Claim OwnershipRisky Business
Subscribed: 10,510Played: 251,213
Subscribe
© Copyright 2007-2024 Patrick Gray
Description
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
500 Episodes
Reverse
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Sophos drops implants on Chinese firewall exploit devs
Microsoft workshops better just-in-time Windows admin privileges
Snowflake hacker arrested in Canada
Okta has a fun, but not very impactful auth-bypass bug
Russians bring dumb-but-smart RDP client attacks
And much, much more.
Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is
available on Youtube for those who want to really live vicariously through Sophos doing what every vendor probably wants to do.
This week’s episode is sponsored by attack surface mapping vendor runZero. Founder and CEO HD Moore joins to talk about marrying up the outside and inside views of your network.
You can also watch this episode on Youtube
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
CSRB to investigate China’s telco-wiretapping hacks
Euro law enforcement takes down the Redline infostealer
Someone steals Fed crypto… and then tries to quietly sneak it back in
Russia sentences REvil guys to … jail? Really?
Apple private cloud compute gets a proper bug bounty program
And much, much more.
This week’s episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and Material Security’s Rajan Kapoor to talk about how to wrangle securing data that ends up in corporate cloud email and file stores.
This episode is also available on Youtube.
In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including:
A history of Thinkst Canary including a recap of what they actually do
A look at why they’re still really the only major player in the deception game
A look at what companies like Microsoft are doing with deception
Why security startups should have conference booths
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
SEC fines tech firms for downplaying the Solarwinds hacks
Anonymous Sudan still looks and quacks like a Russian duck
Apple proposes max 10 day TLS certificate life
Oopsie! Microsoft loses a bunch of cloud logs
Veeam and Fortinet are bad and should feel bad
North Koreans are good (at hacking)
And much, much more.
This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish.
This episode is also available on Youtube.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including:
Chinese spooks all up in western telco lawful intercept
Jerks ruin the Internet Archive’s day
Microsoft drops a great report with a bad chart
The feds make their own crypto currency and get it pumped
Forti-, Palo- and Ivanti-fail
And much, much more.
This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs.
This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE)
In this edition of Snake Oilers we hear pitches from three security vendors:
Sandfly Security: An agentless Linux security platform that actually sounds very cool
Permiso: An identity security platform founded by ex FireEye folks
Wiz: The cloud security giant is getting in on code security scanning
You can watch this edition of Snake Oilers on YouTube here.
Patrick Gray and Adam Boileau discuss the week’s infosec news with everyone’s favourite ex-NSA big-brain, Rob Joyce. They talk through:
Musk and Durov bow to government pressure
Tiktok rushes to ban authoritarian propagandists
The US doesn’t want Chinese software in its cars
Kaspersky replaces itself with an AV no one has ever heard of
Aussie police chalk up another crimephone takedown
Press Win-R Ctrl-V to prove you’re human
And much, much more.
This week’s show is brought to you by Stairwell, and Stairwell’s founder Mike Wiacek will be along to talk about how people are using their platform to hunt down detection resistant malware.
A video version of this episode is also available on Youtube.
1On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:
Hezbollah’s attempts to avoid SIGINT with pagers ends in explosions
The US shines many bright lights on RT’s disinfo role
Australia counters Chinese bullying in the Pacific
Valid accounts are the most prevalent entry point, says CISA’s data
Ivanti and Fortinet vie for worst vendor of the week
Krebs writes up the shift towards charging The Com with terrorism
And much, much more…
This week’s episode is sponsored by Push Security, who bring security visibility to where it needs to be these days – the browser. Luke Jennings joins this week’s show to discuss how phish-kit crews are driving the arms race forward, and how detection has to adapt and go where the users are.
This episode is also available on Youtube.
On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:
Russia’s disinformation peddlers face multifaceted sternness from the DoJ
Telegram is now law enforcement’s bestest new pal, all of a sudden
Iran’s banking industry arranges a payment plan for a ransom
Columbia investigates how it sent private jets full of cash to pay for Pegasus
Microsoft innovates with Un-Patch Tuesday
And much, much more.
This week’s sponsor is Kroll Cyber, and one of their incident responders Paul Wells joins to discuss that one weird trick that actually helps - preparing for an incident before hand, rather than learning all those hard lessons in the middle of a crisis.
