Risky Business
301 episodes - English - Latest episode: about 16 hours ago - ★★★★★ - 339 ratingsRisky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Risky Business #678 -- Iranians Gone Wild
September 13, 2022 14:00 - 51 minutes - 46.9 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Albania suffers under another crippling Iranian attack Iran’s APT42 using clever, multi-persona phishing State Department cyber snitching program paying off Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump Mudge fronts US Senate Judiciary Committee Much, much more… This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO is th...
Risky Business #677 -- A day late and a dollar short: China doxxes NSA op
September 06, 2022 14:00 - 58 minutes - 53.8 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: China’s super spies figure out Rob Joyce ran TAO ops FBI, French authorities fly to Montenegro to investigate ransomware attack NEWSFLASH: Cloudflare are still a bunch of Nazi cuddlers SIM swap drama spills into real world shootings, firebombings Yandex Taxi hack clogs Moscow streets The TikTok breach that wasn’t Project Raven veterans get wings clipped Why recent BGP hijacks are getting a...
Risky Business #676 -- Okta, Authy users among Twilio hack targets
August 30, 2022 14:00 - 55 minutes - 50.6 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The Twilio breach was actually a big deal How a Belarusian Cyber Partisans hack burned a GRU illegal Who wants 25m hashed passwords from Russia? An NFT we can get behind How attackers are using game anti-cheat drivers to defeat EDR Much, much more This week’s sponsor interview is with Mike Benjamin, the VP of security research at Fastly. He pops in to argue that your red team needs to actua...
Risky Business #675 -- The problem with Mudge's whistleblowing complaint
August 23, 2022 14:00 - 1 hour - 60.2 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A deep look at Mudge’s sensational whistleblower complaint against Twitter Brazilian Federal Police raid Lapsus$ crew NSO CEO to stand down (again), 100 staff to be let go Signal users impacted in Twilio incident Tornado Cash OFACs around and finds out Much, much more This week’s show is brought to you by Greynoise. Its founder, Andrew Morris, joins the show with a stinging critique of the ...
Risky Biz Soap Box: Okta's Brett Winterford on session cookie theft and mitigations
August 09, 2022 00:00 - 37.5 MBIn this edition of the Soap Box podcast Okta’s APAC CISO and former Risky Biz editor Brett Winterford talks about how attackers are getting much better at swiping session cookies via realtime phishing and malware. He also talks about some mitigation strategies to combat this threat and introduces the concept of continuous authentication. Show notes Defending against session hijacking
Risky Business #674 -- "Free money" exploit spawns $150m blockchain feeding frenzy
August 03, 2022 00:00 - 42.5 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Taiwan tensions fail to conjure the cyber apocalypse Crypto bridge exploit results in $150m feeding frenzy Chainalysis evidence to be challenged in court Post-quantum NIST candidate algorithm gets smoked DSIRF’s Russia links Much, much more This week’s sponsor interview is with Jerrod Chong from Yubico. He’s joining the show to talk about why consumer-focussed implementations of Webauthn li...
Risky Business #673 -- When throwing computers into a woodchipper is standard IR
July 27, 2022 00:00 - 53.3 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Entrust being ransomwared is good news UEFI bootkits turn hardware into landfill Microsoft resumes macro blocking rollout Pat and Adam talk about why plugging your IDP into legacy apps is a dreadful idea Much, much more This week’s sponsor guest is Paul “The Voice” Lanzi of Remediant. He’s popping along to talk about the emergence of a new product category – Identity Threat Detection and...
Risky Business #672 -- "Expected behaviour" is in the eye of the beholder
July 20, 2022 00:00 - 49 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at the DHS Cyber Safety Review Board’s Log4j report Joshua Schulte no longer the “alleged” Vault7 leaker Chinese APT crews targeted US political journalists before Jan 6 Ransomware gangs make leak sites searchable Why recovering plaintext passwords from Okta is expected behaviour US Government seizes North Korean ransomware payment Much, much more This week’s show is brought to you ...
