Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #816 -- Copilot Actions for Windows is extremely dicey
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
- Salesforce partner Gainsight has customer data stolen
- Crowdstrike fires insider who gave hackers screenshots of internal systems
- Australian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigs
- Shai-Hulud npm/Github worm is back, and rm -rf’ier than ever
- SEC gives up on Solarwinds lawsuit
- Dog eats cryptographer’s key material
This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models.
This episode is also available on Youtube.
Show notes
- Google says hackers stole data from 200 companies following Gainsight breach
- Gainsight Status
- Trust Status
- CrowdStrike fires 'suspicious insider' who passed information to hackers
- Salesforce cuts off access to third-party app after discovering ‘unusual activity’
- Атаки разящей панды: APT31 сегодня
- Office of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions
- Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament House
- Sha1-Hulud: The Second Coming of the NPM Worm is Digging For Secrets
- FCC eliminates cybersecurity requirements for telecom companies
- Trade Associations Cybersecurity Practices Ex Parte
- SEC voluntarily dismisses SolarWinds lawsuit
- Record-breaking DDoS attack against Microsoft Azure mitigated
- The Cloudflare Outage May Be a Security Roadmap – Krebs on Security
- Critics scoff after Microsoft warns AI feature can infect machines and pilfer data
- vx-underground on X: "I've had a surprising amount of people ask me about Copilot"
- Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
- Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack
- Russia arrests young cybersecurity entrepreneur on treason charges
- This campaign aims to tackle persistent security myths in favor of better advice
- Oops. Cryptographers cancel election results after losing decryption key.
- Uncovering network attack paths with runZeroHound
- Model Context Protocol