Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
Risky Business #711 -- Albanian authorities raid MEK camp over Iran hacks
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’ The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans’ data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange
Risky Business #711 -- Albanian authorities raid MEK camp over Iran hacks
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week’s show is brought to you by Nucleus Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay’ The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans’ data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange
Risky Business #710 -- Why your corporate VPN will get you owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Fortinet 0day Groundhog Day CISA’s new binding directive on exposed management interfaces Confirmed: US intelligence buying commercially available data MOVEit drama rolls on Much, much more This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security MOVEit announces second vulnerability; Minnesota schools agency breached with original bug Confidential data downloaded from UK regulator Ofcom in cyberattack Ransomware group Clop issues extortion notice to ‘hundreds’ of victims Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch CISA orders US civilian agencies to remove tools from public-facing internet Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive Microsoft says Azure outage was caused by ‘anomalous’ traffic spike Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED Srsly Risky Biz: Thursday, July 29 - by Tom Uren National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post Senators say Biden administration isn’t close on overhauling surveillance law Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e North Korean hacking group Lazarus linked to $35 million cryptocurrency heist North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters An Illinois hospital links closure to ransomware attack Security professional's tweet forces big change to Google email authentication | CyberScoop Can you trust ChatGPT’s package recommendations? LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive
Risky Business #710 -- Why your corporate VPN will get you owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Fortinet 0day Groundhog Day CISA’s new binding directive on exposed management interfaces Confirmed: US intelligence buying commercially available data MOVEit drama rolls on Much, much more This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security MOVEit announces second vulnerability; Minnesota schools agency breached with original bug Confidential data downloaded from UK regulator Ofcom in cyberattack Ransomware group Clop issues extortion notice to ‘hundreds’ of victims Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch CISA orders US civilian agencies to remove tools from public-facing internet Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive Microsoft says Azure outage was caused by ‘anomalous’ traffic spike Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED Srsly Risky Biz: Thursday, July 29 - by Tom Uren National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post Senators say Biden administration isn’t close on overhauling surveillance law Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e North Korean hacking group Lazarus linked to $35 million cryptocurrency heist North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters An Illinois hospital links closure to ransomware attack Security professional's tweet forces big change to Google email authentication | CyberScoop Can you trust ChatGPT’s package recommendations? LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack | Cybersecurity Dive
Risky Business #709 -- Cl0p goes berserk with MOVEit 0day
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Russia’s FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China’s prepositioning is probably… prepositioning Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst
Risky Business #709 -- Cl0p goes berserk with MOVEit 0day
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Russia’s FSB uncovers “NSA malware” on iPhones Cl0p mass harvests data from MOVEit file transfer servers ASD discloses a bunch of operations against ISIS, criminals Why China’s prepositioning is probably… prepositioning Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Russia says US hacked thousands of Apple phones in spy plot | Reuters Risky Biz News: Russia's FSB says NSA hacked iPhones in cyber-espionage campaign Russia wants 2 million phones with home-grown Aurora OS for use by officials Доверенная мобильная среда. Мобильная операционная система «Аврора» — Ростелеком Why China's Latest APT Campaign is Legitimately Worrying War crimes committed through cyberspace must not escape international justice, says Estonian president Hacks Against Ukraine's Emergency Response Services Rise During Bombings | WIRED How Australian cyber spies used 'Rickrolling' to disrupt Islamic State militants in Iraq - ABC News Australian intelligence's secret hand in bringing down the Bali bombers - ABC News Microsoft Threat Intelligence on Twitter: "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site. The threat actor has used similar vulnerabilities in the past to steal data & extort victims. https://t.co/q73WtGru7j" / Twitter What we know about the MOVEit vulnerability and compromises | Cybersecurity Dive metlstorm: "Great, so now I have to roll i…" - Infosec Exchange Dave Aitel: "@riskybusiness @chort honestly…" - Infosec Exchange Critical Barracuda 0-day was used to backdoor networks for 8 months | Ars Technica Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED Ask Fitis, the Bear: Real Crooks Sign Their Malware – Krebs on Security Wayback Machine Discord Admins Hacked by Malicious Bookmarks – Krebs on Security Google’s Android and Chrome extensions are a very sad place. Here’s why | Ars Technica How university cybersecurity clinics can help cities fight ransomware | CyberScoop Atomic - Crypto Wallet on Twitter: "We have received reports of wallets being compromised. We are doing all we can to investigate and analyse the situation. As we have more information, we will share it accordingly. For any questions and concerns, contact support@atomicwallet.io" / Twitter BrianKrebs: "Russian news outlet Kommersant…" - Infosec Exchange Thinkst
Risky Business #708 – China's lolbin-powered adventures in US critical infrastructure
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: China’s lolbin-powered intrusions into critical infrastructure Trend Micro backs BlackBerry’s Cuba call Anonymous Sudan shakes down Scandanavian Airlines Iranian opposition party MEK publishes gargantuan leak Much, much more This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (1) New Messages! U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines Iranian dissidents take over high-security servers of regime presidency | Iran-linked hackers Agrius deploying new ransomware against Israeli orgs Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses NSO spyware used in Armenia-Azerbaijan conflict, report finds Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware SMS pumping fraud: take care how you configure MFA - TechHQ Full Disclosure: Printerlogic multiple vulnerabilities Barracuda Networks issue added to CISA vulnerability list Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive Developing: RaidForums users db leaked Phishing Domains Tanked After Meta Sued Freenom – Krebs on Security Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop
Risky Business #708 – China's lolbin-powered adventures in US critical infrastructure
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: China’s lolbin-powered intrusions into critical infrastructure Trend Micro backs BlackBerry’s Cuba call Anonymous Sudan shakes down Scandanavian Airlines Iranian opposition party MEK publishes gargantuan leak Much, much more This week’s show is brought to you by Kubernetes security company KSOD. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (1) New Messages! U.S. warns China could hack infrastructure, including pipelines, rail systems | Reuters Factbox: What is Volt Typhoon, the alleged China-backed hacking group? | Reuters Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? - The New York Times COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals Hacker group Anonymous Sudan demands $3 million from Scandinavian Airlines Iranian dissidents take over high-security servers of regime presidency | Iran-linked hackers Agrius deploying new ransomware against Israeli orgs Exclusive: Chinese hackers attacked Kenyan government as debt strains grew | Reuters Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses NSO spyware used in Armenia-Azerbaijan conflict, report finds Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware SMS pumping fraud: take care how you configure MFA - TechHQ Full Disclosure: Printerlogic multiple vulnerabilities Barracuda Networks issue added to CISA vulnerability list Barracuda patches actively exploited zero-day vulnerability in email gateways | Cybersecurity Dive Developing: RaidForums users db leaked Phishing Domains Tanked After Meta Sued Freenom – Krebs on Security Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping | CyberScoop
Risky Biz Soap Box: Why your EDR won't save you
In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll. They talk about all sorts of things, like: How the ransomware ecosystem is evolving into “ma and pa” operations Some killer detections they’ve figured out What separates the good networks from the bad ones Why EDR is of limited value if you’re not actually monitoring it Why not letting MDRs do the R part of their job is really, really, really dumb
Risky Biz Soap Box: Why your EDR won't save you
In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll. They talk about all sorts of things, like: How the ransomware ecosystem is evolving into “ma and pa” operations Some killer detections they’ve figured out What separates the good networks from the bad ones Why EDR is of limited value if you’re not actually monitoring it Why not letting MDRs do the R part of their job is really, really, really dumb
Risky Business #707 -- Inside China's information lockdown with Chris Krebs
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google’s New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market’s competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia’s Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients’ information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident’ cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED
Risky Business #707 -- Inside China's information lockdown with Chris Krebs
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Risky Business #706 -- Why BlackBerry thinks Cuba ransomware is a Russian front