Risky Business #671 -- The case for an American-owned NSO Group
July 13, 2022 00:00 - 53.1 MBOn this week’s show Patrick Gray and guest cohost Dmitri Alperovitch discuss the week’s security news, including: Why an American defence contractor acquiring NSO Group would be a nonproliferation win A look at Microsoft’s botched macro measures iPhone’s Lockdown Mode Ukraine goes big on Yubikeys Aerojet Rocketdyne pays millions over poor security controls, CISO whistleblower gets bag of cash Much, much more This week’s show is sponsored by Proofpoint. Ryan Kalember, Proofpoint’s Exe...
Risky Biz Soap Box: Running a global vulnerability management program
July 11, 2022 00:00 - 32.5 MBToday’s soap box is brought to you by Nucleus Security. Nucleus makes a platform that ingests vulnerability scan information from all your vuln scanning tech so that you can do things like assign different vulnerabilities to different teams to manage and remediate. Send these ones to infrastructure, send these ones to app teams, send everything up and down this stack to this department etc. If you want to see Nucleus in action I have recorded a demo and it’s on our YouTube product demos p...
Risky Business #670 -- China's world record data breach
July 06, 2022 00:00 - 57.8 MBOn this week’s show Patrick Gray and guest cohost Mark Piper discuss the week’s security news, including: A billion records leaked in China China to develop desktop operating system HackerOne fires insider for stealing hackers’ work and bounties FSB officer charged with stealing hacker’s bitcoin Why Microsoft is wrong on Russia and Ukraine Much, much more Red Canary’s Adam Mashinchi and Brian Donohue will be along in this week’s sponsor interview to talk about Atomic Red Team, the op...
Risky Business #669 -- Finally, an ICS attack that made stuff explode!
June 29, 2022 00:00 - 61.6 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week’s show is brought to you by Material Security. JJ Agha, CISO at C...
Risky Biz Soap Box: HD Moore on taking Rumble to the cloud
June 26, 2022 00:00 - 24.8 MBToday’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on...
Risky Business #668 -- Microsoft is hiding its Azure security problems
June 22, 2022 00:00 - 59.4 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange How to ransomware documents in the cloud Microsoft stops Windows 10/11 downloads in Russia Belarusian cyber partisans obtain spy agency’s audio recordings Much, much more This week’s edition of the show is brought to you by Gigamon. Josh Day, Gig...
Risky Business #667 -- "Shields Up" for cyber's forever war
June 13, 2022 00:00 - 53.9 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attempt backfires Binance is a cesspit of shady financial dealings Apple’s passkey release foreshadows FIDO mass adoption Much, much more This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. ...
Risky Business #666 -- The msdt RTF of DOOM
May 31, 2022 00:00 - 47.7 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us th...
Risky Business -- #665 You can ransomware whole countries now
May 25, 2022 00:00 - 54.6 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funk...
SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns
May 20, 2022 00:00 - 14.1 MBThe following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.
Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you
May 18, 2022 00:00 - 36.7 MBIn this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.
Risky Business #664 -- The Spanish Prime Minister got Pegasus'd
May 04, 2022 00:00 - 47.2 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Spanish PM’s phone infected by Pegasus Microsoft drops Ukraine research report We can’t make heads or tails out of the FBI’s transparency report France hit with coordinated fibre sabotage campaign Why Musk’s algorithm pledge is meaningless Much, much more This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Sh...
Risky Business #663 -- Israel cracks down on spyware exports
April 27, 2022 00:00 - 53.5 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Israel Ministry of Defence is denying a lot of spyware export licences Private detective in New York pleads guilty over BellTroX shenanigans Scammers enrol stolen credit cards into Apple Pay The Blackcat ransomware crew is very active right now VirusTotal shells lol Much, much more This week’s sponsor interview is with Okta’s Brett Winterford, who talks in detail about the company’s brush w...
Risky Business #662 -- It's a bad month to be an electricity grid
April 21, 2022 00:00 - 56 MBOn this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including: Ukraine foils Russian ICS hack US Government burns someone’s ICS toolkit China gets all up in India’s energy gridz The Heroku/Hithub/Travis CI story is very confusing US DOJ removes GRU malware from Watchguard boxes under Rule 41 North Korea behind $540m crypto hack Much, much more This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and J...
Snake Oilers: Vectra, Google Security and SecureStack
April 13, 2022 00:00 - 38.4 MBSnake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Kevin Kennedy from Vectra talks about the company’s cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network even...
