Claim OwnershipRisky Business
Subscribed: 10,714Played: 279,600
Subscribe
© Copyright Risky Business Media 2007-2025
Description
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
571 Episodes
Reverse
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. It’s a quiet week with Thanksgiving in the US, but there’s always some cyber to talk about:
Airbus rolls out software updates after a cosmic ray bitflips an A320 into a dive
Krebs tracks down a Scattered Lapsus$ Hunters teen through the usual poor opsec…
… as Wired publishes an opsec guide for teens.
Microsoft decides its login portal is worth a Content Security Policy
South Korean online retailer data breach covers 65% of the country
This week’s episode is sponsored by Nebulock. Founder and CEO Damien Lewke joins to talk through their work bringing more SIgma threat detection rules to MacOS.
This episode is also available on Youtube.
1In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Salesforce partner Gainsight has customer data stolen
Crowdstrike fires insider who gave hackers screenshots of internal systems
Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs
Shai-Hulud npm/Github worm is back, and rm -rf’ier than ever
SEC gives up on Solarwinds lawsuit
Dog eats cryptographer’s key material
This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models.
This episode is also available on Youtube.
In this sponsored Soap Box edition of the podcast, Andrew Morris joins Patrick Gray to talk about how Greynoise can often get a 90 day heads up on serious vulnerabilities. Whether it’s malicious actors doing reconnaissance or the affected vendors trying to understand the scope of the problem, it seems that mass scanning activity lines up pretty nicely with typical 90-day disclosure timelines.
A fascinating chat with Andrew, as always.
This episode is also available on Youtube.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Anthropic says a Chinese APT orchestrated attacks using its AI
It’s a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild
Turns out slashing CISA was a bad idea, now it’s time for a hiring spree
Researchers brute force entire phone number space against Whatsapp contact discovery API
DOJ figures out how to make SpaceX turn off scam compounds’ Starlink service
This week’s episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world.
This episode is also available on Youtube.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
The KK Park scam compound in Myanmar gets blasted with actual dynamite
China sentences more scammers TO DEATH
While Singapore is opting to lash them with the cane
Chinese security firm KnownSec leaks a bunch of documents
Necromancy continues on NSO Group, with a Trump associate in charge
OWASP freshens up the Top 10, you won’t believe what’s number three!
This week’s episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you’re going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”?
This episode is also available on Youtube.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
We love some good vulnerability reporting drama, this time FFmpeg’s got beef with Google
OpenAI announces its Aardvark bug-gobbling system
Two US ransomware responders get arrested for… ransomware
Memento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in Russia
Hackers help freight theft gangs steal shipments to resell
A second Jabber Zeus mastermind gets his comeuppance 15 years on
This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important!
This episode is also available on Youtube.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate
Microsoft WSUS bug being exploited in the wild
Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG
SpaceX finally starts disabling Starlink terminals used by scammers
Garbage HP update deletes certificates that authed Windows systems to Entra
This week’s episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation.
This episode is also available on Youtube.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
China has been rummaging in F5’s networks for a couple of years
Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system
Salesforce hackers use their stolen data trove to dox NSA, ICE employees
Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah
Adam gets humbled by new Linux-capabilities backdoor trick
Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned.
This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it.
This episode is also available on Youtube.
In this edition of the Wide World of Cyber podcast Patrick Gray talks to Chris Krebs and Alex Stamos about the F5 incident. They talk about what happened, whether it’s a big deal, and why private equity ownership of mid-tier cybersecurity companies is often a red flag.
In this sponsored Soap Box edition of the Risky Business podcast, host Patrick Gray chats with Mastercard’s Executive Vice President and Head of Security Solutions, Johan Gerber, about how the card brand thinks about cybersecurity and why it’s aggressively investing in the space.
After listening to this interview you’ll understand why the credit card company spent $2.65b on threat intelligence vendor Recorded Future!
This episode is also available on Youtube.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
FBI intervenes in Scattered Spider Salesforce leaksite
Clop loots Oracle E-Biz deployments
Plus so much more data extortion.. At least it’s not ransomware … we guess?
The US still can’t decide who’s gonna be in charge of NSA & Cybercom
Cambodian scam compounds get sanctioned and $15b in crypto is seized
NSO gets sold for pocket-lint-grade money
Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?
This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.
This episode is also available on Youtube.
In this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares:
Realm Security: A security focussed, AI-first data pipeline platform
Horizon3: AI hackers! Pentesting robots!! They’re coming fer yur jerbs!
Persona: Verify customer and staff identities with live capture
This episode is also available on Youtube.
On this week’s show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week’s cybersecurity news, including:
Hackers learn that trying to coerce a journalist just makes for … a great story?
A man in his 40s gets arrested over the European airport chaos. Yep, we’re surprised, too.
Adam fanboys over Watchtowr Labs while bemoaning Fortra.
Academics pick apart Tile trackers and find them lacking
CISA tells agencies to patch their damn Cisco gear
This episode is also available on YouTube.
On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including:
Secret Service raids a SIM farm in New York
MI6 launches a dark web portal
Are the 2023 Scattered Spider kids finally getting their comeuppance?
Production halt continues for Jaguar Land Rover
GitHub tightens its security after Shai-Hulud worm
This week’s episode is sponsored by Sublime Security. In this week’s sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform.
This episode is also available on YouTube
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Shai-Hulud worm propagates via npm and steals credentials
Jaguar Land Rover attack may put smaller suppliers out of business
Leaked data emerges from the vendor behind the Great Firewall of China
Vastaamo hacker walks free while appeal is underway
Why is a senator so mad about Kerberos?
This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.
This week’s episode is also available on Youtube.
In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.
With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.
It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.
This episode is also available on Youtube.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Apple ruins exploit developers’ week with fresh memory corruption mitigations
Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack
Salesloft says its GitHub was the initial entry point for its compromise
Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”
Rogue certs for 1.1.1.1 appear to be just (stupid) testing
Jaguar Land Rover ransomware attackers are courting trouble
This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!
This episode is also available on Youtube.
In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:
Automated, AI-powered threat hunting with Nebulock
Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.
Runtime security for hypervisors from Vali Cyber
Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments.
A secure mobile telco: Cape
The only thing American cell providers love more than providing patchy coverage is getting their customers’ data owned. Cape is here to change that. It’s a security and anonymity-focussed virtual mobile network operator (MVNO) that’s been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce.
This episode is also available on Youtube
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
The Salesloft breach and why OAuth soup is a problem
The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed
Google says it will stand up a “disruption unit”
Microsoft writes up a ransomware gang that’s all-in on the cloud future
Aussie firm hot-mics its work-from-home employees’ laptops
Youtube scam baiters help the feds take down a fraud ring
This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please!
This episode is also available on Youtube.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Australia expels Iranian ambassador
Hackers sabotage Iranian shipping satcoms
APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?
Trail of Bits uses image-downscaling to sneak prompts into Google Gemini
The Com’s King Bob gets ten years in the slammer
It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.
This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please.
This episode is also available on Youtube.
Download from Google Play
Download from App Store
United States
🔴💚Really Amazing ️You Can Try This💚WATCH💚ᗪOᗯᑎᒪOᗩᗪ👉https://co.fastmovies.org
More Dimitry please, that was fun!