Risky Bulletin: Two billion eSIMs receive crucial security patch
Two billion eSIMs receive crucial security patches, China’s cyber militias go on the offensive, four Scattered Spider members detained over UK retail attacks, and a Russian basketball player is arrested in a ransomware case.
Show notes
--------
8:20
--------
8:20
Srsly Risky Biz: Four key players drive Scattered Spider
Tom Uren and Amberleigh Jack talk about our developing understanding of the group that people call Scattered Spider. Independent security firms agree that there are a small number of key people that are driving the group’s outrageous success. That gives us hope that targeted action might stem the bleeding.
They also talk about data leaks from China’s cyber espionage ecosystem that are for sale on a data leak site. These look to contain actionable information from a counterintelligence point of view. And Tom wonders if a market for espionage-as-a-service will develop?
This episode is also available on Youtube.
Show notes
--------
17:07
--------
17:07
Risky Bulletin: Chinese APT member arrested in Italy
Italy arrests a Chinese APT hacker, a Russian drone software group gets wiped, the SatanLock ransomware operation shuts down, and browser extensions power a web scraping botnet.
Show notes
--------
7:20
--------
7:20
Between Two Nerds: The opportunity in Asia
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how there is an opportunity for the US to expand its 0day and talent acquisition pool to Asia. They revisit a paper comparing the Chinese and American 0day acquisition strategies and have some quibbles.
This episode is also available on Youtube.
Show notes
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
--------
32:13
--------
32:13
Risky Bulletin: Chinese researchers claim to find new North American APT
Chinese security researchers claim to have found a new American APT, the SEC and SolarWinds are seeking a settlement, a company insider was behind Brazil’s bank hack, and Luis Vuitton discloses a security breach.
Show notes