Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
In Machines We Trust
A podcast about the automation of everything. Host Jennifer Strong and the team at MIT Technology Review look at what it means to entrust artificial intelligence with our most sensitive decisions.
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Risky Business #702 -- 3CX: It's like SolarWinds, but stupider
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Why 3CX was the dumbest supply chain attack we’ve seen Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved How attackers are burning down cloud infrastructure The latest from the world of spyware Much, much more This week’s show is brought to you by Nucleus Security. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED 3CX support tells customers to investigate malware warnings themselves | Ars Technica North Korean hackers linked to 3CX supply-chain attack, investigation finds BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog CISA, Cisco highlight Russian military targeting of router vulnerabilities Israeli spyware software surveilling journalists, politicians Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch US commits $25 million to Costa Rica for Conti ransomware recovery State Department, Congress working on formal program for US cyber aid CISA and partners issue secure-by-design principles for software manufacturers | FedScoop Time to Designate Space Systems as Critical Infrastructure Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED Cyber company Darktrace gets caught up in LockBit gang's apparent blunder Payments giant says it is investigating ransomware incident that caused POS outage Cyberattack causing treatment delays at Canadian hospital German arms manufacturer Rheinmetall confirms cyberattack Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme Police arrest almost 120 people globally following Genesis Market takedown FBI accessed Genesis Market's backend servers as part of takedown LinkedIn Verification Now Lets You Verify Your Job and Account | WIRED Tech industry’s pain is NSA’s gain, cyber leader says about layoffs QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service - Check Point Research Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. | CyberScoop From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks Taiwan highly vulnerable to Chinese air attack, leaked documents show - The Washington Post Pentagon document leak raises questions about internal security - The Washington Post Leaked secret documents detail additional Chinese spy balloons - The Washington Post
Risky Biz Soap Box: Haroon Meer on why the VC apocalypse is great news
In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing. He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.
Risky Biz Soap Box: Haroon Meer on why the VC apocalypse is great news
In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing. He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.
Risky Business #701 -- Why infosec is wrong about TikTok
NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you. On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover: The Biden White House’s executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it’s time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned’ Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico’s water authority British hospital investigating impact of ‘contained’ cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch
Risky Business #701 -- Why infosec is wrong about TikTok
NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you. On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover: The Biden White House’s executive order on spyware Why the infosec community writ large is wrong on TikTok Clop campaign: it’s time to ditch your file transfer gateways Major Android app booted from store because it was full of 0day privesc exploits lol More detail on the BreachForums admin arrest Much, much more This week’s show is brought to you by RunZero. HD Moore, co-founder of RunZero, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing. Show notes At least 50 U.S. government employees hit with spyware, White House says Kevin McCarthy says House 'will be moving forward' with TikTok legislation US lawmakers tell TikTok CEO the app ‘should be banned’ Between Two Nerds: The Real Problem with TikTok - Risky Business New victims come forward after mass-ransomware attack | TechCrunch UK Pension Protection Fund latest victim of GoAnywhere hack Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News Fortra told breached companies their data was safe | TechCrunch When to use Dropbox vs. MFT: Best Versatile File Sharing and Security | GoAnywhere MFT City of Toronto and Virgin confirm hackers accessed data through file transfer systems Tasmania investigating attack after Clop ransomware group adds to victim list Latitude Financial faces possible class action after millions affected by data breach | Australia news | The Guardian Android app from China executed 0-day exploit on millions of devices | Ars Technica Telecom giant Lumen says it discovered two separate cyber intrusions Tennessee city hit with ransomware attack FBI, CISA investigating cyberattack on Puerto Rico’s water authority British hospital investigating impact of ‘contained’ cyber incident Largest telecom in Guam starts restoring services after cyberattack Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data How the FBI caught the BreachForums admin | TechCrunch Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign North Korea Is Now Mining Crypto to Launder Its Stolen Loot | WIRED “Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania > U.S. Cyber Command > News Bad magic: new APT found in the area of Russo-Ukrainian conflict | Securelist Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 | TechCrunch
Risky Business #700 -- Yevgeny Prigozhin's empire gets owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra. They cover: Yevgeny Prigozhin’s entire enterprise got majorly owned Kremlin bans iPhones among President’s staff A look at those Android handset baseband bugs (woof) A discussion of the acropalypse issue Why you need to sort out your egress filtering in light of the latest Outlook bug Shanna Daly joins us on stage to talk about why the infosec industry sucks Plus much much more This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Dossier Center Investigation: Prigozhin's Cyber Troops Unwanted communications - Newspaper Kommersant No. 46 (7491) dated 03/20/2023 Google tells users of some Android phones: Nuke voice calling to avoid infection | Ars Technica Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Severe exploit could expose sensitive data on Pixel screenshots previously cropped Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug Ransomware gang exploited a zero-day in Microsoft security feature, Google says Feds Charge NY Man as BreachForums Boss “Pompompurin” – Krebs on Security After BreachForums arrest, new site administrator says the platform will live on 3xp0rt on Twitter: "BreachForums is offline everywhere https://t.co/Q2o133e9Oy" / Twitter Two U.S. Men Charged in 2022 Hacking of DEA Portal – Krebs on Security Crypto ‘Mixer’ Laundered $700 Million For Customers, Including Russian And North Korean Spies, DOJ Says China-linked hackers exploit Fortinet zero-day in new spying campaign Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | CISA Clop ransomware is victimizing GoAnywhere MFT customers Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica Crypto ATM manufacturer General Bytes hacked, at least $1.5 million stolen
Risky Business #700 -- Yevgeny Prigozhin's empire gets owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra. They cover: Yevgeny Prigozhin’s entire enterprise got majorly owned Kremlin bans iPhones among President’s staff A look at those Android handset baseband bugs (woof) A discussion of the acropalypse issue Why you need to sort out your egress filtering in light of the latest Outlook bug Shanna Daly joins us on stage to talk about why the infosec industry sucks Plus much much more This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Dossier Center Investigation: Prigozhin's Cyber Troops Unwanted communications - Newspaper Kommersant No. 46 (7491) dated 03/20/2023 Google tells users of some Android phones: Nuke voice calling to avoid infection | Ars Technica Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets Severe exploit could expose sensitive data on Pixel screenshots previously cropped Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug Ransomware gang exploited a zero-day in Microsoft security feature, Google says Feds Charge NY Man as BreachForums Boss “Pompompurin” – Krebs on Security After BreachForums arrest, new site administrator says the platform will live on 3xp0rt on Twitter: "BreachForums is offline everywhere https://t.co/Q2o133e9Oy" / Twitter Two U.S. Men Charged in 2022 Hacking of DEA Portal – Krebs on Security Crypto ‘Mixer’ Laundered $700 Million For Customers, Including Russian And North Korean Spies, DOJ Says China-linked hackers exploit Fortinet zero-day in new spying campaign Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server | CISA Clop ransomware is victimizing GoAnywhere MFT customers Security firm Rubrik is latest to be felled by GoAnywhere vulnerability | Ars Technica Crypto ATM manufacturer General Bytes hacked, at least $1.5 million stolen
Risky Business #699 -- BYOD risks ramp up
Threat actors are really enjoying home networks and BYOD these days… On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why our LastPass/DPRK hunch weakened CISA launches ransomware warning program Is the Ring data extortion real? White House flags cloud service security regulation Pig Butchering overtakes BEC as top cybercrime earner Much more! This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant North Korean hackers target security researchers with a new backdoor | Ars Technica Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO CISA unveils ransomware warning pilot for critical infrastructure Data breach hits lawmakers and staff on Capitol Hill Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch The FBI Just Admitted It Bought US Location Data | WIRED ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED Malware infecting widely used security appliance survives firmware updates | Ars Technica People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes Australian official demands Russia bring criminal hackers ‘to heel’ DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security Twitter’s Most Important Anti-Censorship Tool Is Currently Dead CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability
Risky Business #699 -- BYOD risks ramp up
