Podcast appearances and mentions of tom uren

Tom Uren and Patrick Gray talk about how a Trump executive order has scaled back the government's cyber security ambitions. The carrots and sticks that would have been used to encourage organisations to adopt stricter security standards are gone. They also discuss North Korea's use of AI in its IT worker scam and the emergence of espionage-as-a-service… perhaps. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about how Operation Endgame, the multinational law enforcement effort to tackle ransomware is approaching the problem holisitically. It's tackling the enablers of ransomware and although it won't eliminate the crime, it'll make it harder for criminals. They also discuss the spyware app that helped to dismantle the Syrian regime, at least maybe a little bit, and how Russian military intelligence's sabotage and assasination unit got into cyber operations. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about Russian DanaBot malware developers making a tailored variant of their malware specifically for espionage. This fills in some of the blanks on the exact relationship between Russian criminals and the country's intelligence services. They also discuss a US Director of National Intelligence initiative to centralise the purchase of commercially acquired information. Although this information can be used maliciously, having a one-stop-shop should make it easier to check that it is being used responsibly. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about how Telegram took down the two largest ever criminal marketplaces recently. They used Telegram for all their communications and had collectively sold over USD$30 billion in illicit products. The pair discuss why Telegram is now cooperating with authorities after historically being reluctant and whether this assistance will continue. They also discuss how Meta is awash with scam advertisements and how Chinese mobile app encryption is suspiciously awful. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem. Show notes

In this Risky Bulletin sponsor interview James Pope, Director of Technical Enablement, talks to Tom Uren about his experience running networks and security centres at Black Hat conferences around the world. Pope talks about the challenges of running a SOC at a hacker conference, how conference networks around the world have a different character and talks about all the weird and wonderful security snafus he has found. Show notes

Tom Uren and Patrick Gray talk about how the US is planning to take the gloves off in cyberspace and conduct much more aggressive offensive cyber operations. US responses to cyber espionage have not been very aggressive to date, but Tom is not convinced that cyber punches are required, so much as blows that really hurt. The pair also discuss TeleMessage, the Signal clone the Trump cabinet has been using. The app managed to sidestep certification and assessment processes and ended up being used by various agencies in the US government. And the White House. It's a mystery how this happened. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about a SentinelOne report about how it is constantly targeted by both cybercriminal and state-backed hackers. Security firms are high-value targets, so constant attacks on them are the new normal. They also discuss an article that calls Signal “a kind of dark matter of American politics and media”. Many policy discussions occur on the app, and this explains the Trump administration's extensive use of the app. This episode is also available on Youtube. Show notes

Tom Uren and Adam Boileau talk about how scam compound criminal syndicates are responding to strong government action by moving operations overseas. It's good they are being affected, but they are shifting into new countries that don't have the ability to counter industrial-scale transnational organised crime. They also discuss CISA's Secure by Design initiative and that key people behind the program have left the organisation. Given prospective job cuts at CISA it is hard to see the initiative getting a lot of love, but international cyber security authorities should pick up the slack. This episode is also available on Youtube. Show notes Cyberfraud in the Mekong reaches inflection point, UNODC reveals

In this Risky Bulletin sponsor interview Shane Harding, CEO of Devicie, talks to Tom Uren about trends in the enterprise software and security market that he thinks will have huge impacts. Software is becoming smarter and aims to solve problems rather than simply provide capabilities and Microsoft has embarked on a big push into the SME security market. Show notes

Tom Uren and Patrick Gray discuss Trump's order singling out Chris Krebs, former head of CISA, that requires investigations into Krebs and also punishes his employer. It is a move deliberately designed to chill dissent and they look at what the cyber security industry will likely do in response, which is probably not much. The pair also discuss what is being interpreted as an admission that Chinese senior leadership is behind the Volt Typhoon hacking of US critical infrastructure. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview David Cottingham and Peter Baussman, Airlock Digital's CEO and CTO, talk to Tom Uren about a new Australian Cyber Security Centre guidance about building defensible networks. The pair cover what they like about the document and where it could be improved. Show notes Foundations for modern defensible architecture

Tom Uren and Patrick Gray discuss Trump's recent firing of General Timothy Haugh, the head of NSA and Cyber Command. Tom dives into the implications and thinks why this is not good news for the agencies. They also discuss Europe losing faith in the US intelligence commitments that underpin transatlantic data flows. That would be bad news for US tech companies. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray discuss how North Korean IT worker scam is shifting towards Europe and employing tactics that make it more dangerous. They also discuss why Signalgate was a massive security failure. We learnt this week that US cabinet members were in multiple Signal groups discussing different topics. Phone hacking is not uncommon, an adversary states will be able to take advantage of the intelligence in these conversations. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview Ed Currie from Kroll Cyber talks to Tom Uren about the recent hack of the Gravy Analytics geolocation data provider. He explains the hack and how geolocation data can be used by malicious actors. Show notes Kroll's report on the risks of geolocation hacks

