On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, more This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches. Show notes Pa ..read more

In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2 ..read more

On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Ro ..read more

On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and releva ..read more

In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more ..read more

On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at ..read more

On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Muel ..read more

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woma ..read more

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham pr ..read more

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Website ..read more