Podcast appearances and mentions of tom uren

Tom Uren and Amberleigh Jack talk about a new Reuters' report that reveals how Meta is knowingly raking in cash from scam advertisements. It's around $16 billion worth, and in documents Meta calculates that it outweighs the costs of possible regulatory action. They also discuss recent state-backed supply chain attacks that have, so far, remained targeted and responsible. Finally they look at the UK's decision to stop sharing intelligence with the US about suspected drug boats in the Caribbean. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about aggressive US cyber operations targeting the Venezuelan government in President Trump's first term. These were narrowly successful in that they achieved their immediate operational goals, but they didn't achieve Trump's broader policy goal of ousting Venezuelan leader Nicolás Maduro. They also talk about why the adtech ecosystem is a national security problem all round the world and how cybercriminals are collaborating with organised crime to steal cargo from logistics companies. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It's a terrible look, but it doesn't mean the private sector can't be trusted to develop exploits. They also discuss a new report's recommendations to empower the Office of the National Cyber Director. It's a good idea, but it won't make up for the cuts in funding and personnel across the Trump administration's cyber portfolio. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about how America can better use its private sector to scale up offensive cyber activities, including espionage and disruption operations. Involving it to tackle ransomware and cryptocurrency scammers makes a lot of sense. They also talk about how the ransomware ecosystem is splintering, and one operator's relatively quick journey from being an affiliate to a platform operator. This episode is also available on Youtube. Show notes From Chaos to Capability: Building the US Market for Offensive Cyber Devman's RaaS Launch

In this sponsor interview, Edward Wu, CEO and founder of Dropzone AI talks to Tom Uren about a study that measured how AI practically helps SOC analysts triage real-world problems. Analysts were faster, more accurate and got less tired with AI assistance. Edward thinks the technology won't replace human analysts, but will speed their skill development. Show notes The Cloud Security Alliance AI SOC study

Tom Uren and Amberleigh Jack talk about First Wap, a Jakarta-based company that is selling surveillance-as-a-service. The good news is that it appears that government and media attention has had an impact on high-profile spyware vendors like NSO Group. The bad news is that these smaller players are flying under the radar and aren't afraid of selling to sketchy customers. They also talk about how the Chinese government has harnessed the power of its exploit development community with hacking contests. This episode is also available on Youtube. Show notes

In this Risky Business sponsored interview, Tom Uren talks to Damien Lewke, CEO and founder of Nebulock about countering adversary use of AI… with AI. They talk about how threat actors are rapidly adopting AI and what defenders should be doing in response. Show notes Anthropic's August threat report

Tom Uren and Amberleigh Jack talk about the Clop ransomware gang. It is interesting because the group has arrived at a strategy that rinses a whole lot of enterprises at once and comes with a decent pay day, But it's actually the least damaging kind of ransomware. Tom wonders why can't more gangs be like Clop? They also discuss the US government having second thoughts about ignoring foreign influence operations. Its adversaries run them all the time, so perhaps just sticking its head in the sand isn't the best strategy. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about different ways foreign intelligence services are finding to recruit local proxies. These methods could be too risky for Western intelligence agencies, but for some state's services they just make sense. They also discuss a report into DOGE and how speed was prioritised over robust governance. This episode is also available on Youtube. Show notes

In this sponsored interview, Authentik CEO Fletcher Heisler talks to Tom Uren about how identity providers (IdP) are fundamental to everything an organisation does. He explains how organisations are making themselves resilient by managing their redundancy and failover options. Show notes

Tom Uren and Amberleigh Jack talk about how the funnel that turns kids into cyber criminals has evolved over the last decade. Cybercrime's reach has broadened, it is more lucrative and more violent. They also talk about new thinking about deterring America's cyber adversaries. This episode is also available on YouTube Show notes CSIS's Playbook for Winning the Cyber War Bloomberg reporting on Scattered Spider

Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed. They also discuss the in-principle agreement for TikTok to remain in the US. It's a win-win: a win for China and a win for TikTok, but not so much a win for US national security. This episode is also available on YouTube. Show notes

Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm. They also talk about Apple's Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It's a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace. They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That's a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government. And it turns out that Apple's dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won't pass, but letting hackers loose on industrial-scale scam farms actually makes sense. They also talk about Microsoft's blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China's security interests are not compatible with Microsoft's. This episode is also available on Youtube. Show notes

In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta's VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it. Show notes

In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish. This episode is also available on Youtube. Show notes The Register, Three notorious cybercrime gangs appear to be collaborating Between Two Nerds episode 103 Sponsor interview with Brett Winterford from Okta

Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country's invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy. They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It's about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years. They also discuss Microsoft's involvement in an Israeli surveillance system and the head of Australia's security organisation's blunt warning about espionage. This episode is also available on Youtube. Show notes

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico's Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys. Show notes

Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn't deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about Huawei's contract to manage storage for Spain's lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004! They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that there are key individuals with outsize impact. But they also reinforce that the online communities they are involved in act as training grounds for cyber criminals. Arrests will slow hacks, not stop them. This episode is also available on Youtube. Show notes

Tom Uren and Amberleigh Jack talk about our developing understanding of the group that people call Scattered Spider. Independent security firms agree that there are a small number of key people that are driving the group's outrageous success. That gives us hope that targeted action might stem the bleeding. They also talk about data leaks from China's cyber espionage ecosystem that are for sale on a data leak site. These look to contain actionable information from a counterintelligence point of view. And Tom wonders if a market for espionage-as-a-service will develop? This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray discuss warnings about Iranian cyber attacks on US critical infrastructure. Despite many many warnings, there have been no actual attacks and they discuss the reasons why Iran would want to avoid escalatory cyber attacks. They also talk about how the FBI is struggling to deal with the democratisation of surveillance and data analysis, what the agency calls Ubiquitous Technical Surveillance (UTS). A Department of Justice audit of the FBI's response finds the threat from UTS is real and that sources have been murdered. But it seems that the FBI just doesn't care. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview Craig Rowland, CEO of Sandfly Security, talks to Tom Uren about the disconnect between how important Linux systems are and how much security attention they get. The pair discuss the variety of reasons that security teams underinvest in protecting Linux. Show notes

Tom Uren and Patrick Gray talk about a new report that compares Chinese and American 0day pipelines. The US is narrowly focussed on acquiring exquisitely stealthy and reliable exploits, while China casts a far broader net. That was fine in the past, but as 0days get harder and harder to find, the report argues that the US needs to change the way it goes about getting them. The pair also talk about Cyber Command supporting the US bomb strikes against Iranian nuclear facilities. We like to believe in magic cyber capabilities, but we suspect the truth was far more mundane in this case. This episode is also available on Youtube. Show notes Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace

In this Risky Bulletin sponsor interview Fletcher Heisler, CEO of Authentik, talks to Tom Uren about the inflection points that make organisations consider rationalising their Identity Providers (IdPs). The pair also discuss sovereign tech stacks and how to earn the trust of customers. Show notes

