DiscoverRisky Business
Risky Business
Claim Ownership

Risky Business

Author: Patrick Gray

Subscribed: 10,235Played: 237,315
Share

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
463 Episodes
Reverse
On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, more This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.
On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware: down but not out Zero day prices on the rise… … and what it means for enterprise software Geopolitical conflict comes to computers in Palau Ukraine cyber chief Illia Vitiuk suspended More x86 microarchitectural bad times And much much more Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.
In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2
On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.
On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft.
On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit gets back up after takedown Russia arrests Medibank hacker… for something else ConnectWise gives out free updates, but customers aren’t happy Microsoft gives in to demands for more logs Sandvine gets entity-listed And much much more. Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan. In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so.
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Somehow there are still more Ivanti and Fortinet exploits Volt Typhoon have been at it for years Starlink in Ukraine gets complicated Canadians hate poor Flipper Much, much more… In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.
In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about: Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action How vendors are using Greynoise as an early warning system to identify exploitation of their products How he’s using large language models to reverse exploitation attempts into actual exploits It truly is a great conversation, we hope you enjoy it!
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing.
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. Microsoft honks its clown car horn Australia’s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson… … while Progress does not and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong.
On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: SEC Twitter account hack moves bitcoin price Kaspersky admires Triangulation hackers’ fine work Telcos hacked all over Israel hacks Iranian gasoline pumps again Iran up in Albania, Sudan, Egypt and Tanzania and much, much more… This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!”
In this week’s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week’s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst’s founder, is this week’s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.
loading
Comments (2)

mrs rime

🔴💚Really Amazing ️You Can Try This💚WATCH💚ᗪOᗯᑎᒪOᗩᗪ👉https://co.fastmovies.org

Jan 16th
Reply

Naeem Sarfraz

More Dimitry please, that was fun!

Jan 20th
Reply
Download from Google Play
Download from App Store