Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Special Edition: Chris Krebs, Alex Stamos and Patrick Gray
In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology. China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over. Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?
Risky Business #745 – Tales from the PANageddon
On this week’s show Patrick and Adam discuss the week’s security news, including: Palo Alto’s firewalls have a ../ bad day Sisense’s bucket full of creds gets kicked over United Healthcare draws the ire of congress FISA 702 reauthorisation finally moves forward Apple warns about “mercenary exploitation” but what’s the India link? And much, much, more This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches. Show notes Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Rapid7 Technical Analysis Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security Congress rails against UnitedHealth Group after ransomware attack | CyberScoop The US Government Has a Microsoft Problem | WIRED House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post Top officials again push back on ransom payment ban | Cybersecurity Dive Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop Over 500 people targeted by Pegasus spyware in Poland, officials say Apple drops term 'state-sponsored' attacks from its threat notification policy “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass PuTTY vulnerability vuln-p521-bias Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security
Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence
On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware: down but not out Zero day prices on the rise… … and what it means for enterprise software Geopolitical conflict comes to computers in Palau Ukraine cyber chief Illia Vitiuk suspended More x86 microarchitectural bad times And much much more Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”. Show notes CyberCX_Report_DFIR 2023 Year in Review_Online.pdf Ransomlook Stats Vlad Styran 🇺🇦 on X: ".@riskybusiness has noted recently that there is an “orthodox Easter”-like low season in the ransomware village. Although my sources do not support this assessment, if true, there might be a simple explanation https://t.co/kM8lu6KbyY" / X Price of zero-day exploits rises as companies harden products against hackers | TechCrunch Mandiant spots advanced exploit activity in Ivanti devices | Cybersecurity Dive Pricing - Knocknoc ALPHV steps up laundering of Change Healthcare ransom payments | CyberScoop Extortion group threatens to sell Change Healthcare data | CyberScoop Attempted hack on NYC continues wave of cyberattacks against municipal governments Missouri county declares state of emergency amid suspected ransomware attack | Ars Technica Medusa cybercrime gang takes credit for another attack on US municipality Omni Hotels & Resorts hit by cyberattack | Cybersecurity Dive Targus says cyberattack is causing operational outage | TechCrunch German database company Genios confirms ransomware attack Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses ‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident 'They’re lying': Palau denies claims by ransomware gang over recent cyberattack Ukrainian security service’s cyber chief suspended following media investigation Russia seeks criminal charges against executives at flight booking service accused of failing to protect consumer data House hurtles toward showdown over expiring surveillance tools | CyberScoop D-Link tells customers to sunset actively exploited storage devices | Cybersecurity Dive A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED Ahoi Attacks Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability - Phoronix Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers | Proofpoint US
Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence
On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware: down but not out Zero day prices on the rise… … and what it means for enterprise software Geopolitical conflict comes to computers in Palau Ukraine cyber chief Illia Vitiuk suspended More x86 microarchitectural bad times And much much more Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”. Show notes CyberCX_Report_DFIR 2023 Year in Review_Online.pdf Ransomlook Stats Vlad Styran 🇺🇦 on X: ".@riskybusiness has noted recently that there is an “orthodox Easter”-like low season in the ransomware village. Although my sources do not support this assessment, if true, there might be a simple explanation https://t.co/kM8lu6KbyY" / X Price of zero-day exploits rises as companies harden products against hackers | TechCrunch Mandiant spots advanced exploit activity in Ivanti devices | Cybersecurity Dive Pricing - Knocknoc ALPHV steps up laundering of Change Healthcare ransom payments | CyberScoop Extortion group threatens to sell Change Healthcare data | CyberScoop Attempted hack on NYC continues wave of cyberattacks against municipal governments Missouri county declares state of emergency amid suspected ransomware attack | Ars Technica Medusa cybercrime gang takes credit for another attack on US municipality Omni Hotels & Resorts hit by cyberattack | Cybersecurity Dive Targus says cyberattack is causing operational outage | TechCrunch German database company Genios confirms ransomware attack Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses ‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident 'They’re lying': Palau denies claims by ransomware gang over recent cyberattack Ukrainian security service’s cyber chief suspended following media investigation Russia seeks criminal charges against executives at flight booking service accused of failing to protect consumer data House hurtles toward showdown over expiring surveillance tools | CyberScoop D-Link tells customers to sunset actively exploited storage devices | Cybersecurity Dive A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED Ahoi Attacks Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability - Phoronix Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers | Proofpoint US
Snake Oilers: Kodex, ClearVector and Censys
In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2
Snake Oilers: Kodex, ClearVector and Censys
In this edition of Snake Oilers you’ll hear pitches from three companies: Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.) ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
Risky Business #743 -- A chat about the xz backdoor with the guy who found it
On this week’s show Patrick and Adam discuss the week’s security news, including: The SSH backdoor that dreams (or nightmares) are made of Microsoft gets a solid spanking from the CSRB Ukraine uses an old Russian WinRAR bug to hack Russia Push-notifications and social-engineering combined-arms vs Apple And much, much more. We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library. This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs. Show notes Risky Biz News: Supply chain attack in Linuxland oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) research!rsc: The xz attack shell script DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post Review of the Summer 2023 Microsoft Exchange Online Intrusion Russian researchers say espionage operation using WinRAR bug is linked to Ukraine Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop
On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching’ hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch
Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop
On this week’s show Patrick and Adam discuss the week’s security news, including: FVEY protests China’s widespread hacking of western politicians China bans western CPUs, Windows and databases Apple’s leaky M-chip prefetcher Nigeria holds ex-IRS investigator hostage in Binance stoush Researchers bring Rowhammer to AMD Zen and DDR5 And much, much more. This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says. Show notes Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov Parliament network breached in China-led cyberattack, Judith Collins reveals China blocks use of Intel and AMD chips in government computers Announcement of Safety and Reliability Evaluation Results (No. 1, 2023) Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica How Ukraine is using mobile phones on 6ft poles to stop drones Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop US penalizes Russian fintech firms that helped others evade sanctions UN probing 58 alleged crypto heists by North Korea worth $3 billion Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show ‘Far-reaching’ hack stole information from Python developers ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch
Risky Biz Soap Box: Why Azure vulns should get CVEs
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
Risky Biz Soap Box: Why Azure vulns should get CVEs
In this Soap Box edition of the podcast Patrick Gray talks to Nucleus Security co-founder Scott Kuffer about whether or not cloud service vulnerabilities should get CVEs, what on earth is happening with NIST’s National Vulnerability Database (NVD) and more.
Risky Business #741 -- The Mintlify breach and modern supply chains
On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit’s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post
Risky Business #741 -- The Mintlify breach and modern supply chains
On this week’s show Patrick and Adam discuss the week’s security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia’s powershell, solving living off the land, And much, much more This week’s show is brought to you by Material Security. In this week’s sponsor interview we speak with Material’s Rajan Kapoor, VP of Customer Experience at Material. We’re also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic’s CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit’s takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk’s SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post
Risky Business #740 -- Midnight Blizzard's Microsoft hack isn't over
On this week’s show Patrick and Adam discuss the week’s security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn’t just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week’s feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller’s chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He’ll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week’s sponsor segment to talk about some really interesting work they’ve done in baselining cloud workloads. It’s the sort of thing that sounds simple that really, really isn’t. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children’s hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp