DiscoverRisky Business
Risky Business
Claim Ownership

Risky Business

Author: Patrick Gray

Subscribed: 9,174Played: 112,879
Share

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
234 Episodes
Reverse
The Soap Box podcasts we run here at Risky.Biz are wholly sponsored affairs – everyone you hear in a soap box podcast, paid to be here. The idea is vendors get to come on to the show and chat about their products, what their stuff does, the thinking behind it, so on and so on. Today we’re hearing from Justin McCarthy of strongDM. Essentially strongDM makes a product that provisions secure access to engineers who need to access various back end services. You can think of them as an identity aware proxy of sorts, but for engineers. So instead of provisioning regular users with access to web applications like a typical identity aware proxy, a strongDM user will use the product to get access to the production database, or to kubernetes, or other services like SSH. And since the COVID crisis kicked off, business has gone pretty berserk.
On this week’s show Patrick and Adam discuss the week’s security news, including: NSA warns of Sandworm Exim exploitation Huawei CFO extradition process to continue Google TAG implicates Indian hacker-for-hire outfits in espionage Black lives matter F–k police brutality This week’s sponsor interview is with Marco Slaviero of Thinkst Canary. He’ll be talking through a few of the partnerships Thinkst has entered into over the years. He’ll also talk a bit about some new Canary integrations, such as a new one with HD Moore’s Rumble. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
This feature podcast series is produced with the assistance of the Hewlett Foundation’s Cyber Initiative. They gave us a grant so we could spend more time focussing on issues around cyber policy, and today we’re really going to hook in to a topic that’s near and dear to my heart: alternative approaches to dealing with ransomware. Regular listeners to the podcast would know that for the last year or so, my cohost Adam Boileau and I have been talking a lot about how governments might involve non law enforcement agencies in a response to the big game ransomware epidemic. To discuss that, we’re joined by Bobby Chesney, the co-founder of the Lawfare blog and a very highly respected figure in US national security circles. After we hear from Bobby we’re chatting with Mieke Eoyang about more traditional cyber law enforcement concepts. Mieke is the Vice President of Third Way’s national security program and she’ll be joining us to tell us how traditional cybercrime enforcement might be improved.
On this week’s show Patrick and Adam discuss the week’s security news, including: German intelligence warns of widespread Russian infrastructure hacks NGOs urge COVID-19 hack de-escalation UK mulls total Huawei ban… we think it’s a done deal DHS warning on 5G “moronavirus” Wen jailbreak? NOW JAILBREAK!! iOS 14 leaks Much, much more… This week’s sponsor interview is with Casey Ellis, the CTO of Bugcrowd. As you’ll hear, Bugcrowd did a survey of managers in security to see if their attitudes around work from home had changed since the COVID-19 crisis, and yes, they have. Casey also tells us about Bugcrowd’s latest LevelUp virtual conference. That conversation led to him sharing some interesting insights about trends amongst the crowd of registered testers on Bugcrowd’s platform. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: easyJet breach linked to Chinese APT Israel claims credit for attack against Iranian port Chinese-linked crew behind Taiwan energy hax Crypto-wars reignite over Pensacola shooter’s phone Much, much more This week’s show is brought to you by Gigamon Threat Insight. Will Peteroy is our sponsor guest in this week’s show and he drops by with a pretty sobering message: large companies are provisioning VPN access to all and sundry right now because of the COVID-19 crisis and ransomware crews are sailing right on in on the back of that access. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
This isn’t the normal, weekly Risky Business podcast, Soap Box is the wholly sponsored podcast series we do here at Risky.Biz where vendors pay us money to come on to the show and talk about topics that interest them. Today we’re speaking with Jesse Rothstein, the co-founder and CTO of ExtraHop Networks. ExtraHop is a network security play, but they started off more in the application monitoring and performance space before gradually moving into security over time. In this interview Jesse talks about network security monitoring, ExtraHop’s history, and what people are using the ExtraHop tech to do during the COVID-19 crisis.
On this week’s show Patrick and Adam discuss the week’s security news, including: US takes aim at China over vaccine hax ??? takes aim at Iranian port infrastructure over ??? Iran attacks Gilead pharma Zoom acquires Keybase Thunderbolt research discussed US to drop more DPRK malware Ransomware targets European hospital group Australian flu vaccine distribution disrupted by ransomware More! CMD’s co-founder and CEO Jake King joins us in this week’s sponsor interview to talk about what happened when he came on to the show a couple of months ago to spruik their new freemium offering. There was a stampede! It’s a hit! So he’ll be along to tell us what shook out of that whole process, and also about what he’s seeing people use the CMD product for since the COVID-19 crisis began. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Salt framework 1Day wreaks havoc Toll Group hit with ransomware attack. Again. Germans indict APT28 operator Ransomware a key word in SEC filings Much, much more! This week’s show is brought to you by Remediant. They offer software that lets you get privileged accounts under control very quickly. In this week’s sponsor interview we’re chatting with Remediant’s COO Paul Lanzi and Julie Smith, the executive director of the Identity Defined Security Alliance (IDSA). We’ll be talking about what the IDSA actually is and what its goals are. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Snake Oilers isn’t the regular Risky Business podcast, if you’re looking for that just scroll back to one of the numbered episodes in our podcast feed. Snake Oilers is the wholly sponsored podcast series we do here at Risky.Biz where vendors give us money so they can come on to the show and pitch you their sweet, sweet Snake Oil. In this edition of snake oilers we’ll hear from: David Cottingham of Airlock Digital pitches the Crowdstrike/Airlock two piece combo meal deal Marc Rogers of Okta talks passwordless authentication and pitches modern SSO generally John Emmitt of Kaseya pops in to pitch the VSA endpoint management agent Links to the vendors are in the show notes. Enjoy!
On this week’s show Patrick and Adam discuss the week’s security news, including: Spy companies pitch ridiculously invasive approaches to contact tracing NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit Australian government releases contact tracing app, no idea if it works Chinese telcos to get boot from USA Much, much more This week’s show is brought to you by Senetas. This week’s sponsor interview is with listener favourite, Senetas CTO Julian Fay. He’ll be along in this week’s show to talk about an open source project Senetas has put together – oqs-engine. It’s an OpenSSL engine plugin you can go grab right now if you want to play around with Open Quantum Safe encryption algorithms. Senetas didn’t write the algorithms, but they have squeezed them into this handy OpenSSL engine plugin package. Julian drops in to tell us all about that. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Czechs claim state-backed healthcare sector attack preparation Pompeo goes full cyber berserker New iOS exploit chain targets Uyghur diaspora Zoom 0day for $500k? Tell him he’s dreamin’. This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’s talking about the future of secure, app-based voting. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Snake Oilers is a wholly sponsored podcast series we do here at Risky.Biz where vendors come on to the show to pitch their wonderful, wonderful, magical snake oil to you, the listeners. In today’s podcast you’ll hear from: Kenn White from MongoDB talking about client-side field level encryption AlphaSOC’s Chris McNab talking about their latest – they’re not just doing DNS analytics anymore SecureStack are making developer-friendly cloud security, provisioning and visibility tooling Enjoy!
On this week’s show Patrick and Adam discuss the week’s security news, including: Details about Apple and Google’s contact tracing API and OS changes Alex Stamos joins Zoom as outside consultant More Zoom news US government weighs China Telecom ban following BGP hijacking Travelex paid $2.3m to decrypt files in ransomware attack. This week’s show is brought to you by AttackIQ. They make a breach and attack simulation platform that you can use to figure out which of your security controls are actually working. Carl Wright of AttackIQ will join the show to talk about the new, free online training they’re offering. If you’re stuck at home like half the planet right now and you’re interested in operationalising MITRE ATT&CK then you can check out AttackIQ academy. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: ASD launches offensive action against criminals Bio-tech firms working on COVID-19 targeted by ransomware Iran targets WHO Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it Much, much more This week’s show is brought to you by Yubico, makers of the Yubikey devices. Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it! You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
This podcast is brought to you by the Hewlett Foundation. They provided us with a grant to support us doing some podcasts about cybersecurity issues that touch on policy. Regular listeners would have heard some of these special podcasts already. Today’s guest is Jennifer Morrell. She’s a partner with Elections Group and is a recognised expert on election audits. We were originally scheduled to record this interview just a few short weeks ago, but the COVID-19 crisis really hit and we had to postpone. And it’s a good thing we did, too, because the issues facing elections today are substantially different to the issues facing elections even a few weeks ago. The whole world has just shifted. So, instead of having the usual conversation about risk limiting audits, voting machine and tally/counting infrastructure security, we had this conversation instead. How on earth do you run an election during a pandemic? There’s a tl;dr here – e-voting is still a pipe dream but internet supported vote-by-mail is where things will land. I hope you enjoy this podcast.
On this week’s show Patrick and Adam discuss the week’s security news, including: KSA uses SS7 to track its citizens in USA Governments begin virus tracking through personal devices FBI warns of Iran-linked crew in yer supply chains Voatz gets booted from HackerOne All the cloud and Zoom drama (PLEASE NOTE: This is a re-post. Looks like our CDN mangled the initial mp3 for some regions. Should work ok now. - Pat) This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview. Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
In this (sponsored) podcast Akamai’s CTO of Security Strategy Patrick Sullivan talks us through the basics of identity-aware proxies. With more and more internal applications being served to newly external users, identity-aware proxies are the new hotness. Akamai isn’t the only company that offers an identity-aware proxy product, but it was a relatively early mover in the space offering the service since 2016. Obviously there are some massive shifts happening right now with so many people stuck working at home right now. That means Akamai’s identity-aware proxy service – and its network more broadly – is getting a pretty serious workout right now. What are the quick wins with a technology like this? Where are the wins harder? Patrick Sullivan joined me to talk about identity-aware proxies and what’s been happening on Akamai’s tubes over the last couple of weeks.
On this week’s show Patrick and Adam discuss the week’s security news, including: Azure resource constraints hit Europe Should we unleash surveillance on COVID-19, privacy be damned? Browser maintainers cease new releases South Korea-linked APT crew attacks World Health Organization Much, much more This week’s show is brought to you by Thinkst Canary. Thinkst’s Haroon Meer joins the show this week to talk about what he tells customers when they ask him if Thinkst could go rogue and own all their customers. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
On this week’s show Patrick and Adam discuss the week’s security news, including: Coronavirus phishing lures are everywhere Czech hospital ransomwared during crisis Voatz mobile voting app destroyed by Trail of Bits audit We recap yesterday’s livestream Windows SMBv3 bug probably not such a big deal ALL the week’s news This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
If you don’t know already, all guests who appear on the Risky Business Soap Box podcast paid to be here. These podcasts are promotional, but as regular listeners know, they’re not just mindless recitations of marketing talking points. This edition of Soap Box is brought to you by Trend Micro, which is a company that’s in a really interesting position at the moment. With Symantec acquired by Broadcom, which only really cares about the biggest 500 companies in the world, Sophos absorbed, Borg-style, by Thoma Bravo and McAfee sitting in the corner eating its paste, there’s an opportunity for a new “portfolio” security software firm to emerge, and Trend wants to be it. Jon Clay is Trend’s director of global threat communications and he joined me for this conversation about ransomware, how EDR is becoming “just another feature,” and what the role for a “portfolio” company in infosec is going to be in the future.
loading
Comments 
Download from Google Play
Download from App Store