Srsly Risky Biz: When cyber campaigns cross a line
Tom Uren and Patrick Gray discuss a new report proposing a framework for deciding when cyber operations raise red flags. It suggests seven red flags and could help clarify thinking about how to respond to different operations.
They also discuss Anthropic testifying to Congress and Iran using cyber intelligence to target missile strikes including by sharing it with Houthi rebels who fired at a specific ship.
And finally, we are not reassured by China’s white paper about being a good cyber citizen.
This episode is also available of Youtube.
Show notes
Assessing Irresponsibility in Cyber Operations
AWS on state actors bridging cyber and kinetic warfare
--------
16:18
--------
16:18
Between Two Nerds: Beating back state espionage
In this edition of Between Two Nerds Tom Uren and The Grugq wonder whether it is possible to deter states from cyber espionage with doxxing and other disruption measures.
This episode is also available on Youtube.
Show notes
Department 40 exposed
Charming Kitten exposed
--------
27:51
--------
27:51
Sponsored: Why Mastercard got into threat intel
In this Risky Business News sponsor interview, Mike Lashlee, CSO of Mastercard talks to Tom Uren about why the company got into threat intelligence.
Mike talks about bringing together payments insights with threat intel to get strong signals about fraud or crime, the benefits of international collaboration and when it makes sense for your CSO to also be the CISO.
Show notes
--------
14:05
--------
14:05
Srsly Risky Biz: DeepSeek and Musk's Grok both toe the party line
Tom Uren and Amberleigh Jack talk about new research that shows the Chinese-made DeepSeek-R1 AI model produces insecure code when prompts include topics that the Chinese Communist Party dislikes. It’s interesting research, but the CCP doesn’t have a monopoly on imposing AI bias.
They also discuss the complete doxxing of the Iranian cyber espionage group known as APT35 or Charming Kitten.
This episode is also available on Youtube.
Show notes
--------
21:25
--------
21:25
Between Two Nerds: Telcos bad, Cloud good.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the differences between telcos and cloud companies. Does the nature of the business force cloud companies to be better at security?
This episode is also available on Youtube.
Show notes
FCC looks to torch Biden-era cyber rules sparked by Salt Typhoon mess
Netflix's Chaos Monkey
Brian in Pittsburgh
BTN145
Ultra
France