Tom Uren and Patrick Gray talk about a Minnesota man who used people-search services to locate, stalk and eventually murder political targets. They also discuss purported hacktivist group Predatory Sparrow weighing in on the Iran-Israel conflict. It has attacked Iran's financial system including a bank associated with the Iranian Revolutionary Guard Corp and also burnt USD$90 million worth of cryptocurrency from an Iranian exchange This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about how a Trump executive order has scaled back the government's cyber security ambitions. The carrots and sticks that would have been used to encourage organisations to adopt stricter security standards are gone. They also discuss North Korea's use of AI in its IT worker scam and the emergence of espionage-as-a-service… perhaps. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about how Operation Endgame, the multinational law enforcement effort to tackle ransomware is approaching the problem holisitically. It's tackling the enablers of ransomware and although it won't eliminate the crime, it'll make it harder for criminals. They also discuss the spyware app that helped to dismantle the Syrian regime, at least maybe a little bit, and how Russian military intelligence's sabotage and assasination unit got into cyber operations. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about Russian DanaBot malware developers making a tailored variant of their malware specifically for espionage. This fills in some of the blanks on the exact relationship between Russian criminals and the country's intelligence services. They also discuss a US Director of National Intelligence initiative to centralise the purchase of commercially acquired information. Although this information can be used maliciously, having a one-stop-shop should make it easier to check that it is being used responsibly. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about how Telegram took down the two largest ever criminal marketplaces recently. They used Telegram for all their communications and had collectively sold over USD$30 billion in illicit products. The pair discuss why Telegram is now cooperating with authorities after historically being reluctant and whether this assistance will continue. They also discuss how Meta is awash with scam advertisements and how Chinese mobile app encryption is suspiciously awful. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem. Show notes

In this Risky Bulletin sponsor interview James Pope, Director of Technical Enablement, talks to Tom Uren about his experience running networks and security centres at Black Hat conferences around the world. Pope talks about the challenges of running a SOC at a hacker conference, how conference networks around the world have a different character and talks about all the weird and wonderful security snafus he has found. Show notes

Tom Uren and Patrick Gray talk about how the US is planning to take the gloves off in cyberspace and conduct much more aggressive offensive cyber operations. US responses to cyber espionage have not been very aggressive to date, but Tom is not convinced that cyber punches are required, so much as blows that really hurt. The pair also discuss TeleMessage, the Signal clone the Trump cabinet has been using. The app managed to sidestep certification and assessment processes and ended up being used by various agencies in the US government. And the White House. It's a mystery how this happened. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about a SentinelOne report about how it is constantly targeted by both cybercriminal and state-backed hackers. Security firms are high-value targets, so constant attacks on them are the new normal. They also discuss an article that calls Signal “a kind of dark matter of American politics and media”. Many policy discussions occur on the app, and this explains the Trump administration's extensive use of the app. This episode is also available on Youtube. Show notes

Tom Uren and Adam Boileau talk about how scam compound criminal syndicates are responding to strong government action by moving operations overseas. It's good they are being affected, but they are shifting into new countries that don't have the ability to counter industrial-scale transnational organised crime. They also discuss CISA's Secure by Design initiative and that key people behind the program have left the organisation. Given prospective job cuts at CISA it is hard to see the initiative getting a lot of love, but international cyber security authorities should pick up the slack. This episode is also available on Youtube. Show notes Cyberfraud in the Mekong reaches inflection point, UNODC reveals

In this Risky Bulletin sponsor interview Shane Harding, CEO of Devicie, talks to Tom Uren about trends in the enterprise software and security market that he thinks will have huge impacts. Software is becoming smarter and aims to solve problems rather than simply provide capabilities and Microsoft has embarked on a big push into the SME security market. Show notes

Tom Uren and Patrick Gray discuss Trump's order singling out Chris Krebs, former head of CISA, that requires investigations into Krebs and also punishes his employer. It is a move deliberately designed to chill dissent and they look at what the cyber security industry will likely do in response, which is probably not much. The pair also discuss what is being interpreted as an admission that Chinese senior leadership is behind the Volt Typhoon hacking of US critical infrastructure. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview David Cottingham and Peter Baussman, Airlock Digital's CEO and CTO, talk to Tom Uren about a new Australian Cyber Security Centre guidance about building defensible networks. The pair cover what they like about the document and where it could be improved. Show notes Foundations for modern defensible architecture

Tom Uren and Patrick Gray discuss Trump's recent firing of General Timothy Haugh, the head of NSA and Cyber Command. Tom dives into the implications and thinks why this is not good news for the agencies. They also discuss Europe losing faith in the US intelligence commitments that underpin transatlantic data flows. That would be bad news for US tech companies. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray discuss how North Korean IT worker scam is shifting towards Europe and employing tactics that make it more dangerous. They also discuss why Signalgate was a massive security failure. We learnt this week that US cabinet members were in multiple Signal groups discussing different topics. Phone hacking is not uncommon, an adversary states will be able to take advantage of the intelligence in these conversations. This episode is also available on Youtube. Show notes

