TopPodcast.com
Menu
  • Home
  • Top Charts
  • Top Networks
  • Top Apps
  • Top Independents
  • Top Podfluencers
  • Top Picks
    • Top Business Podcasts
    • Top True Crime Podcasts
    • Top Finance Podcasts
    • Top Comedy Podcasts
    • Top Music Podcasts
    • Top Womens Podcasts
    • Top Kids Podcasts
    • Top Sports Podcasts
    • Top News Podcasts
    • Top Tech Podcasts
    • Top Crypto Podcasts
    • Top Entrepreneurial Podcasts
    • Top Fantasy Sports Podcasts
    • Top Political Podcasts
    • Top Science Podcasts
    • Top Self Help Podcasts
    • Top Sports Betting Podcasts
    • Top Stocks Podcasts
  • Podcast News
  • About Us
  • Podcast Advertising
  • Contact
Not in our directory?
Add Show Here
Podcast Equipment
Center

toppodcastlogoOur TOPPODCAST Picks

  • Comedy
  • Crypto
  • Sports
  • News
  • Politics
  • True Crime
  • Business
  • Finance

Follow Us

toppodcastlogoStay Connected

    View Top 200 Chart
    Back to Rankings Page
    News

    Risky Business

    Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

    Advertise

    Copyright: © Copyright 2007-2023 Patrick Gray

    • Apple Podcasts
    • Google Play
    • Spotify

    Latest Episodes:
    Risky Business #693 -- Hive takedown is the beginning, not the end Feb 01, 2023

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • A look at the Hive takedown
    • UK’s Royal Mail still struggling
    • GitHub’s code signing certificates stolen
    • TSA misses the point on no-fly list theft
    • Much, much more

    This week’s show is brought to you by Remediant, which is now a part of Netwrix.

    Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • U.S. Department of Justice Disrupts Hive Ransomware Variant | OPA | Department of Justice
    • U.S. Department of Justice Disrupts Hive Ransomware Variant - YouTube
    • Ransomware experts laud Hive takedown but question impact without arrests - The Record from Recorded Future News
    • Royal Mail progressing to full operations following ransomware attack - The Record from Recorded Future News
    • British government minister told council to keep quiet after ransomware attack - The Record from Recorded Future News
    • The Untold Story of a Crippling Ransomware Attack | WIRED
    • Russia blocks access to US ‘Rewards for Justice,’ FBI and CIA websites - The Record from Recorded Future News
    • GitHub says hackers cloned code-signing certificates in breached repository | Ars Technica
    • ESET: Sandworm could be behind new file-deleting malware targeting Ukraine - The Record from Recorded Future News
    • TSA issues security directive to airports, carriers after 'no-fly' list leak - The Record from Recorded Future News
    • U.S. No Fly list shared on a hacking forum, government investigating
    • Chinese influence operations may lack critical element: influence | CyberScoop
    • Cybercriminals scam two federal agencies via remote desktop tool, CISA warns | CyberScoop
    • Kevin Rose loses pricey NFTs to wallet hack
    • Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
    • NFT company gets restraining order to freeze hacker’s online wallet - The Record from Recorded Future News
    • Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges | WIRED
    • Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai
    • Facebook two-factor authentication bypass issue patched | The Daily Swig
    • AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse

    Risky Biz Soap Box: Tools alone won't solve your vuln management problems Jan 25, 2023

    In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.


    Risky Business #692 -- Google search results spew malware, phishing sites Jan 25, 2023

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Google’s search results have become a malware-riddled sh*tshow
    • Ransomware payment values dropped by 40% YoY in 2022
    • Kraken takes over Solaris the old school way
    • Grand Theft Auto RCE is wreaking havoc
    • ManageEngine customers are all getting owned
    • So you know, pretty much business as usual

    This week’s show is brought to you by Kroll.

    Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • Risky Biz News: Google Search and Ads have a major malware problem
    • Justice Department Sues Google for Monopolizing Digital Advertising Technologies | OPA | Department of Justice
    • Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner
    • A Sneaky Ad Scam Tore Through 11 Million Phones | WIRED
    • Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too
    • International Counter Ransomware Task Force kicks off - The Record from Recorded Future News
    • Risky Biz News: Dark web mega-hack as Kraken takes over Solaris
    • Congressman ‘coming for answers’ after ‘no-fly list’ hack - The Record from Recorded Future News
    • Hackers Demand $10M From Riot Games to Stop Leak of ‘League of Legends’ Source Code
    • CVE - CVE-2023-24059
    • GoTo says hackers stole encrypted backups during November cyberattack - The Record from Recorded Future News
    • Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack - The Record from Recorded Future News
    • Pakistani authorities investigating if cyberattack caused nationwide blackout - The Record from Recorded Future News
    • Royal Mail trials ‘operational workarounds’ following suspected ransomware attack - The Record from Recorded Future News
    • Ransomware attack hits nearly 300 fast food restaurants in UK, including KFC and Pizza Hut - The Record from Recorded Future News
    • Canada's largest alcohol retailer infected with card skimming malware twice since December - The Record from Recorded Future News
    • Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack - The Record from Recorded Future News
    • Samsung investigating claims of hack on South Korea systems, internal employee platform - The Record from Recorded Future News
    • Electronic health record giant NextGen dealing with cyberattack - The Record from Recorded Future News
    • Cyberattack on Nunavut energy supplier limits company operations - The Record from Recorded Future News
    • More than 100 Mailchimp accounts accessed via social engineering cyberattack - The Record from Recorded Future News
    • New T-Mobile Breach Affects 37 Million Accounts – Krebs on Security
    • Suspected Chinese hackers exploit vulnerability in Fortinet devices - The Record from Recorded Future News
    • More than 4,400 Sophos firewall servers remain vulnerable to critical exploits | Ars Technica
    • CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability | Rapid7 Blog
    • AWS patches bypass bug in CloudTrail API monitoring tool | The Daily Swig
    • 2022 Microsoft Teams RCE
    • Git security audit reveals critical overflow bugs | The Daily Swig
    • U.S. arrests Bitzlato cofounder, alleges $700 mln of illicit funds processed | Reuters
    • FBI Confirms Lazarus Group Cyber Actors Responsible for Harmony's Horizon Bridge Currency Theft — FBI

    Risky Business #691 -- LockBit and "Pablo Escobar syndrome" Jan 18, 2023

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Royal Mail attack was LockBit and GCHQ will probably “bust some heads”
    • CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age
    • Cloudflare backs Mastodon
    • Paul Nakasone: NSA did some great stuff! It was really good!
    • Cisco won’t patch SMB routers sold in 2020
    • Much, much more

    This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • Royal Mail cyberattack linked to LockBit ransomware operation
    • Ransomware Diaries: Volume 1 | Analyst1
    • Congressman calls on CISA to investigate air travel vulnerabilities after outage - The Record from Recorded Future News
    • Ransomware attack on maritime software impacts 1,000 ships - The Record from Recorded Future News
    • CircleCI incident report for January 4, 2023 security incident
    • Researchers: Large language models will revolutionize digital propaganda campaigns
    • Nick Cave - The Red Hand Files - Issue #218
    • GitHub - cloudflare/wildebeest: Wildebeest is an ActivityPub and Mastodon-compatible server
    • Meta sues Voyager Labs over scraping user data
    • Twitter says leaked data on 200 million users was likely publicly available info - The Record from Recorded Future News
    • A Police App Exposed Secret Details About Raids and Suspects | WIRED
    • ODIN Intelligence website is defaced as hackers claim breach | TechCrunch
    • Nakasone: Foreign surveillance program helped fend off cyberattacks - The Record from Recorded Future News
    • The Guardian confirms criminals accessed staff data in ransomware attack - The Record from Recorded Future News
    • Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach - The Record from Recorded Future News
    • Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations
    • The FBI Won't Say Whether It Hacked Dark Web ISIS Site
    • Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks - The Record from Recorded Future News
    • Cisco warns of two vulnerabilities affecting end-of-life routers - The Record from Recorded Future News
    • Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica
    • Vulnerability with 9.8 severity in Control Web Panel is under active exploit | Ars Technica
    • CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog - The Record from Recorded Future News
    • Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica