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Wazawaka charged, sanctioned PlugwalkJoe extradited, pleads guilty BlackBerry thinks Cuba ransomware is a front for Russian intelligence Anonymous Sudan pops up in Israel Microsoft’s Outlook patch fail Much, much more This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Alleged Babuk ransomware gang leader ‘Wazawaka’ indicted, sanctioned by US Who is the Network Access Broker ‘Wazawaka?’ – Krebs on Security British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say | TechCrunch Slapdash attempt to hack rocket sirens may be cause for serious alarm about Iran | The Times of Israel Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp | WIRED Twitter under fire for restricting content before Turkish presidential election - CBS News Three opposition media outlets hit by cyber attack Patrick Gray on Twitter: "https://t.co/n5b7wPjI6Y https://t.co/UmDbHbhEcS" / Twitter (1) Patrick Gray on Twitter: "Switched to a domain validated username at the other place. Very easy. https://t.co/U46zABPnJl" / Twitter Emerging ransomware group quickly hits 4 critical infrastructure providers | Cybersecurity Dive A ransomware source code leak spawned at least 10 ‘Babuk’ imitators, researchers say Philadelphia Inquirer unable to go to print due to ‘cyber incident’ Hackers attempt to extort Dragos and its executives in suspected ransomware attempt | CyberScoop Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack Swiss tech giant ABB confirms ‘IT security incident’ CISA: Bl00dy Ransomware Gang using printer vulnerability to attack schools Capita says responding to ransomware attack will cost up to £20 million National Gallery of Canada recovering from ransomware incident Yum Brands faces class action suits from employees after ransomware attack | Cybersecurity Dive Knocking down Hive: How the FBI ran its own ransomware decryption operation Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica FBI nukes Russian Snake data theft malware with self-destruct command The FBI’s New Malware Eradication Service Is on Thin Legal Ice Cisco warns of new ‘Greatness’ phishing-as-a-service tool seen in the wild VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns | Cybersecurity Dive UK's National Crime Agency wins major legal challenge over Encrochat hack Inside the Italian Mafia’s Encrypted Phone of Choice Microsoft releases fix for patched Outlook issue exploited by Russian hackers Scammer Made Thousands Selling 'Leaked' Frank Ocean Tracks That Were Fake, AI-Generated
Risky Business #706 -- Why BlackBerry thinks Cuba ransomware is a Russian front
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Wazawaka charged, sanctioned PlugwalkJoe extradited, pleads guilty BlackBerry thinks Cuba ransomware is a front for Russian intelligence Anonymous Sudan pops up in Israel Microsoft’s Outlook patch fail Much, much more This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Alleged Babuk ransomware gang leader ‘Wazawaka’ indicted, sanctioned by US Who is the Network Access Broker ‘Wazawaka?’ – Krebs on Security British man involved in Twitter hack extradited to US, pleads guilty to numerous cybercrimes Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers say | TechCrunch Slapdash attempt to hack rocket sirens may be cause for serious alarm about Iran | The Times of Israel Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp | WIRED Twitter under fire for restricting content before Turkish presidential election - CBS News Three opposition media outlets hit by cyber attack Patrick Gray on Twitter: "https://t.co/n5b7wPjI6Y https://t.co/UmDbHbhEcS" / Twitter (1) Patrick Gray on Twitter: "Switched to a domain validated username at the other place. Very easy. https://t.co/U46zABPnJl" / Twitter Emerging ransomware group quickly hits 4 critical infrastructure providers | Cybersecurity Dive A ransomware source code leak spawned at least 10 ‘Babuk’ imitators, researchers say Philadelphia Inquirer unable to go to print due to ‘cyber incident’ Hackers attempt to extort Dragos and its executives in suspected ransomware attempt | CyberScoop Dallas says it 'will likely take weeks to get back to full functionality' after ransomware attack Swiss tech giant ABB confirms ‘IT security incident’ CISA: Bl00dy Ransomware Gang using printer vulnerability to attack schools Capita says responding to ransomware attack will cost up to £20 million National Gallery of Canada recovering from ransomware incident Yum Brands faces class action suits from employees after ransomware attack | Cybersecurity Dive Knocking down Hive: How the FBI ran its own ransomware decryption operation Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica FBI nukes Russian Snake data theft malware with self-destruct command The FBI’s New Malware Eradication Service Is on Thin Legal Ice Cisco warns of new ‘Greatness’ phishing-as-a-service tool seen in the wild VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns | Cybersecurity Dive UK's National Crime Agency wins major legal challenge over Encrochat hack Inside the Italian Mafia’s Encrypted Phone of Choice Microsoft releases fix for patched Outlook issue exploited by Russian hackers Scammer Made Thousands Selling 'Leaked' Frank Ocean Tracks That Were Fake, AI-Generated
Risky Business #705 -- USA's Turla takedown marks a shift in tactics
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Joe Sullivan’s sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla’s Snake malware operation Much, much more This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia’s Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran’s Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED