Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Risky Business #735 -- AnyDesk fails the transparency test
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use’ after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC’s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube
Risky Business #735 -- AnyDesk fails the transparency test
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use’ after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC’s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube
Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube
Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube
Risky Business #733 -- Say cheese, motherf---er
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. Microsoft honks its clown car horn Australia’s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson… … while Progress does not and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register
Risky Business #733 -- Say cheese, motherf---er
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. * Microsoft honks its clown car horn * Australia’s hounds, released, catch their man * The beginning of the end for Scattered Spider * SEC was SIM swapped but had MFA off any way * Ivanti learns a lesson… * … while Progress does not * and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register
Risky Business #732 — We are CRUSHED
On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says
Risky Business #732 — We are CRUSHED
On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says
Risky Business #731 -- SEC Twitter hack moves Bitcoin price
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: SEC Twitter account hack moves bitcoin price Kaspersky admires Triangulation hackers’ fine work Telcos hacked all over Israel hacks Iranian gasoline pumps again Iran up in Albania, Sudan, Egypt and Tanzania and much, much more… This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica
Risky Business #731 -- SEC Twitter hack moves Bitcoin price
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: * SEC Twitter account hack moves bitcoin price * Kaspersky admires Triangulation hackers’ fine work * Telcos hacked all over * Israel hacks Iranian gasoline pumps again * Iran up in Albania, Sudan, Egypt and Tanzania * and much, much more… This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact’ of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering’ scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it’s “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica
Risky Business #730 -- Apple, Facebook go all in on e2ee
In this week’s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: Major telco in Ukraine taken down by Russia Apple and Facebook go all in on e2ee Why 702 reauthorisation is looking a bit sketchy The USG wants your push notifications The year in review, plus some predictions for 2024 This week’s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst’s founder, is this week’s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.
Risky Business #730 -- Apple, Facebook go all in on e2ee
In this week’s edition of the show Patrick Gray and guest co-host Dmitri Alperovitch discuss: * Major telco in Ukraine taken down by Russia * Apple and Facebook go all in on e2ee * Why 702 reauthorisation is looking a bit sketchy * The USG wants your push notifications * The year in review, plus some predictions for 2024 This week’s show is brought to you by Thinkst Canary. Haroon Meer, Thinkst’s founder, is this week’s sponsor guest. He joins us to talk about APT groups pivoting to living-off-the-land techniques.
Risky Biz Soap Box: Why enterprise browsers are good, actually
In this Soap Box edition of the Risky Business podcast Patrick Gray talks to Island’s Bradon Rogers about security-focussed, enterprise browsers. You can use Island to do stuff like grant third parties access to corporate applications on unmanaged devices in a not insane way – that’s a huge pain point for a lot of CISOs, and something that is bringing a lot of new customers through Island’s doors. Obviously for devices you do manage, you can roll Island out as your default enterprise browser. There are a lot of security benefits to doing that.
Risky Biz Soap Box: Why enterprise browsers are good, actually
In this Soap Box edition of the Risky Business podcast Patrick Gray talks to Island’s Bradon Rogers about security-focussed, enterprise browsers. You can use Island to do stuff like grant third parties access to corporate applications on unmanaged devices in a not insane way – that’s a huge pain point for a lot of CISOs, and something that is bringing a lot of new customers through Island’s doors. Obviously for devices you do manage, you can roll Island out as your default enterprise browser. There are a lot of security benefits to doing that.
Risky Business #729 -- Why patching faster won't save us
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Iran-linked attacks on US water infrastructure Why the ownCloud bug isn’t the end of the world The D-Link 0day that… never existed? In defence of Okta Much, much more This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks | Cybersecurity Dive North Texas water utility the latest suspected industrial ransomware target | Cybersecurity Dive Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation | Ars Technica Staples hit by cyberattack during critical Cyber Week sales push | Cybersecurity Dive New Jersey, Pennsylvania hospitals affected by cyberattacks 60 credit unions facing outages due to ransomware attack on popular tech provider HHS warns of ‘Citrix Bleed’ attacks after hospital outages Payments processor Tipalti investigating ransomware attack | Cybersecurity Dive CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers | CISA Kremlin-backed hackers attacking unpatched Outlook systems, Microsoft says Latest severe Chrome bug prompts CISA warning Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica Okta again promises it is taking security seriously | Cybersecurity Dive Okta: Breach Affected All Customer Support Users – Krebs on Security Russian and Chinese interference networks are ‘building audiences’ ahead of 2024, warns Meta Meta says it broke up Chinese influence operation looking to exploit U.S. political divisions Clandestine online operations now require sign-off by senior officials - The Washington Post Feds seize Sinbad crypto mixer allegedly used by North Korean hackers | TechCrunch US sanctions North Korean ‘Kimsuky’ hackers after surveillance satellite launch ‘Fugitive’ Spanish aristocrat behind North Korea cryptocurrency conference arrested Used by only a few nerds, Facebook kills PGP-encrypted emails | TechCrunch