Risky Business #661 -- Viasat hack details firm up
April 06, 2022 00:00 - 55.4 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why Spring4Shell isn’t all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among ot...
Snake Oilers: PentesterLab, AttackForge and Sysdig
April 04, 2022 00:00 - 35.1 MBSnake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Upskill your testers and developers with PentesterLab for US$20 a month Manage penetration tests and reporting with AttackForge How Sysdig can help herd your con...
Snake OIlers: PentesterLab, AttackForge and Sysdig
April 04, 2022 00:00 - 35.1 MBSnake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Upskill your testers and developers with PentesterLab for US$20 a month Manage penetration tests and reporting with AttackForge How Sysdig can help herd your con...
Risky Business #660 -- Lapsus$ arrests, latest on Okta incident
March 30, 2022 00:00 - 57.5 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Some arrests of suspected Lapsus$ members in the UK Why the Okta incident is probably a fizzer Four FSB officers indicted over Triton/Trisis malware Kim Zetter interviewed Intrusion Truth Australian government to upsize ASD Wave bye bye to Finfisher Much, much more This week’s sponsor interview is with Mike Wiacek from Stairwell. Stairwell makes a product that catalogues the files in your...
Risky Biz Soap Box: Why allowlisting is ready for prime time
March 24, 2022 00:00 - 32.8 MBAirlock Digital co-founders Daniel Schell and Dave Cottingham join host Patrick Gray to talk about: What an effective allowlisting program looks like Why the third party allowlisting industry failed the first time What you can achieve with Microsoft tooling versus specialist tools How much effort is involved to do this right
Risky Business #659 -- Okta and Microsoft meet LAPSUS$
March 23, 2022 00:00 - 56.4 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Okta’s somewhat awful comms around its LAPSUS$ incident Inside Microsoft’s brush with the same group How Elon Musk’s Starlink service is being used to drop bombs on Russian tanks US, UK governments warn of impending Russian cyberdoom Much, much more… This week’s sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It’s a ...
Risky Business #658 -- Germany sounds alarm on Kaspersky software
March 16, 2022 00:00 - 54.1 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Germany issues stark warning to Kaspersky users Ukraine SATCOM hack keeps getting more interesting Russia to spin up its own CA, but it’s not what it seems Why the ransomware threat could get worse, then better Much, much more This week’s show is brought to you by Fastly. Kelly Shortridge, Fastly’s Senior Principal Product Technologist, joins the show this week to tell us what modern securit...
Risky Business #657 -- Belarus targets refugee data
March 09, 2022 00:00 - 55 MBOn this week’s show Patrick Gray, Brian Krebs and Adam Boileau discuss the week’s security news, including: The Contileaks latest Belarus targeted refugee data. Was it behind the ICRC hack? How APT41 hacked America’s livestock SATCOM hack in Ukraine may bode ill for Musk Much, much more Material Security’s co-founder Ryan Noon is this week’s sponsor guest. He joins the show to talk about a few things, how the building blocks for a whole new generation of security tooling – like large-...
Risky Business #656 – We expected a cyberwar but got an infowar
March 03, 2022 00:00 - 48.6 MBOn this week’s show Patrick Gray, Dmitri Alperovitch and Adam Boileau discuss the week’s security news, including: We expected a cyberwar but got an information war People with SDR kits are doing SIGINT in Ukraine Conti has imploded and it’s hilarious Much, much more This week’s show is brought to you by Proofpoint. Sherrod DeGrippo, Proofpoint’s Vice President of Threat Research and Detection is this week’s sponsor guest. She joins us to talk about how there isn’t really any magic adv...
Risky Biz Soap Box: US Government will embrace "phishing resistant MFA"
February 28, 2022 00:00 - 29.4 MBThese Soap Box editions of the show are entirely sponsored – that means everyone you hear in one of these episodes paid to be here. In this edition we’re talking to Yubico’s Chief Solutions Officer Jerrod Chong. We do one of these Soap Box podcasts with Jerrod every year. Yubico, of course, is the maker of the Yubikey hardware security device. In this chat with Jerrod we cover a few things – like the zero trust executive order, hardware-backed web transactions and how the industry leading...
