Patrick Gray and Adam Boileau discuss the week’s infosec news with everyone’s favourite ex-NSA big-brain, Rob Joyce. They talk through:

• Musk and Durov bow to government pressure
• Tiktok rushes to ban authoritarian propagandists
• The US doesn’t want Chinese software in its cars
• Kaspersky replaces itself with an AV no one has ever heard of
• Aussie police chalk up another crimephone takedown
• Press Win-R Ctrl-V to prove you’re human
• And much, much more.

This week’s show is brought to you by Stairwell, and Stairwell’s founder Mike Wiacek will be along to talk about how people are using their platform to hunt down detection resistant malware.

A video version of this episode is also available on Youtube.

• Elon Musk backs down in his fight with Brazilian judges to restore X | Elon Musk | The Guardian
• Telegram says it will share phone numbers and IP addresses of ‘bad actors’ to authorities
• Jane Lytvynenko on X: "Ukrainian cybersecurity officials are limiting the use of Telegram for military, critical infrastructure, and other authorities. Budanov said he has “substantiated data” on Ru authorities having access to personal messages on TG, including removed ones. https://t.co/xOcnf7am9R" / X
• TikTok blocks dozens of Kremlin-backed media accounts
• Biden administration proposes rule banning Chinese, Russian connected vehicles and parts
• Some Kaspersky customers receive surprise forced-update to new antivirus software | TechCrunch
• Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’
• Police announce takedown and arrest mastermind behind criminal comms platform 'Ghost'
• Turning Everyday Gadgets into Bombs is a Bad Idea « bunnie's blog
• Iranian-linked election interference operation shows signs of recent access | CyberScoop
• Republicans demand FBI hearing on Iran theft of Trump documents
• Ermittlungen im Darknet: Strafverfolger hebeln Tor-Anonymisierung aus | tagesschau.de
• DOJ charges hackers for stealing $230 million in crypto from individual
• This Windows PowerShell Phish Has Scary Potential – Krebs on Security
• You can now use Apple’s best iPhone Mirroring feature on your Mac and iPhone | TechRadar

In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies:

• Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs
• Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst
• SlashID, an identity security company that can crunch your logs to find attackers

You can watch this edition of Snake Oilers on YouTube here.

• Welcome | authentik
• Dropzone AI: Reinforce your SOC with AI Analysts
• The identity stack to protect users and non-human identities | SlashID

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Brazil’s supreme court bans X-formerly-Twitter,
• Iranian cyber teams cooperate with ransomware crews
• While North Koreans wield chrome-windows 0-day
• Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
• The White House is coming for your unsigned BGP announcements
• And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!

You can also watch this episode on Youtube.

• Brazil X ban: Top court judges uphold block of Musk's platform
• Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA
• Malicious North Korean packages appear again in open source code repository
• North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft Security Blog
• SEC.gov | SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions
• Chinese ‘Spamouflage’ operatives are mimicking disillusioned Americans online
• Researchers uncover ‘SlowTempest’ espionage campaign within China
• City of Columbus sues man after he discloses severity of ransomware attack | Ars Technica
• Bypassing airport security via SQL injection
• Cyberattack hits agency responsible for London’s transport network
• German air traffic control agency confirms cyberattack, says operations unaffected
• White House calls attention to ‘hard problem’ of securing internet traffic routing
• Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say
• YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel | Ars Technica
• CrowdStrike takes a revenue hit as global IT outage reckoning lingers | Cybersecurity Dive
• Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security

On this week’s show, Patrick Gray and Adam Boileau discusses the week’s security news, including:

• Telegram founder’s arrest in France
• Volt Typhoon 0days some SD-WAN gear
• Russia frets about Ukraine all up in Kursk’s webcams
• Cybercriminals social engineer payment card NFC relay attacks in the wild
• The slow burn of Active Directory name collisions
• And much, much more.

This week’s episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly.

You can also watch this week’s show on Youtube.

• Pavel Durov: Telegram CEO's arrest part of larger investigation
• Keep Pavel Durov LOCKED UP
• Internet mogul Kim Dotcom to be extradited to the US, NZ justice minister says
• New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ – Krebs on Security
• Oil industry giant Halliburton confirms 'issue' following reported cyberattack
• Seattle airport confronts 4th day of cyberattack outages | Cybersecurity Dive
• Russia calls for restrictions on surveillance cameras, dating apps in cities under attack from Ukraine
• In a Kyiv hangar, Ukraine launches a cyber range for everyone
• U.S. military, on Tinder, says to swipe left on Iran-backed militants - The Washington Post
• CISA officials credit Microsoft security log expansion for improved threat visibility | Cybersecurity Dive
• Suspect in $14 billion cryptocurrency pyramid scheme extradited to China
• Android malware used to steal ATM info from customers at three European banks
• Novel technique allows malicious apps to escape iOS and Android guardrails | Ars Technica
• Local Networks Go Global When Domain Names Collide – Krebs on Security
• Attack tool update impairs Windows computers
• SonicWall pushes patch for critical vulnerability in SonicOS platform | CyberScoop
• “YOLO” is not a valid hash construction

Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO.

Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content.

So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:

• Microsoft did a good thing! Soon all Azure admins will require MFA
• The three billion row National Public Data breach mess, courtesy Florida Man
• US govt confirms that it was Iran that hacked the Trump campaign
• Is TP-Link the next Huawei, or just not very good at computers?
• Major Chinese RFID card maker has hardcoded backdoors
• And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.

• Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog
• phishing resistant mfa - Google Search
• Microsoft will require MFA for all Azure users
• NationalPublicData.com Hack Exposes a Nation’s Data – Krebs on Security
• National Public Data Published Its Own Passwords – Krebs on Security
• Bloomberg Law
• How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News
• German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ
• Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI
• Crypto firm says hacker locked all employees out of Google products for four days
• ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X
• Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading
• Routers from China-based TP-Link a national security threat, US lawmakers claim
• Hardware backdoors found in Chinese smart cards
• Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
• Hardware backdoors found in Chinese smart cards
• Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months