Tom Uren and Patrick Gray discuss how the Signalgate messages betray an alarming lack of security nous at the highest levels of the US natsec leadership. It's head-scratchingly bad. They also discuss the possibility the Trump Administration will reconstitute the CSRB. The Board wasn't perfect, but in our view it is better to get it started again rather than waiting for reviews to determine its perfect form. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray discuss how China's Ministry of State Security is increasingly doxxing and threatening Taiwanese APT operators. In some ways this mirrors the US strategy of naming and shaming Chinese cyber operators in indictments that contain lots of supporting information. But although MSS statements are filled with propaganda rather than technical detail, naming Taiwanese military hackers has some bite. They also discuss Russia's ‘shadow war' sabotage campaign across Europe. The Russian campaign mostly relies on traditional sabotage and finding local proxies to throw bombs. But it does make sense for Western governments to respond with destructive cyber operations. This episode is also available on Youtube. Show notes CSIS report on Russia's 'Shadow War'

Tom Uren and Patrick Gray discuss how X is actively engaging in political interference outside the US. The risks mirror those of TikTok. American legislators moved against TikTok because it could potentially be a powerful tool for the Chinese government to interfere with American political discourse. X is a realised threat, not a potential one, so we expect that foreign governments will start to consider a ban. They also explore why mass firing of probationary employees in NSA and intelligence agencies is particularly damaging. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray discuss how Starlink is providing an internet lifeline for scam compounds that have had their internet access cut by Thai authorities. Starlink has a very poor track record dealing with unauthorised use, but it is time for the company to develop the processes to keep on top of these problems. They also discuss how President Trump's actions that favour Russia will make Five Eyes partners take stock, particularly when it comes to HUMINT intelligence sharing. Finally they examine the did-it-happen-or-not stand-down of US Cyber Command's Russian operations. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about the White House apparently considering kicking Canada out of the Five Eyes intelligence alliance to apply pressure on the country. It's a terrible idea and even thinking about it undermines the strength of the alliance. They also discuss Sweden's proposed legislation that would order apps like WhatsApp and Signal to store messages so they could be provided under warrant to authorities. The story is a vignette of the ongoing encryption debate, but we think apps like Signal will leave the country rather than comply. Finally, they talk about how the illicit cryptocurrency ecosystem is evolving in response to government action such as takedowns and sanctions. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray talk about the idea of launching a retaliatory campaign to hack Chinese telcos in response to Salt Typhoon's targeting of US ones. US Senator Mark Warner floated the idea as a way to persuade the Chinese government to pull back Salt Typhoon, but we think that kind of campaign has merit regardless. They also discuss how Samoa's CERT calling out APT40 is a big deal. It's striking to see a small country of 200,000 people calling out Chinese hacking. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray talk about Apple's refusal to obey a UK government order to provide the capability to access to encrypted iCloud data. Its the latest round in the ongoing government vs technology fights over warrant-proof encryption, and again it looks like governments will lose. They also talk about good news in the fight against ransomware. Government actions are putting pressure on the cyber criminal ecosystem, splintering groups and even making it hard to for crooks to convert cryptocurrency to hard cash. This episode is also available on Youtube. Show notes

UPDATED AUDIO: An earlier version of this podcast audio contained an editing mistake that desynchronised Patrick and Tom's audio. In this podcast Tom Uren and Patrick Gray talk about the cyber espionage implications of Chinese AI firm DeepSeek's recently released models. They will certainly be picked up by various APT crews to try and accelerate their campaigns. They also discuss the UK NCSC's attempt to quantify ‘comedy bugs' and whether EU sanctions against Russian military intelligence officers for a five-year-old cyber espionage campaign targeting Estonia are pointless. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray talk about the likelihood that the incoming Trump administration will end the ‘dual-hat' arrangement where a single officer leads both US Cyber Command and the National Security Agency. This would result in Cyber Command outranking NSA and could prioritise cyber disruption operations over intelligence collection. That would be a bad outcome. They also talk about how changes to SEC disclosure rules have led to an outpouring of corporate drivel and how WhatsApp became an everything app. This episode is also availble on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray talk about the US Federal Communications Commission effort to get US telcos to lift their security game and compares it to UK and Australian efforts. The US is very late to the game, and improving security is a huge job. They also talk about Chinese cyber actors continuing to pointlessly sow chaos and how an influence campaign in Romania is an absolute disaster for TikTok. This episode is also available on Youtube.