Risky Business #655 -- USG: Expect Russian cyber drama
February 23, 2022 00:00 - 54.9 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Ukraine sanctions may lead to Russia going “cyber feral” Brian Krebs links Red Cross breach to Iranian actor APT10 uses cred stuffing as misdirection Report: Global logistics behemoth Expeditors ransomwared NFT thefts still hilarious Inside the epic KlaySwap hack Much, much more In this week’s sponsor interview Thinkst Canary’s Marco Slaviero talks about some work they’ve done on introduci...
Risky Biz Feature: "Everyone has a plan until they get punched in the face"
February 16, 2022 00:00 - 43.6 MBThere is no weekly news show this week. Instead, we’re running this feature interview with Michael Montoya, the CISO of Equinix. This isn’t a sponsored interview or anything like that, this podcast was prepared with support from the Hewlett Foundation’s Cyber Initiative. Equinix has 9,000 staff and operates 220 data centres globally. Its annual revenue is in the order of USD$6bn. In September 2020 it was attacked by criminals who deployed the Netwalker ransomware on its corporate network. ...
Risky Business #654 -- FBI arrests deeply annoying cryptocurrency influencers
February 09, 2022 00:00 - 58 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A spate of ransomware attacks on European energy and transport Russian authorities extend cybercrime crackdown Irritating influencers arrested for laundering 2016 Bitfinex hack proceeds IRS abandons ID.me trial Microsoft disables macros by default, disables MSIX protocol handler Much, much more This week’s show is brought to you by ExtraHop. Extrahop’s Ted Driggs is this week’s sponsor gue...
Risky Biz Soap Box: The state of malicious mass scanning with Andrew Morris
February 03, 2022 00:00 - 41.8 MBThese soap box podcasts are wholly sponsored – that means everyone you hear in one of these editions paid to be here. Today’s guest is Andrew Morris, the founder and CEO of Greynoise. Greynoise is one of those companies that has a brief that sounds simple but is actually quite hard to execute on. They detect malicious mass scanning on the Internet so their customers can plug that data into their SOC to see if the IP they just got an alert on is something targeting them or something targeti...
Risky Business #653 -- REvil arrests: Sometimes a banana is just a banana
February 02, 2022 00:00 - 52.3 MBOn this week’s show Patrick Gray, Tom Uren and Joe Slowik discuss the week’s security news, including: Why China’s Olympics app is probably not spyware New DDoS record set at 3.47Tbps USG goes all in on Zero Trust Dmitry Medvedev makes all the right noises on ransomware cooperation Iranian APT crew dabbles in ransomware German fuel distribution ransomwared The latest on NSO Much, much more This week’s show is brought to you by Google Cloud. Anton Chuvakin, the head of security solu...
Risky Business #652 -- Cyber Partisans take down Belarusian rail systems
January 26, 2022 00:00 - 56.8 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Belarusian Cyber Partisans ransom train network A look at developments in Ukraine Merck wins NotPetya insurance lawsuit US VC firm in talks to acquire NSO Group Much, much more This week’s show is brought to you by Trail of Bits, the security engineering firm. Dan Guido joins us this week week to talk about zkdocs, a bunch of documentation Trail of Bits put together to provide guidance on ho...
Risky Business #651 -- Russia's ransomware diplomacy
January 19, 2022 00:00 - 54.9 MBOn this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including: Russia arrests REvil crew Ukraine government hit in messy hacks White House hosts open source pow-wow, but is it pointless? US cyber reporting law will come back from the dead Report: Israeli police targeted activists with NSO but without warrants Much, much more This week’s sponsor interview is with HD Moore, the founder of Rumble. We’re talking through what how he and ...
Risky Biz Soap Box: Rolling your own threat intelligence with Steve Miller
January 14, 2022 00:00 - 38.3 MBIn this edition of the soap box we’re chatting with Steve Miller, a senior researcher at Stairwell. Steve has a long history doing this sort of stuff. He worked inside various bits of the US government doing cyber things, and also spent a decent chunk of his career at Mandiant. His new employer, Stairwell, makes a platform that collects information about all files present in your environment and let’s you do some fancy stuff with that information. You’ll hear a little bit more about what t...
