DiscoverRisky Business
Risky Business
Claim Ownership

Risky Business

Author: Patrick Gray

Subscribed: 10,329Played: 241,064


Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
473 Episodes
On this week’s show Patrick Gray and Adam Boileau are joined by long-time NSA boffin Rob Joyce. Now Rob’s left the government service, he’s hobnobbing with us pundits, talking through the week’s news: Apple announces a big leap for confidential cloud computing into the mass market While at the same time, letting you just mosey around your iPhone from your Mac Mandiant reports in about the Snowflake breach Moody’s say credit ratings might consider cyber incidents Microsoft fixes an Azure flaw with a… “comprehensive documentation update” And much, much more. This week’s show is sponsored by Yubico, maker of the Yubikey hardware authentication token. Jerrod Chong, Yubico’s COO and President joins to talk about the challenges of the passkey and hardware authenticator ecosystem.
On this week’s show Patrick Gray and Mark Piper discuss the week’s security news, including: What on earth happened at Snowflake? A look at operation Endgame Check Point’s hilarious adventures with dot dot slash Report says the FTC is looking at Microsoft’s security product bundling More ransomware hits Russia Much, much more 404 Media co-founder Joseph Cox is this week’s feature guest. He joins us to talk about his new book, Dark Wire, which is all about the FBI’s Anom sting. This week’s show is brought to you by Resourcely. If your Terraform is a mess or your CSPM dashboards are lighting up with insane and stupid things, you should check out Resourcely. Its founder and CEO Travis McPeak will be along in this week’s sponsor interview to talk about all things Terraform.
On this week’s show Patrick and Adam discuss the week’s security news, including: Russian delivery company gets ransomware-wiper’d A supply-chain attack targets video software used in US courts Checkpoint firewalls get hacked, details as clear as mud Microsoft Recall delights hackers Aussie telco Optus gets told its IR report isn’t legal advice Cyber insurer says you’re 5x more likely to get rekt if you have a Cisco ASA And much, much more. This week’s episode is sponsored by Kroll Cyber. Alex Cowperthwaite, Kroll’s technical director research and development for offence joins to talk about how his team attacks AI models, in ways both classic and new.
This week’s episode was recorded in front of a live audience at AusCERT’s 2024 conference. Pat and Adam talked through: Google starts using security as a marketing tool against Microsoft, along with steep discounts Microsoft announces a creepy desktop recording AI UK govt proposes ransom payment controls Arizona woman runs a laptop farm for North Korea Julian Assange just keeps on with his malarky And much, much more This week’s episode is sponsored by Tines. Its CEO Eoin Hinchy joins the show to talk about how AI can be genuinely useful in automation.
In this podcast SentinelOne’s Chief Trust officer Alex Stamos and its Chief Intelligence and Public Policy Officer Chris Krebs join Patrick Gray to talk all about AI. It’s been a year and a half since ChatGPT landed and freaked everyone out. Since then, AI has really entrenched itself as the next big thing. It’s popping up everywhere, and the use cases for cybersecurity are starting to come into focus. Threat actors and defenders are using this stuff already, but it’s early days and as you’ll hear, things are really going to change, and fast.
This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including: The ongoing Ascension healthcare disruption, and Whether its reasonable for healthcare orgs to be pushing back Platforming cybercriminals for interviews Own the libs by… not using E2EE messaging? CISA’s secure by design, we want to believe! The $64billion scale of indusrialised fraud And much, much more. This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report.
Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including: The west doxxes LockbitSupp, who must now hide his hundred million dollars Revil hacker behind Kasaya breach gets 14 years Microsoft makes some positive sounding* noises on security A fun flaw in nearly all VPN clients Gitlab admins continue their never-ending incident response And much, much more. This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data. * we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland.
On this week’s show Patrick and Adam discuss the week’s security news, including: Microsoft reassures* us that they take security very seriously* Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure how Change Healthcare was 1FA Citrix all along The FTC, FCC and other government sticks get waved at tech Lizard Squad Finn who hacked the Vastaamo therapy chain gets sentenced And much, much more. This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable. * You’ll forgive us for being… a tad sceptical.
In this edition of Snake Oilers we’ll be hearing from: Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.) Knocknoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.) iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)
In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology. China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over. Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?
On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, more This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.
On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware: down but not out Zero day prices on the rise… … and what it means for enterprise software Geopolitical conflict comes to computers in Palau Ukraine cyber chief Illia Vitiuk suspended More x86 microarchitectural bad times And much much more Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.
In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2
On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.
On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code.
Comments (2)

mrs rime

🔴💚Really Amazing ️You Can Try This💚WATCH💚ᗪOᗯᑎᒪOᗩᗪ👉

Jan 16th

Naeem Sarfraz

More Dimitry please, that was fun!

Jan 20th