Claim OwnershipRisky Business
Subscribed: 10,076Played: 229,431
Subscribe
© Copyright 2007-2023 Patrick Gray
Description
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
442 Episodes
Reverse
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
Iran-linked attacks on US water infrastructure
Why the ownCloud bug isn’t the end of the world
The D-Link 0day that… never existed?
In defence of Okta
Much, much more
This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
The Citrixbleed ransomware crisis
Why the FBI hasn’t arrested Scattered Spider members
DPRK is in your supply chains
Microsoft has a brainwave and buys a HSM
When civil war meets pig butchering
Much, much more
This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
In this Soap Box podcast Patrick Gray talks to Material Security’s CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites.
Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files?
Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account.
Even if you’re not interested in buying a product to tackle this, we think this one is a great listen.
On this week’s show Patrick Gray talks through the news with Chris Krebs and Dmitri Alperovitch. They discuss:
The SEC enforcement action against Solarwinds’ CISO
The White House AI Executive Order
CitrixBleed exploitation goes wide
How Kaspersky captured some (likely) Five Eyes iOS 0day
Elon Musk’s Gaza Strip adventures
Much, much more
This week’s show is brought to you by Greynoise. Andrew Morris, Greynoise’s founder and CEO, is this week’s sponsor guest. He talks about how Greynoise is using large language models to help them analyse massive quantities of malicious internet traffic.
In this edition of the Soap Box we hear from Mike Wiacek and Eric Foster from Stairwell.
Stairwell makes a product that collects and analyses every executable file in your environment. You deploy file collectors to your systems and they forward all new files to Stairwell for manual and automated analysis. You can do a lot of really cool analysis once you have all that stuff in the same place.
But as you’ll hear, Stairwell is broadening out the use cases for its platform. You don’t want to forward files from every system? You don’t have to. It’s still very useful as an analysis platform. It’s sort of like VirusTotal, but private and with a bunch more bells and whistles. There’s also a bunch of sharing tools in the platform, which gives it a “social network for CTI nerds” flavour.
On this week’s show Patrick Gray talks through the news with Dmitri
Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director
Morgan Adamski. They discuss:
The Okta breach
40-50k feral Ciscos
Why the http/2 protocol flaw is a real headache
The Ragnar Locker takedown
What the NSA CCC has been thinking about
This week’s show is brought to you by Socket. Socket’s founder Feross
Aboukhadijeh joins us this week to talk about their actually-not-crazy
use of large language models in their product.
Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d.
He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.
On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover:
Microsoft has killed VBScript
Google to make passkeys the new default sign-in method
MGM losses to exceed $100m
Clorox has a bad quarter
Why a bug in cURL could be really bad news
Much, much more
This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
Ransomware crews target WS_FTP and Jetbrains servers
Global energy supply shapes up as big target
The Dossier Center drops another banger
Indian nationalists DDoS Canadian targets
A look at the Exim drama
Much, much more
This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover:
How western youths are working with Russian ransomware crews
Russia has changed its targeting in Ukraine
A massive breach of historical Russian flight information is god’s gift to OSINT orgs
Cisco buys Splunk for $28bn
Much, much more
This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest.
Links to everything that we discussed are below.
In this edition of Snake Oilers you’ll hear product pitches from:
Sublime Security: e-mail security for people who want to tune their detections
VulnCheck: Provides vulnerability intelligence to governments, large enterprises and vendors
Devicie: Manage your devices with Intune without pulling your hair out
On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover:
Microsoft’s 38TB oopsie
MGM’s Okta compromised, was this what Okta was warning us about?
Why we need a cyber knife fight
Google Authenticator sync abused in the wild
Much, much more
This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
How Storm-0558 stole Microsoft’s signing key
Cisco 0day being used by ransomware crews
We were right about Elon stumbling into the Ukraine war
Someone’s amazing image library 0day just got crushed
Much, much more!
This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
In this edition of Snake Oilers you’ll hear product pitches from:
ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts
Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down
Zero Networks: Agentless: heavily automated microsegmentation and a VPN product that won’t get you insta-owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
Why everyone should pay attention to some recent attacks on Okta customers
Why third party comms apps are risky af
Why are Russian espionage opps using Tor for C2?
Surveillance firms abuse Fiji Telco Digicel’s SS7 access
Much, much more!
This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
The FBI takes down Qakbot, steals operators’ bitcoins ha ha
Danish hosting provider completely destroyed in ransomware attack
Sophisticated Russian cyber attack on Polish trains. Well. Not really.
Microsoft revokes cert then revokes its revocation
Much, much more!
This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
(NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!)
US Government warnings to private space sector on cyber risk
Ukrainian hackers dump the inbox of Russian Duma deputy chair
Absentee voting in Ecuador’s election disrupted by DDoS attack
South Korea warns of Chinese “spy chips”
Much, much more!
This week’s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week’s show to talk about Powershell Constrained Language mode.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia’s invasion.
From turning off Ukraine’s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia’s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions.
How has Ukraine been able to withstand Russia’s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
More victims identified in Chinese breach of Microsoft email accounts
Cyber Safety Review Board to investigate Microsoft
We got some stuff wrong last week
More details on Viasat hack revealed
Special guest Heather Adkins talks about the CSRB’s Lapsus$ report
Much, much more
This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
Tenable gives Microsoft a spray over Azure bug fix delay, quality
Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization
Ransomware targets hospitals, special needs schools
Japan’s cybersecurity has some catching up to do
Much, much more
This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Download from Google Play
Download from App Store
United States
More Dimitry please, that was fun!