Risky Business #650 -- USG drops Russia advisory as Ukraine tensions mount
January 12, 2022 00:00 - 52.3 MBOn this week’s show Patrick Gray, Katie Nickels and Joe Slowik discuss the week’s security news, including: US Government warns of impending critical infrastructure hacks Log4j bug in VMWare gets a workout Ex Uber CSO Joe Sullivan facing wire fraud charges Signal to push ahead on cryptocurrency payments Italian literary nerd busted for running one man APT operation Much, much more This week’s show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there...
Risky Business #649 -- Java being a fiddly mess saves the day
January 05, 2022 00:00 - 58.6 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The log4j bug wrap The ransomware wrap The human rights and surveillance industry wrap Research and carnage wrap This week’s show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you’re about to hear they’ve now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched...
Risky Biz Soap Box: Why Thinkst gives its honeytoken tech away for free
December 10, 2021 00:00 - 43.5 MBThis isn’t the normal weekly news episode of the show, if you’re looking for the regular weekly Risky Business podcast, scroll one back in your podcast feed. This is a Soap Box edition, a wholly sponsored podcast brought to you in this instance by Thinkst Canary. For those who don’t know, Thinkst makes hardware and virtual honeypots you can put on your network or into your cloud environments – they’ll start chirping if an attacker interacts with them. They’re a low cost and extremely effec...
Risky Business #648 -- Adios, 2021, it's been real
December 08, 2021 00:00 - 63 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: NSO Group tools found on US embassy staff phones in Uganda Mitto is up to shady bidnez Ubiquiti “whistleblower” charged over hack Hounds everywhere Planned Parenthood breached Much, much more This week’s sponsor interview is with Andrew Morris of Greynoise. Greynoise has a bunch of sensors out there on the Internets, so they can tell you when and IP that’s hitting you is also hitting every...
Risky Business #647 -- Israel slashes cyber exports, Interpol takes down 1,000 crooks
December 01, 2021 00:00 - 53.8 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Israel slashes number of countries it will export cyber tools to Interpol takes down 1,000 Internet fraudsters Ransomware crews lying low? When the tabloids do cyber the results are sometimes awesome Much, much more… This week’s sponsor interview is with Ryan Kalember of Proofpoint. He’s the EVP of Cybersecurity Strategy there and he’s joining me this week to talk about how investment activi...
Risky Business #646 -- Apple cracks the sads, sues NSO Group
November 24, 2021 00:00 - 52.8 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Apple sues NSO Group and it’s all a bit weird Israel charges defence minister’s house cleaner with Iranian hacker collusion (really) USA charges two Iranians over “Proud Boy” emails Cyber insurers nope out of comprehensive coverage Prodaft shells Conti, drops report like it’s a Normal Thing Much, much more This week’s show is sponsored by VMRay. We’ll be chatting with one of VMRay’s custome...
Risky Biz Soap Box: DDoS crews will hit you creatively
November 19, 2021 00:00 - 37.8 MBIn this edition of the Risky Biz Soap Box podcast we chat with Sean Leach, the Chief Product Architect at Fastly, about the history and current status of the DDoS ecosystem. Despite never really making money for criminals, DDoS attacks are still a problem. CDNs have soaked up a lot of the problem, so DDoS crews are getting creative. Do you know where you’re vulnerable? Show notes Bouncy castle boss James Balcombe ordered arson hits on rivals
Risky Business #645 -- How Israel used NSO to make friends in low places
November 17, 2021 00:00 - 59.4 MBOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Watering hole attacks are getting much better How Israel’s government used NSO to strengthen its diplomatic ties Randori sat on some PAN 0day. This is fine. Facebook outs state-backed ops FBi has unfortunate incident with its mail boxes Much, much more This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk...
Risky Biz Soap Box: Linux is an infrastructure OS, act accordingly
November 12, 2021 00:00 - 25.8 MBIn this edition of the Soap Box podcast we’re chatting with Jake King. Jake is a co-founder of Cmd Security, a Linux Security startup that was recently acquired by Elastic. Cmd’s technology basically started out as a control and visibility tool for Linux systems that could restrict user actions. But over time, the product evolved to be more detection and response oriented. In this interview we talk to Jake about why Cmd wound up where it is, product wise, and what customers can expect now...