its digital sovereignty plan, an American law firm pays a $20 million ransom, authorities take down millions of email and social media scam accounts, and a new DoS bug can crash servers within seconds.



Show notes



Risky Bulletin: The EU debuts digital sovereignty plan

Tom Uren and James Wilson talk about Tom’s trip to NATO’s Cyber Conflict conference. NATO countries want to bulk up their cyber efforts, and the pair discuss what that could look like.

They also look at the US military’s admission that commercial location data was used to target personnel involved in Epic Fury, the US war on Iran. This is not surprising at all, and is just the most visible manifestation of the national security risks of this kind of data sloshing around. If Iran is analysing this data in wartime, China is doing it in peacetime for intelligence and counter-espionage purposes.

This episode is also available on YouTube



Show notes

Russia’s FSB calls out a Western spyware operation, high-profile Instagram accounts hijacked via Meta’s AI support agents, Red Hat npm packages were compromised in another supply chain attack, and ten percent of domains registered last year were malicious.



Show notes



Risky Bulletin: A tenth of all new domains last year were malicious

In this edition of Between Two Nerds Tom Uren and The Grugq talk about the ways in which intelligence agencies are just like cults.

This episode is also available on YouTube



Show notes