    Risky Business #690 -- 2023 will be a rough year for critical online services Jan 11, 2023

    On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:

    • Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
    • All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
    • A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
    • Why automotive security research will actually be interesting this year
    • PLUS: A bunch of random news!

    This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica
    • Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig
    • LastPass: Hackers accessed and copied customers’ password vaults - The Record from Recorded Future News
    • GitHub incident allowed attacker to copy Okta's source code - The Record from Recorded Future News
    • Supreme Court dismisses spyware company NSO Group’s claim of immunity - The Record from Recorded Future News
    • Serbian government reports ‘massive DDoS attack’ amid heightened tensions in Balkans - The Record from Recorded Future News
    • Iran’s support of Russia draws attention of pro-Ukraine hackers - The Record from Recorded Future News
    • Pro-Ukraine hackers leak Russian data in hopes someone will make sense of it - The Record from Recorded Future News
    • CISA researchers: Russia's Fancy Bear infiltrated US satellite network
    • Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters
    • NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop
    • Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine
    • Military operations software in Ukraine was hit by Russian hackers - The Record from Recorded Future News
    • New supply chain attack targeted Ukrainian government networks - The Record from Recorded Future News
    • Moldovaʼs government hit by flood of phishing attacks - The Record from Recorded Future News
    • Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation | Ars Technica
    • Cyber Command conducted offensive operations to protect midterm elections - The Record from Recorded Future News
    • Guardian newspaper hit by suspected ransomware attack, staff told not to come to office - The Record from Recorded Future News
    • British company that helps make semiconductors hit by cyber incident - The Record from Recorded Future News
    • Port of Lisbon website still down as LockBit gang claims cyberattack - The Record from Recorded Future News
    • SickKids: 80% of hospital priority systems back online after LockBit ransomware attack - The Record from Recorded Future News
    • Canada's largest children's hospital struggles to recover from pre-Christmas ransomware attack - The Record from Recorded Future News
    • Canadian copper mine suffers ransomware attack, shuts down mills - The Record from Recorded Future News
    • Los Angeles housing authority says cyberattack disrupting systems - The Record from Recorded Future News
    • The Guardian contacts data protection regulator after suspected ransomware incident - The Record from Recorded Future News
    • Australian fire service operating 85 stations shuts down network after cyberattack - The Record from Recorded Future News
    • San Francisco BART investigating ransomware attack - The Record from Recorded Future News
    • Hackers leak sensitive files following attack on San Francisco transit police
    • New U.S. cyber strategy will require critical infrastructure companies to protect against hacks - The Washington Post
    • Car hackers discover vulnerabilities that could let them hijack millions of vehicles
    • Compromised dispatch system helped move taxis to front of the line | Ars Technica
    • Researcher Deepfakes His Voice, Uses AI to Demand Refund From Wells Fargo
    • Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots
    • Cybercriminals’ latest grift: powdered milk and sugar by the truckload - The Record from Recorded Future News
    • This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists - The Record from Recorded Future News
    • Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure. - The Record from Recorded Future News
    • Key bitcoin developer calls on FBI to recover $3.6M in digital coin | Ars Technica
    • Chick-fil-A acknowledges customer account abuse but denies compromise of internal systems - The Record from Recorded Future News
    • Microsoft ends Windows 7 security updates | TechCrunch

    Risky Business #689 -- FBI baulks at Apple's iCloud encryption push Dec 14, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Apple to introduce user-encrypted backups, FBI is sad
    • Twitter ices e2ee plans for DMs
    • RackSpace is getting sued over its hosted Exchange ransomware incident
    • Dodgy driving: Microsoft signs some shady stuff
    • Japan to change laws, release the Shibas
    • A look at the US NDAA
    • Much, much more

    This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • Apple Expands End-to-End Encryption to iCloud Backups | WIRED
    • FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users - MacRumors
    • Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next | WIRED
    • Elon Musk Wanted Twitter To Encrypt Messages. His New Safety Chief Says It’s On Hold
    • I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant
    • Japan to amend laws to allow for offensive cyber operations against foreign hackers - The Record by Recorded Future
    • Amid Outrage, Rackspace Sends Users Email Touting Its Incident Response
    • New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security
    • Hackers Planted Files to Frame Indian Priest Who Died in Custody | WIRED
    • Scammers Are Scamming Other Scammers Out of Millions of Dollars | WIRED
    • Risky Biz News: Disgruntled member doxes and extorts URSNIF gang
    • U.S. agency warns that hackers are going after Citrix networking gear | Reuters
    • Police raid offices of Predator spyware seller Intellexa | eKathimerini.com
    • $858 billion defense bill focuses heavily on cyber. These are some highlights.
    • Australia and Vanuatu sign defense and cybersecurity pact - The Record by Recorded Future
    • Fantasy – a new Agrius wiper deployed through a supply‑chain attack | WeLiveSecurity
    • Ukrainian railway, state agencies allegedly targeted by DolphinCape malware - The Record by Recorded Future
    • US Dept of Health warns of ‘increased’ Royal ransomware attacks on hospitals - The Record by Recorded Future
    • ‘Crisis situation’ declared as two Swedish municipalities hit by cyberattack - The Record by Recorded Future
    • Metropolitan Opera dealing with cyberattack that shut down website, box office - The Record by Recorded Future
    • LockBit ransomware crew claims attack on California Department of Finance
    • PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident - The Record by Recorded Future
    • Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED
    • Internet Explorer 0-day exploited by North Korean actor APT37
    • Four accused in business email compromise scheme which reaped millions from victims - The Record by Recorded Future
    • JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs | The Daily Swig
    • Log4j’s Log4Shell Vulnerability: One Year Later, It’s Still Lurking | WIRED

    Risky Biz Soap Box: Attack Path Management is the New Hotness Dec 13, 2022

    In this sponsored podcast Patrick Gray and Ryan Kalember talk about Proofpoint’s acquisition of Illusive, a company that started off in the “deception” space and then moved towards doing attack path analysis and management.

    Show notes

    • Proofpoint Signs Definitive Agreement to Acquire Illusive

    Risky Business #688 -- APT41 pickpockets Uncle Sam Dec 07, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Samsung, LG Android signing keys pinched
    • LastPass gets owned again
    • APT41 steal covid relief money
    • Amnesty International hacked in Canada
    • Much, much more

    This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • Risky Biz News: Samsung, MediaTek, and other Android platform certs were leaked and used to sign malware
    • Leaked Android Platform Certificates Create Risks for Users | Rapid7 Blog
    • 100 - Platform certificates used to sign malware - apvi
    • Hackers accessed LastPass customer details using information stolen in August hack - The Record by Recorded Future
    • Hackers linked to Chinese government stole millions in Covid benefits, Secret Service says
    • Amnesty International breach linked to Chinese government, investigation finds - The Record by Recorded Future
    • Iranian espionage campaign targets journalists, diplomats, activists, says Human Rights Watch - The Record by Recorded Future
    • New details on commercial spyware vendor Variston
    • ‘The world should be prepared’ — Microsoft issues warning about Russian cyberattacks over winter - The Record by Recorded Future
    • Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica
    • ChatGPT shows promise of using AI to write malware - CyberScoop
    • DHS cyber safety board to probe Lapsus$ hacks - The Record by Recorded Future
    • Kris Nóva: "We are currently investigating…" - Hachyderm.io
    • Hive Social turns off servers after researchers warn hackers can access all data | Ars Technica
    • Spam is drowning out Twitter posts about Covid protests in China
    • French hospital complex suspends operations, transfers patients after ransomware attack - The Record by Recorded Future
    • Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen | SecurityWeek.Com
    • Guatemala's Foreign Ministry investigating ransomware attack - The Record by Recorded Future
    • Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald
    • UK introducing mandatory cyber incident reporting for managed service providers - The Record by Recorded Future
    • Florida Man Sentenced To 18 Months For Theft Of Over $20 Million In SIM Swap Scheme | USAO-SDNY | Department of Justice
    • Binance freezes $3 million worth of crypto stolen in Ankr hack - The Record by Recorded Future
    • Play app with 100K downloads booted for forwarding texts to developer server | Ars Technica
    • Go SAML library vulnerable to authentication bypass | The Daily Swig
    • Okta and Phishing Resistant Authentication - YouTube