In this Risky Bulletin sponsor interview Ed Currie from Kroll Cyber talks to Tom Uren about the recent hack of the Gravy Analytics geolocation data provider. He explains the hack and how geolocation data can be used by malicious actors. Show notes Kroll's report on the risks of geolocation hacks

Tom Uren and Patrick Gray discuss how the Signalgate messages betray an alarming lack of security nous at the highest levels of the US natsec leadership. It's head-scratchingly bad. They also discuss the possibility the Trump Administration will reconstitute the CSRB. The Board wasn't perfect, but in our view it is better to get it started again rather than waiting for reviews to determine its perfect form. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray discuss how China's Ministry of State Security is increasingly doxxing and threatening Taiwanese APT operators. In some ways this mirrors the US strategy of naming and shaming Chinese cyber operators in indictments that contain lots of supporting information. But although MSS statements are filled with propaganda rather than technical detail, naming Taiwanese military hackers has some bite. They also discuss Russia's ‘shadow war' sabotage campaign across Europe. The Russian campaign mostly relies on traditional sabotage and finding local proxies to throw bombs. But it does make sense for Western governments to respond with destructive cyber operations. This episode is also available on Youtube. Show notes CSIS report on Russia's 'Shadow War'

Tom Uren and Patrick Gray discuss how X is actively engaging in political interference outside the US. The risks mirror those of TikTok. American legislators moved against TikTok because it could potentially be a powerful tool for the Chinese government to interfere with American political discourse. X is a realised threat, not a potential one, so we expect that foreign governments will start to consider a ban. They also explore why mass firing of probationary employees in NSA and intelligence agencies is particularly damaging. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray discuss how Starlink is providing an internet lifeline for scam compounds that have had their internet access cut by Thai authorities. Starlink has a very poor track record dealing with unauthorised use, but it is time for the company to develop the processes to keep on top of these problems. They also discuss how President Trump's actions that favour Russia will make Five Eyes partners take stock, particularly when it comes to HUMINT intelligence sharing. Finally they examine the did-it-happen-or-not stand-down of US Cyber Command's Russian operations. This episode is also available on Youtube. Show notes

Tom Uren and Patrick Gray talk about the White House apparently considering kicking Canada out of the Five Eyes intelligence alliance to apply pressure on the country. It's a terrible idea and even thinking about it undermines the strength of the alliance. They also discuss Sweden's proposed legislation that would order apps like WhatsApp and Signal to store messages so they could be provided under warrant to authorities. The story is a vignette of the ongoing encryption debate, but we think apps like Signal will leave the country rather than comply. Finally, they talk about how the illicit cryptocurrency ecosystem is evolving in response to government action such as takedowns and sanctions. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray talk about the idea of launching a retaliatory campaign to hack Chinese telcos in response to Salt Typhoon's targeting of US ones. US Senator Mark Warner floated the idea as a way to persuade the Chinese government to pull back Salt Typhoon, but we think that kind of campaign has merit regardless. They also discuss how Samoa's CERT calling out APT40 is a big deal. It's striking to see a small country of 200,000 people calling out Chinese hacking. This episode is also available on Youtube. Show notes

In this podcast Tom Uren and Patrick Gray talk about Apple's refusal to obey a UK government order to provide the capability to access to encrypted iCloud data. Its the latest round in the ongoing government vs technology fights over warrant-proof encryption, and again it looks like governments will lose. They also talk about good news in the fight against ransomware. Government actions are putting pressure on the cyber criminal ecosystem, splintering groups and even making it hard to for crooks to convert cryptocurrency to hard cash. This episode is also available on Youtube. Show notes