Risky Bulletin

A dramatic US Secret Service raid on a New York SIM farm seizes over 300 servers amid anonymous threats. Ransomware strikes European airports, causing chaos at self-check kiosks. Thieves steal €600,000 in gold from a museum while alarms are offline after a cyber hit. Meanwhile, Jaguar Land Rover halts production due to ransomware impacts, and a third-party breach exposes Stellantis customer data. Cybersecurity updates from SonicWall help combat ongoing threats, while Poland and Romania warn of cyber retaliation.

Dive into the latest strategies for winning the cyber war, as Tom Uren and The Grugq dissect a fascinating CSIS report. They explore the importance of campaign-level proportionality and critique the 'octopus' analogy for cyber operations. Tune in for insights on U.S. responses to cyber attacks and the necessity of political will before implementing technical solutions. With a blend of humor and expertise, the conversation navigates the complex landscape of cybersecurity, emphasizing both offense and defense tactics.

A cyberattack brings chaos to European airports, shedding light on vulnerabilities in travel security. A member of the Scattered Spider group has turned himself in to authorities, raising questions about cybercrime accountability. The Pentagon has appointed a new leader for cyber policy, signaling shifts in national security strategy. Meanwhile, for the first time, two Russian Advanced Persistent Threat groups are collaborating, indicating an alarming trend in international cyber threats.

In this lively conversation, Jared Atkinson, CTO of SpecterOps and creator of BloodHound, dives into the fascinating world of identity security. He unpacks the crucial difference between 'identities at rest' and 'identities in transit,' explaining how they require different management strategies. Jared also shares insights on BloodHound's capabilities for mapping out attack paths and the implications of hybrid cloud attack visibility. Don't miss his take on prioritizing remediation strategies for privileged assets!

The Pentagon boasts over 70,000 cyber personnel, raising eyebrows about efficiency. Recent hacks include stolen SonicWall configurations and vulnerabilities in various systems. Government missteps, like a DHS leak, highlight ongoing challenges in cybersecurity. Plus, two Scattered Spider members were arrested in the UK. Discover the intersection of policy, AI bias, and tech breaches that are shaping the cyber landscape.

Exploring the surge in US investment in spyware vendors, the discussion highlights potential benefits for responsible industry practices. The hosts also delve into the recent agreement allowing TikTok to continue operating in the US, revealing the complexities it brings for US national security, as Chinese engineers may still influence the app's algorithms. The insights provide a nuanced view of the thin line between technology and security.

Android has shifted to monthly updates solely for high-risk vulnerabilities, reflecting a new security approach. A self-replicating attack has disrupted the npm registry, raising alarms in the tech community. Meanwhile, the administrator of BreachForums faces a resentencing after appeals, highlighting ongoing legal battles in cybersecurity. In the fashion world, hackers have successfully breached the parent company of Gucci, further underlining the urgent need for robust defenses. The conversation also touches on state-sponsored cyber threats and emerging innovations in cybersecurity.

Explore the complexities of cyber power and its historical implications, reflecting on the evolution of cyber conflict. Discover the disconnect between technological capabilities and strategic outcomes, using sports analogies to illustrate adaptability. Compare the cyber strategies of the U.S., China, Russia, and North Korea, each tailored to their unique goals. Delve into the impact of online platforms on political discourse and how narratives surrounding the Ukraine conflict shape perceptions on both sides of the Atlantic.

Legal actions against a major crypto ATM operator raise eyebrows over potential fraud profits. The pod explores how SMS blasters are making waves in Switzerland and dives into a tug-of-war between the US and Portugal for a notorious hacker's extradition. Recent security breaches in schools and the dark web lead to marketplace takedowns, while new vulnerabilities in payment systems and mobile apps come to light. Plus, a critical fix from Samsung addresses a severe zero-day vulnerability.

David Cottingham and Daniel Schell from Airlock Digital shed light on the complexities of managing browser extensions in enterprise settings. They discuss the security risks posed by third-party extensions and the crucial need for better oversight. The duo dives into the importance of a reliable extension management strategy, effective asset inventory, and the role of collaboration with security vendors. They also highlight Airlock's innovative features for enhanced control and integration, making it easier for organizations to navigate these challenges and protect sensitive data.