    Risky Business #687 -- Shady deeds in sunny places: Ransomware smashes Vanuatu, Guadeloupe Nov 30, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • UK, USA ban Chinese security cameras
    • What is the Boa webserver and why is it everywhere?
    • Vanuatu, Guadeloupe smashed by ransomware
    • REvil back with more dumps despite ASD attention
    • Much, much more

    This week’s sponsor guest is Jake King from Elastic Security, who joins us to talk through the company’s most recent threat report. There’s a link to the report in our show notes.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

    Show notes

    • British government bans Chinese surveillance cameras from sensitive locations - The Record by Recorded Future
    • US government bans Huawei, ZTE and Hikvision tech over ‘unacceptable’ spying fears | TechCrunch
    • What if Russian commercial aviation cuts too many safety corners? — Meduza
    • Microsoft attributes alleged Chinese attack on Indian power grid to ‘Boa’ IoT vulnerability - The Record by Recorded Future
    • U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer – Krebs on Security
    • Guadeloupe kickstarts continuity plan after wide-ranging cyberattack - The Record by Recorded Future
    • Vanuatu hospital staff using pen and paper after cyber attack that crippled public sector - ABC News
    • Extortion site used in Medibank attack goes offline after Australian gov pledges ‘offensive’ actions - The Record by Recorded Future
    • ThreatMon Ransomware Monitoring on Twitter:
    • Risky Biz News: Australia passes new privacy bill with huge data breach fines
    • Sandworm hacking group linked to new ransomware deployed in Ukraine - The Record by Recorded Future
    • UK Parliament launches inquiry into national security strategy around ransomware - The Record by Recorded Future
    • Canadian food giant refuses to pay ransom after gang threatens data leak - The Record by Recorded Future
    • Almost 1,000 suspects arrested in Interpol operation which seized over $129 million - The Record by Recorded Future
    • Risky Biz News: Authorities seize iSpoof in major blow to fraudsters and cybercrime groups
    • Espionage group using USB devices to hack targets in Southeast Asia - The Record by Recorded Future
    • WikiLeaks' Website Is Slowly Falling Apart
    • European Parliament declares Russia a terrorism sponsor, then its site goes down | Ars Technica
    • Hackers are spreading malware via trending TikTok challenge: report - The Record by Recorded Future
    • Samantha Borrego iS iNfeCtEd noT pArAnOID on Twitter:
    • elastic-global-threat-report-vol-1-2022.pdf

    Risky Business #686 -- White House to move on spyware industry Nov 23, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Half of all UK COBRA meetings are ransomware related
    • Ransomware biggest risk to US port security
    • White House to move on spyware industry
    • EU to launch its own Starlink equivalent
    • Much, much more

    AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future
    • DHS Secretary: Cyberattacks are the most significant threat to port infrastructure - The Record by Recorded Future
    • Michigan school districts reopen after three-day closure due to ransomware attack - The Record by Recorded Future
    • Microsoft: Royal ransomware group using Google Ads in campaign - The Record by Recorded Future
    • Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security
    • Risky Biz News: Cyber Partisans hack and disrupt Kremlin censor
    • US, Estonian authorities arrest two over $575 million cryptocurrency fraud - The Record by Recorded Future
    • New FTX CEO details 'complete failure of corporate controls' at crypto platform
    • OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs
    • EU reaches agreement on new satellite constellation - The Record by Recorded Future
    • Ukraine’s Engineers Dodged Russian Mines To Get Kherson Back Online–With A Little Help From Elon Musk’s Satellites
    • Senate Democrats call on FTC to investigate Twitter's data security
    • 11.17.22 - FTC - Twitter Letter
    • Twitter has a lot of your data. Here's what you can do about it.
    • Mastodon vulnerable to multiple system configuration problems | The Daily Swig
    • System misconfiguration is the number one vulnerability, at least for Mastodon
    • White House expected to issue executive order reining in spyware
    • H20220930-005_Himes-Speier cc's - DocumentCloud
    • A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup | WIRED
    • Risky Biz News: Iranian state hackers breached US government agency and deployed a cryptominer, out of all things
    • India removes ban on VLC media player after cybersecurity concerns addressed - The Record by Recorded Future
    • Amazon addresses vulnerability affecting AWS AppSync - The Record by Recorded Future
    • CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You
    • Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA
    • Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA

    Risky Biz Soap Box: How to get your developers invested in security Nov 21, 2022

    In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code.

    Show notes

    • The Big Fix | Snyk

    Risky Business #685 -- Australia releases the hounds, and it might just work Nov 16, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one)
    • Twitter’s wheels haven’t fallen off yet but they sure are wobbling
    • Hundreds of millions stolen from FTX mid implosion
    • Security researchers start looking at Mastodon and… yeah
    • Much, much more!

    This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Risky Biz News: Australia to hack the hackers
    • Australia to consider banning ransomware payments - The Record by Recorded Future
    • Two enormous cyberattacks convince Australia to 'hack the hackers' - The Washington Post
    • Australian Federal Police say cybercriminals in Russia behind Medibank hack - The Record by Recorded Future
    • The Hunt for the FTX Thieves Has Begun | WIRED
    • US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program - The Record by Recorded Future
    • Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED
    • Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff
    • Twitter’s Security And Privacy Leaders Quit Amidst Musk’s Chaotic Takeover
    • FTC tracking developments at Twitter with 'deep concern' after CISO resigns - The Record by Recorded Future
    • Mastodon users vulnerable to password-stealing attacks | The Daily Swig
    • Risky Biz News: Major hack-and-leak info-op unfolding in Moldova
    • All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig
    • Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries | Symantec Enterprise Blogs
    • Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica
    • Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers - The Record by Recorded Future
    • Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
    • Google Pixel screen-lock hack earns researcher $70k | The Daily Swig
    • DJ Zavala & DMNTED - Welcome to Ukraine - YouTube

    Risky Business #684 -- DoJ seizes 50,000 stolen bitcoins from popcorn tin Nov 09, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • DoJ seizes 50k bitcoin stolen from Silk Road, charges thief
    • Australian health insurer Medibank refuses to pay ransom, data leaked
    • Inside Qatar’s $386m world cup espionage operation
    • EU Parliament report into spyware lands
    • SolarWinds settles shareholder lawsuit, faces SEC enforcement action
    • Much, much more

    This week’s sponsor guest is Andrew Morris from Greynoise Intelligence.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future
    • U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice
    • Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future
    • Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News
    • ‘Project Merciless’: how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch
    • How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB)
    • FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post
    • EU governments accused of using spyware ‘to cover up corruption and criminal activity’ - The Record by Recorded Future
    • Press conference on draft findings of EP spyware inquiry | News | European Parliament
    • SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack | TechCrunch
    • Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future
    • 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室
    • Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup
    • Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare? - The Record by Recorded Future
    • TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post
    • Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future
    • FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future
    • More than 100 election jurisdictions waiting on federal cyber help, sources say
    • $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future
    • Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future
    • Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future
    • Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig
    • The Most Vulnerable Place on the Internet | WIRED
    • So long and thanks for all the bits - NCSC.GOV.UK

    Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack Nov 02, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Twitter bluechecks face phishing barrage
    • Australian government goes berserk on Medibank hack response
    • Former WSJ journalist sues law firm over email hack and info op that got him fired
    • OpenSSL bug lands with a whimper
    • Apple macOS Ventura update breaks security tools
    • Much, much more

    This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Twitter’s verification chaos is now a cybersecurity problem | TechCrunch
    • Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica
    • Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post
    • Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters
    • The source - Columbia Journalism Review
    • Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig
    • OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig
    • Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future
    • Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future
    • Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future
    • NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future
    • Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED
    • Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future
    • How Vice Society Got Away With a Global Ransomware Spree | WIRED
    • FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future
    • Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig
    • Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica
    • Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security
    • Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica
    • Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future
    • Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig
    • Microsoft's Sociopathic Cybersecurity Pedantry
    • Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future
    • Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security
    • European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future
    • How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica

    Snake Oilers: Truffle Security, KSOC and Snyk Oct 19, 2022

    Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

    We’ll hear from three vendors in this edition of Snake Oilers:

    • Truffle Security talks secrets discovery
    • KSOC builds Kubernetes security tools
    • Snyk has a new product to better secure Infrastructure as Code

    Show notes

    • Unearth Your Secrets - Truffle Security
    • KSOC: Kubernetes Security Operations Center
    • Cloud Security across the SDLC with Policy as Code | Snyk

    Snake Oilers: Tines, Code42 and Kroll Oct 14, 2022

    Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

    We’ll hear from three vendors in this edition of Snake Oilers:

    • Tines, the no code security automation solution that people are going absolutely nuts over
    • Code42, the insider threat detection solution maker
    • Kroll talks about its MDR offering

    Risky Business #682 -- Starlink goes dark on Ukraine's front line Oct 12, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you
    • United States puts chipmaking restrictions on China, APT activity is coming
    • Elon blinks and Starlink goes dark on Ukraine’s front line
    • Master cyber criminal arrested in Australia
    • Much, much more

    This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO
    • Joe Sullivan guilty in Uber hacking case - The Washington Post
    • Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict - The Record by Recorded Future
    • U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post
    • Popular censorship circumvention tools face fresh blockade by China | TechCrunch
    • 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK
    • Risky Biz News: China blocks several protocols used to bypass the Great Firewall
    • Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud
    • Starlink goes dark
    • Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future
    • Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future
    • Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future
    • White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star
    • Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future
    • Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security
    • Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future
    • Someone is clogging up the Zcash blockchain with a spam attack
    • Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube
    • CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability
    • Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly
    • Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains

    Risky Business #681 -- It's Exchangehog Day Oct 05, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • More Exchange 0days cause more havoc
    • A look at some earlier Exchange hack incidents
    • How the CIA got its agents killed with its truly awful online opsec
    • Ex NSA staffer arrested for espionage
    • Much, much more

