Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #821 -- Wiz researchers could have owned every AWS customer
In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.
This week news includes:
- Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
- US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
- MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
- Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
- Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
- GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back
Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.
This episode is also available on Youtube.
Show notes
- Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times
- Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica
- Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute
- Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED
- Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW
- Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News
- Windows 11 shutdown bug forces Microsoft into damage control • The Register
- CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog
- Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive
- Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica
- VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research
- Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED
- Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive
- CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM
- A single click mounted a covert, multistage attack against Copilot - Ars Technica
- Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News
- Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News
- Supreme Court hacker posted stolen government data on Instagram | TechCrunch
- oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd
- How crypto criminals stole $700 million from people - often using age-old tricks
- Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet