In this edition of Between Two Nerds Tom Uren and The Grugq discuss why it makes even more sense for criminal organisations to adopt AI as compared to regular businesses.
This episode is also available on YouTube.
The FCC relaxes its foreign router ban to allow for security updates, the ShinyHunters group disrupts schools across the globe, a 21-year-old remote code execution bug turns up in FreeBSD, and another Linux privilege escalation bug was disclosedโฆ without a patch.
In this sponsored interview Patrick Gray chats with Knocknoc CEO Adam Pointon about their Greynoise integration.
Knocknoc allowlists network connections from usersโ IPs after theyโve been through an SSO challenge. Itโs great for protecting vulnerable or risky assets that your org has to connect to the internet. But what happens when one of your users tries to authenticate from a bad IP? You probably donโt want to add that one to your allowlist!
Thanks to Knocknocโs new Greynoise integration, you donโt have to!
Palo Alto Networks patches a firewall zero-day, Google patches an Android remote takeover bug, Ivanti also patches one, and a leak exposes Russiaโs spy and hacker school.
Tom Uren and James Wilson talk about the sudden drive to put regulation around the releases of new AI models because of their cyber security implications. A standardised approach is desirable, but clamping down too hard wonโt achieve as much as might be hoped. Experts with older or even open models can get just as far as novices with the latest models.
They also discuss Australiaโs new Cyber Incident Review Board. It has been hamstrung and wonโt be as successful as it could be because it canโt assign blame.
This episode is also available on YouTube
The DAEMON Tools website was hit in a targeted supply chain attack, Australia gets its own CSRB, the US arrests a wanted VOIP server hacker after 17 years, and Oracle switches to monthly security updates.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the breakdown of cyber norms. What would have been an unthinkable cyber operation just a few years ago is now a regular occurrence.
This episode is also available on YouTube.
DigiCert got hacked via a malicious screensaver file, two ransomware negotiators each get four years in prison, Trellix discloses a security breach, and another Russian hacker gets arrested while vacationing in the wrong place.
In this sponsored interview, James Wilson talks with James Kettle and Daf Stuttard from PortSwigger about the incredible research James will unveil at Black Hat US this July, and how that research will be productised into Burp Suite. It shouldnโt be surprising that when James Kettle bolts an LLM into his research methodology that insanely dangerous things happen. This interview is a window into the future of AI-enabled hacking and security testing.
This interview is also available on YouTube.
The Copy Fail vulnerability impacts all Linux distros going back to 2017, hackers are exploiting a cPanel auth bypass, every Moldovan citizen has their data stolen, and some scam compounds got raided raidedโฆ in Dubai.
Tom Uren and Amberleigh Jack talk about the US government stepping in to fight โdistillation attacksโ by Chinese AI labs. These are methods used to steal the special sauce of frontier AI models simply by asking questions.
They also discuss the wide-spread shift amongst Chinese threat actors to using botnets for all aspects of their operations. Itโs a problem for defenders, but also a disruption opportunity for authorities.
This episode is also available on YouTube.
Ukrainians hack Russian satellites, Vimeo is being extorted, Greece wants to ban anonymity on social media, and a Scattered Spider hacker was arrested in Finland.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the North Korean hack of Drift can tell us about the future of hacking.
This episode is also available on YouTube.
A fingerprinting technique can track Tor users, Intellexa had an American exploit provider, the US accuses China of copying its AI, and the US router ban also covers WiFi hotspots.
In this Risky Business sponsored interview Casey Ellis chats to runZeroโs founder and CEO HD Moore about runZeroโs new release: 4.9. It drops this week and doubles down on OT scanning. Animated world and network maps add another layer to visualisation and for those that have been asking: yes, thereโs a dark mode.
Sean Plankey withdraws his CISA Director nomination, Russians hacked the Bundestag President, Discord users gain unauthorised access to Anthropicโs Mythos, and the US sanctions a Cambodian senator for running cyber scam compounds.
Tom Uren and James Wilson talk about the French criminal investigation into bias and illegal content on X. Elon Musk and former X CEO Linda Yaccarino didnโt appear for voluntary interviews scheduled this week, but refusing meetings wonโt make Xโs problems go away. European countries are concerned about Xโs influence and regulators will be exploring all other options beyond criminal investigations.
They also discuss the fight to renew authorisation of Section 702 collection. Itโs a valuable intelligence source, but in the past the FBI pointlessly overused it.
This episode is also available on YouTube
A Former FBI official wants terrorism designations for some ransomware groups, China threatens the EU over new cybersecurity regulations, Europe commits to โฌ180 million for a sovereign cloud and a novel data wiper was found in Venezuela during US military operations.
In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into how a single hacker used OpenAI and Anthropicโs tools to help hack nine Mexican government organisations in quick time.
This episode is also available on YouTube.
ShinyHunters claim credit for the Vercel hack, a malware strain attempted to sabotage Israelโs water system, the US government wants access to Mythos, and a Supreme Court hacker gets probation.
Login