In this podcast Tom Uren and Adam Boileau talk about the continued importance of hack and leak operations. They didn't really affect the recent US presidential election, but they are still a powerful tool for vested interests to influence public policy. They also discuss the police bust of MATRIX, yet another encrypted messenger that is marketed to criminals and designed to resist police surveillance. The crimephone landscape is splintering due to the constant drumbeat of police success. This episode is also available on Youtube.

In this podcast Tom Uren and Patrick Gray talk about the Australian Government's extraordinary legislation that will retrospectively ensure that warrants used for the An0m crimephone sting operation are valid. They also discuss a sterling CISA red team report and the naiveté of Microsoft's Vice Chair and President Brad Smith. This episode is also available on Youtube.

In this Risky Business News sponsored interview, Tom Uren talks to Mike Wiacek, CEO and founder of Stairwell, about the occasionally dysfunctional relationship between IT and security teams. Mike talks about how security vendors need to reach out to turn IT teams into allies.

In this podcast Tom Uren and Patrick Gray talk about what the People's Liberation Army cyber operators have been up to. They used to be China's most visible cyber operators but have since disappeared. They also discuss the shift towards widespread exploitation of 0days, particularly in enterprise perimeter devices. This episode is also available on Youtube.

In this podcast Tom Uren and Patrick Gray talk about what to expect from President Trump's second term. Trump is an activist president who believes in using state power, so intelligence agencies will be pushed to conduct more audacious or even outrageous covert operations. They also discuss concerns about a new UN cybercrime treaty that is set for a vote at the General Assembly and the Canadian government's curious decision to force the closure of TikTok's local offices. This episode is also available on Youtube.

In this podcast Tom Uren and Patrick Gray talk about the Snowflake hack after the person allegedly responsible was arrested in Canada. Telegram is involved at all sorts of levels and Tom wonders if this crime would have occurred if Telegram didn't exist. They also discuss the impact of the Chinese hack of US telcos and Sophos' five-year cyber knife fight with Chinese APT crews. This episode is also available on Youtube.

In this podcast Tom Uren, Patrick Gray and Adam Boileau talk about an EU directive that will make vendors liable for software defects. The directive sets a very high bar but is also limited in scope. It only applies to individuals and doesn't cover professional use so it is a very practical way to start changing expectations about liability. They also talk about Session Messenger app which has decamped from Australia and set up a foundation in Switzerland. The encrypted and metadata-resistant app is catnip for criminals, so we expect that it is on a collision course with state power. This episode is also available on Youtube.

In this Risky Business News sponsored interview, Tom Uren talks to Brett Winterford, Okta's APAC Chief Security Officer. Brett has mined Okta's data and finds strong evidence that organisations invest in phishing-resistant authentication methods once they know they've been targeted by groups that excel at social engineering (such as Scattered Spider). Brett discussed this research at Okta's conference, Oktane, which was held in Las Vegas on 15 to 17 October 2024.

In this podcast Tom Uren and Patrick Gray talk about the evolving relationship between Russian intelligence services and the country's cybercriminals. The GRU's sabotage unit, for example, has been recruiting crooks to build a destructive cyber capability. Tom suspects that GRU thugs are not so good at hands-on-keyboard operations, but excellent at coercing weedy cybercriminals to hack for the state. They also talk about OpenAI's report into malicious actor's use of its models, and how Australia's proposed cyber security law looks pretty sensible. Show notes Influence and cyber operations: an update, October 2024

In this Risky Business News sponsored interview, Tom Uren talks to Dan Guido, CEO of Trail of Bits, about post-quantum cryptography. The pair dive into what it is, why it is needed now and how organisations are dealing with its adoption.

In this podcast Tom Uren and Adam Boileau talk a new UN report that spells out the role Telegram plays as a massive enabler for transnational organised crime. They also discuss China's hacking of US telcos to possibly target of lawful intercept equipment and a remarkably entertaining account of North Korean IT workers being employed by over a dozen cryptocurrency firms. This episode is also available on Youtube. Show notes How North Korea Infiltrated the Crypto Industry UN report into technological innovation in transnational crime

In this podcast Tom Uren and Adam Boileau talk about how the US government's response to Iranian election interference is proceeding at light speed. This allows other actors such as Meta to make decisions relating to interference with certainty. They also discuss how Russian cybercrime group Evil Corp's relationship with Russian intelligence was built on the founder's marriage. This episode is also available on Youtube.