Threat actors are really enjoying home networks and BYOD these days… On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why our LastPass/DPRK hunch weakened CISA launches ransomware warning program Is the Ring data extortion real? White House flags cloud service security regulation Pig Butchering overtakes BEC as top cybercrime earner Much more! This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 | Mandiant Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW | Mandiant North Korean hackers target security researchers with a new backdoor | Ars Technica Ring won’t say if it was hacked after ransomware gang claims attack | TechCrunch Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ - POLITICO CISA unveils ransomware warning pilot for critical infrastructure Data breach hits lawmakers and staff on Capitol Hill Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information | CyberScoop Cancer patient sues medical provider after ransomware group posts her photos online | CyberScoop Telehealth startup Cerebral shared millions of patients’ data with advertisers | TechCrunch The FBI Just Admitted It Bought US Location Data | WIRED ‘Pig Butchering’ Scams Are Now a $3 Billion Threat | WIRED Malware infecting widely used security appliance survives firmware updates | Ars Technica People Used Facebook's Leaked AI to Create a 'Based' Chatbot that Says the N-Word OpenAI releases GPT-4, artificial intelligence that can 'see' and do taxes Australian official demands Russia bring criminal hackers ‘to heel’ DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog Sued by Meta, Freenom Halts Domain Registrations – Krebs on Security Twitter’s Most Important Anti-Censorship Tool Is Currently Dead CVE-2023-23415 - Security Update Guide - Microsoft - Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability CVE-2023-23397 - Security Update Guide - Microsoft - Microsoft Outlook Elevation of Privilege Vulnerability
Risky Biz Soap Box: Six degrees of Domain Admin
Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.
Risky Biz Soap Box: Six degrees of Domain Admin
Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.
Risky Business #698 -- Why LastPass was probably DPRK*
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why the White House’s cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. * NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub’s secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners’ data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won’t fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig
Risky Business #698 -- Why LastPass was probably DPRK
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why the White House’s cybersecurity strategy is actually quite good The LastPass breach was probably DPRK UEFI bootkits are going downmarket, and this is bad GitHub will scan repos for secrets A look at some interesting DJI drone research Much, much more This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Risky Biz News: White House unveils National Cybersecurity Strategy White House looks to put cybersecurity pressure on companies Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach Give Me E2EE or Give Me Death - by Tom Uren Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica GitHub’s secret scanning alerts now available for all public repos This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED Hackers steal gun owners’ data from firearm auction website | TechCrunch New ATM Malware 'FiXS' Emerges - SecurityWeek US government warns Royal ransomware is targeting critical infrastructure | TechCrunch Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web Hospital Clínic de Barcelona severely impacted by ransomware attack Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area Salt Labs | Traveling with OAuth - Account Takeover on Booking.com Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica The life-upending flaw that USPS won’t fix | TechCrunch Powerful Meta large language model widely available online | CyberScoop We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig
Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at LastPass’s intrusion post mortem A very stable genius decided to ransomware the US Marshals Service Why Signal’s complaints about UK’s Online Safety Act are bad faith Much, much more… This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Additional details of the attack - LastPass Support LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica 'Major' U.S. Marshals Service hack compromises sensitive info DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig How I Broke Into a Bank Account With an AI-Generated Voice Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News Tines Automation Platform - YouTube
Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: A look at LastPass’s intrusion post mortem A very stable genius decided to ransomware the US Marshals Service Why Signal’s complaints about UK’s Online Safety Act are bad faith Much, much more… This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Additional details of the attack - LastPass Support LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica 'Major' U.S. Marshals Service hack compromises sensitive info DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News 'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig How I Broke Into a Bank Account With an AI-Generated Voice Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News Tines Automation Platform - YouTube