Risky Business
200 FOLLOWERS
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business
2d ago
On this week’s show Patrick and Adam discuss the week’s security news, including:
FVEY protests China’s widespread hacking of western politicians
China bans western CPUs, Windows and databases
Apple’s leaky M-chip prefetcher
Nigeria holds ex-IRS investigator hostage in Binance stoush
Researchers bring Rowhammer to AMD Zen and DDR5
And much, much more.
This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and releva ..read more
Risky Business
6d ago
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more ..read more
Risky Business
2w ago
On this week’s show Patrick and Adam discuss the week’s security news, including:
Weather forecast in Redmond is still for blizzards at midnight
Maybe Change Healthcare wasn’t just crying nation-state wolf
Hackers abuse e-prescription systems to sell drugs
CISA goes above and beyond to relate to its constituency by getting its Ivantis owned
VMware drinks from the Tianfu Cup
Much, much more
This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Muel ..read more
Risky Business
3w ago
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response
Predator spyware maker getting a stern sanctioning
A German military WebEx meeting gets snooped
Mem-corrpution is still king
And much, much more
In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP.
Show notes
U.S. Air Force employee charged with giving classified information to wo ..read more
Risky Business
1M ago
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
LockBit gets back up after takedown
Russia arrests Medibank hacker… for something else
ConnectWise gives out free updates, but customers aren’t happy
Microsoft gives in to demands for more logs
Sandvine gets entity-listed
And much much more.
Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan.
In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham pr ..read more
Risky Business
1M ago
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
LockBit has been taken down by law enforcement
Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON
GRU gets its Moobot network shutdown
Signal adding usernames is… complicated
Much, much more
In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so.
Show notes
Feds Seize LockBit Ransomware Websi ..read more
Risky Business
1M ago
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant ..read more
Risky Business
1M ago
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
Somehow there are still more Ivanti and Fortinet exploits
Volt Typhoon have been at it for years
Starlink in Ukraine gets complicated
Canadians hate poor Flipper
Much, much more…
In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.
Show notes
Microsoft Azure customers hit by phishing, account takeover attacks ..read more
Risky Business
1M ago
In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about:
Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action
How vendors are using Greynoise as an early warning system to identify exploitation of their products
How he’s using large language models to reverse exploitation attempts into actual exploits
It truly is a great conversation, we hope you enjoy it ..read more
Risky Business
1M ago
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:
Thought eels were slippery? Check out AnyDesk’s PR!
Why Microsoft’s 365 is a nightmare to secure
Cloudflare’s needlessly hostile blog post
US Government introduces “Disneyland ban” for spyware peddlers
Much, much more…
This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Vol ..read more