    This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy, joins the show this week to talk about some overlooked detection opportunities – some simple stuff you can look for in your environment that should raise gigantic flashing red flags.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • Microsoft confirms two Exchange Server zero days are being used in cyberattacks - The Record by Recorded Future
    • CISA: Multiple government hacking groups had ‘long-term’ access to defense company - The Record by Recorded Future
    • Mexican president confirms ‘Guacamaya’ hack targeting regional militaries - The Record by Recorded Future
    • Mexican journalists targeted by zero-click spyware infections - The Record by Recorded Future
    • Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets
    • Putin grants citizenship to Edward Snowden, who disclosed US eavesdropping - The Washington Post
    • U.S. fails in bid to extradite Brit for helping North Korea evade sanctions with cryptocurrency - The Record by Recorded Future
    • Bill Marczak on Twitter: "NEW REPORT today from @Reuters @JoelSchectman providing more detail about fatal flaws in the CIA's defunct communications network. Iran and China compromised the network in 2011, and killed dozens of CIA assets https://t.co/AwN8pQtWL2" / Twitter
    • Numerous orgs hacked after installing weaponized open source apps | Ars Technica
    • 'Poisoned' Tor Browser tracks Chinese users' online history, location
    • Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying | WIRED
    • A Matrix Update Patches Serious End-to-End Encryption Flaws | WIRED
    • LA officials confirm ransomware group leaked students’ personal data - The Record by Recorded Future
    • Nearly 700 ransomware incidents traced back to wholesale access markets: report - The Record by Recorded Future
    • Semiconductor industry faced 8 attacks from ransomware groups, extortion gangs in 2022 - The Record by Recorded Future
    • CISA directs federal agencies to track software and vulnerabilities - The Record by Recorded Future
    • Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security
    • House Democrats debut new bill to limit US police use of facial recognition | TechCrunch
    • EP000: Operation Aurora | HACKING GOOGLE - YouTube

    Risky Biz Soap Box: Why Microsoft's Smart Application Control is very strange Sep 29, 2022

    In this Soap Box podcast Patrick Gray interviews Airlock Digital CTO Daniel Schell and CEO David Cottingham about Microsoft’s new Smart Application Control feature, why controlling browser extensions via endpoint instrumentation is really hard and why PAM solutions don’t actually do allowlisting, even if they claim they do.


    Risky Business #680 -- Uber, Rockstar Games hacker arrested Sep 28, 2022

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

    • Lapsus$’s Teapot arrested by UK police
    • Optus hacker issues grovelling apology after feeling AFP and ASD heat
    • Ukraine claims Russia is planning massive attacks on its infrastructure
    • RSOCKS bot herder begs for extradition to USA
    • Russians scammed when seeking military service exemptions
    • Much, much more

    This week’s show is sponsored by Votiro. Ravi Srinivasan, Votiro’s CEO, joins the show this week to talk about how people are using content disarm and reconstruction.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Show notes

    • British teen arrested in hacking case
    • Australian cybersecurity minister lambasts Optus for ‘unprecedented' hack - The Record by Recorded Future
    • CISA: Iranian hackers spent 14 months in Albanian gov’t network before launching ransomware - The Record by Recorded Future
    • Iran shutters mobile networks, Instagram, WhatsApp amid protests - The Record by Recorded Future
    • US Treasury carves out Iran sanctions exceptions for internet providers - The Record by Recorded Future
    • Signal Is Asking People Around the World to Help Iranians Access the Encrypted App
    • Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine | WIRED
    • Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service
    • Russia plans “massive cyberattacks” on critical infrastructure, Ukraine warns | Ars Technica
    • Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. – Krebs on Security
    • Сбербанк предупредил о мошенничестве с продажей якобы "белых" военников - РИА Новости, 26.09.2022
    • SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security
    • How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000 | Ars Technica
    • The record-setting DDoSes keep coming, with no end in sight | Ars Technica
    • International conflicts driving increased strength of DDoS attacks: report - The Record by Recorded Future
    • Tarfile path traversal bug from 2007 still present in 350k open source repos | The Daily Swig

      Related Podcasts

      BrishannaUniverse

      1

      BrishannaUniverse News
      The Assassination

      2

      The Assassination News
      Legal AF by MeidasTouch

      3

      Legal AF by MeidasTouch News
      Breakdown

      4

      Breakdown News
      1A

      5

      1A News
      San Diego News Fix

      6

      San Diego News Fix News
      footer-logo

      Contact Us

      Toll Free: 844-670-7747

      Links

      • Home
      • Top Charts
      • Networks
      • Apps
      • Independents Podcasts
      • Podcast Advertising
      • Podcast News
      • Contact Us
      • About Us
      • Analytics & Insights

      Stay Connected

        Privacy, Terms of Use & Our Code of Ethics Protecting Content Creators Copyrights