In this Risky Business News sponsored interview, Tom Uren talks to Benny Lakunishok, CEO and cofounder of ZeroNetworks, about network microsegmentation, why it is important, how to do it, and what the NSA gets wrong about it.

In this podcast Tom Uren and Patrick Gray talk about the possibility of deterring Volt Typhoon, the Chinese group that is compromising US critical infrastructure to enable future disruption operations in the event of a conflict with US. Tom thinks it is not possible to deter Volt Typhoon, but things might work the other way. If the US can neuter Volt Typhoon and take away the PRC's magic cyber bullet, it could make conflict less likely. They also discuss the lessons for all companies in Microsoft's security turnaround and how X and Telegram have folded in the face of government pressure. The video version of this episode is also available on Youtube.

In this podcast Tom Uren and Patrick Gray talk about the structure of the spyware ecosystem. It's concentrated, with lots of vendors in India, Israel and Italy. And its a small pool of talent, with many companies being founded by just a few individuals. They also talk about the US government's actions against Russia's disinformation ecosystem. The US very clearly linked different ‘layers' of that ecosystem directly to the Russian government. Employing influencers via cutouts also shows how Russian disinformation has responded as social media platforms have countered interference efforts. This episode is also available on Youtube.

In this Risky Business News sponsored interview, Tom Uren talks to Josh Kamdjou, founder and CEO of Sublime Security, about the spectrum of attacks that are taking advantage of generative AI. These range from taking basic attacks with a pinch of AI pixie dust to more complex attacks where AI is used to construct message threads with multiple personas. Josh also talks about how different AI models can be used to identify these attacks even when they are novel.

In this podcast Tom Uren and Patrick Gray discuss Russia's use of exploits from commercial spyware vendors. Bought through a front, or stolen with other bugs? The also discuss Iran's counter-intelligence innovations - if you apply for a job thats very clearly an Israeli front, then perhaps you're not that trustworthy after all? This episode is also available on Youtube.

In this podcast Tom Uren and Patrick Gray talk about Telegram's founder and CEO Pavel Durov being bailed. They dive into the backstory behind the charges he's facing and what it all might mean for other messaging platforms. They also discuss a very handy list of straightforward ways to detect North Korean's trying to sneak into remote work jobs.

In this podcast Tom Uren and Patrick Gray discuss an Australian government effort to bridge the gap between online and real identity across the whole economy. It addresses a real need, but Tom doesn't think it will go smoothly. They also discuss ongoing Chinese cyber espionage focussed on Russian targets. They may have a ‘no limits' friendship, but spying between allies is remarkably common. This episode is also available on Youtube.

In this podcast Tom Uren and Patrick Gray discuss a US government policy initiative to cover cyber insurance gaps while also improving security across the economy. Lofty goals, but Tom wonders if it is a difficult way to address security gaps. They also talk about what appears to be a hack and leak operation targeting the Trump campaign and a recent US federal court decision which ruled that geofence warrants are unconstitutional. You can watch the video version of this episode here.

In this Risky Business News sponsored interview, Tom Uren talks to Brian Dye, CEO of Corelight about a string of recent CISA advisories. These advisories address specific technical issues, but when examined together Brian says there is an underlying message about addressing security holistically.

In this podcast Tom Uren and Patrick Gray discuss the US's National Counterintelligence strategy and that it highlights the risk that foreign intelligence entities will use personal information to target and blackmail individuals. They also talk about the recent international prisoner swap. Although two cybercriminals were exchanged in the swap, there is still no strong evidence that they were working for the state.

In this podcast Tom Uren and Patrick Gray discuss the Israeli government seizing documents from NSO Group so that they couldn't be shared with opposition counsel in a US lawsuit during discovery. It's a terrible look. They also talk about foreign adversaries turning to commercial firms to buy election interference services in the lead up to the presidential election. Tom argues that is fundamentally good news.

In this Risky Business News sponsored interview, Tom Uren talks to Thomas Kinsella, co-founder and Chief Customer Officer of Tines about figuring out what AI is really good for and taking advantage of it in automating workflows.

In this podcast Tom Uren and Patrick Gray discuss the wild story of a Chinese illegal gambling operation that involves human trafficking, shell companies, money laundering, hundreds of thousands of websites and sponsorship of European football teams. They also talk about why a potential CSRB review of CrowdStrike's disaster should focus… not on CrowdStrike, but instead on the legacy practice of security vendors having kernel-level access to Windows. Finally, Tom is happy that the FTC is going to investigate ‘surveillance pricing'.