This week’s episode is also available on Youtube.
In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies:
Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs
Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst
SlashID, an identity security company that can crunch your logs to find attackers
You can watch this edition of Snake Oilers on YouTube here.
On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:
Brazil’s supreme court bans X-formerly-Twitter,
Iranian cyber teams cooperate with ransomware crews
While North Koreans wield chrome-windows 0-day
Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
The White House is coming for your unsigned BGP announcements
And much, much more.
This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!
You can also watch this episode on Youtube.
On this week’s show, Patrick Gray and Adam Boileau discusses the week’s security news, including:
Telegram founder’s arrest in France
Volt Typhoon 0days some SD-WAN gear
Russia frets about Ukraine all up in Kursk’s webcams
Cybercriminals social engineer payment card NFC relay attacks in the wild
The slow burn of Active Directory name collisions
And much, much more.
This week’s episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly.
You can also watch this week’s show on Youtube.
Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO.
Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content.
So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:
Microsoft did a good thing! Soon all Azure admins will require MFA
The three billion row National Public Data breach mess, courtesy Florida Man
US govt confirms that it was Iran that hacked the Trump campaign
Is TP-Link the next Huawei, or just not very good at computers?
Major Chinese RFID card maker has hardcoded backdoors
And much, much more.
This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.
In this conversation Risky Business host Patrick Gray speaks with SentinelOne’s Chris Krebs and Alex Stamos about what sort of cyber enabled interference we can expect in the 2024 US presidential race.
Alex was the CISO at Facebook during the 2016 election, and Chris Krebs was responsible for US election security as the director of CISA in 2020.
Watch the video version of this episode on Youtube.
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover:
Iran tries an election hack’n’leak like its still 2016
Crowdstrike takes home the Pwnie for Epic Fail at DEF CON
UK healthcare SaaS faces six million pound fine for lack of MFA
US circuit courts disagree on geofence warrants
Our roundup of juicy Blackhat/DEF CON research
And much, much more.
This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through into the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems.
You can also watch this week’s show on Youtube.
In this sponsored Soap Box edition of the show we talk to Proofpoint’s Chief Strategy Officer Ryan Kalember about making security tech more people centric.
We often talk about how we can use signals from users to drive some of our security tech. But what about using our security tech to drive user behaviour?
Ryan thinks there are some opportunities here, particularly around identity security.
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:
Crowdstrike talks loud in its postmortem, but says very little
Digicert fears the CA-Browser Forum, gets lawsuit from a customer
Dmitri Alperovitch joins the show to talk about the Russian prisoner swap
Cloudflare continues to harbour scum and villainy
Professional ransomware crew … is an improvement?
And much, much more.
This week’s episode is sponsored by Thinkst Canary. Marko Slaviero joins to discuss the unfashionable choice they made in hosting their platform one-VM-per-customer.
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:
The insurance industry’s reaction to CrowdStrike’s mess
Google’s Workspace email validation flaw and its consequences for OAuth’d applications
Is the VMWare ESX group membership feature a CVE or an FYI?
Secureboot continues to under-deliver
North Korea’s revenue neutral intelligence services
And much, much more
This episode is sponsored by allowlisting software vendor Airlock Digital. Airlock uses a kernel driver on Windows, so Chief Executive David Cottingham joined to discuss what the CrowdStrike kernel driver bug drama means for security vendors.
This episode is also available on Youtube. If you want to ruin the magic of radio and see the faces behind the show, well, now you can!
In this episode of Wide World of Cyber, Risky Business host Patrick Gray discusses the recent CrowdStrike incident and its implications for security software that operates in kernel space with Chris Krebs and Alex Stamos of SentinelOne, a CrowdStrike Competitor. The conversation also delves into Microsoft’s role in this whole disaster and the potential changes it could make to its operating system to prevent similar incidents in the future.
A video version of this episode is also available on Youtube!
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Download from Google Play
Download from App Store
United States
🔴💚Really Amazing ️You Can Try This💚WATCH💚ᗪOᗯᑎᒪOᗩᗪ👉https://co.fastmovies.org
More Dimitry please, that was fun!