Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
Risky Business #737 -- LockBit gets absolutely rekt
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world’s biggest ransomware operation Shanghai Anxun’s information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long’ list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.
Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants
The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.
Risky Business #736 -- Azure misconfigurations are 2024's looming threat
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Somehow there are still more Ivanti and Fortinet exploits Volt Typhoon have been at it for years Starlink in Ukraine gets complicated Canadians hate poor Flipper Much, much more… In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them. Show notes Microsoft Azure customers hit by phishing, account takeover attacks | Cybersecurity Dive Ivanti publishes urgent warning about new vulnerability How is Pulse Secure Formed Attackers hit more networking gear, this time a critical Fortinet CVE | Cybersecurity Dive End Of General Availability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) Coker: ONCD is studying ‘liability regimes’ for software flaws Chinese hackers spent 5 years in US infrastructure, ready to attack CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’ Russia using Starlink Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown | Ars Technica Health insurance data breach affects nearly half of France’s population, privacy regulator warns Hackers attack 25 Romanian hospitals Catalin on the Rhysider ransomware decrypter going public A password manager LastPass calls “fraudulent” booted from App Store | Ars Technica From Cybercrime Saul Goodman to the Russian GRU – Krebs on Security
Risky Business #736 -- Azure misconfigurations are 2024's looming threat
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Somehow there are still more Ivanti and Fortinet exploits Volt Typhoon have been at it for years Starlink in Ukraine gets complicated Canadians hate poor Flipper Much, much more… In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them. Show notes Microsoft Azure customers hit by phishing, account takeover attacks | Cybersecurity Dive Ivanti publishes urgent warning about new vulnerability How is Pulse Secure Formed Attackers hit more networking gear, this time a critical Fortinet CVE | Cybersecurity Dive End Of General Availability of the free vSphere Hypervisor (ESXi 7.x and 8.x) (2107518) Coker: ONCD is studying ‘liability regimes’ for software flaws Chinese hackers spent 5 years in US infrastructure, ready to attack CISA, FBI warn of China-linked hackers pre-positioning for ‘destructive cyberattacks against US critical infrastructure’ Russia using Starlink Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown | Ars Technica Health insurance data breach affects nearly half of France’s population, privacy regulator warns Hackers attack 25 Romanian hospitals Catalin on the Rhysider ransomware decrypter going public A password manager LastPass calls “fraudulent” booted from App Store | Ars Technica From Cybercrime Saul Goodman to the Russian GRU – Krebs on Security
Soap Box: How to dismantle Volt Typhoon-style relay networks
In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about: Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action How vendors are using Greynoise as an early warning system to identify exploitation of their products How he’s using large language models to reverse exploitation attempts into actual exploits It truly is a great conversation, we hope you enjoy it!
Soap Box: How to dismantle Volt Typhoon-style relay networks
In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about: Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action How vendors are using Greynoise as an early warning system to identify exploitation of their products How he’s using large language models to reverse exploitation attempts into actual exploits It truly is a great conversation, we hope you enjoy it!
Risky Business #735 -- AnyDesk fails the transparency test
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use’ after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC’s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube
Risky Business #735 -- AnyDesk fails the transparency test
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: Thought eels were slippery? Check out AnyDesk’s PR! Why Microsoft’s 365 is a nightmare to secure Cloudflare’s needlessly hostile blog post US Government introduces “Disneyland ban” for spyware peddlers Much, much more… This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles. This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win! Show notes AnyDesk initiates extensive credentials reset following cyberattack | Cybersecurity Dive AnyDesk says software ‘safe to use’ after cyberattack Former CIA officer who gave WikiLeaks state secrets gets 40-year sentence Arrests in $400M SIM-Swap Tied to Heist at FTX? – Krebs on Security Microsoft Breach — What Happened? What Should Azure Admins Do? | by Andy Robbins | Feb, 2024 | Posts By SpecterOps Team Members Cloudflare hit by follow-on attack from previous Okta breach | Cybersecurity Dive Thanksgiving 2023 security incident US announces visa restriction policy targeting spyware abuses Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware - United States Department of State Deputy Prime Minister hosts first global conference targeting ‘hackers for hire’ and malicious use of commercial cyber tools - GOV.UK New Google TAG report: How Commercial Surveillance Vendors work A Startup Allegedly ‘Hacked the World.’ Then Came the Censorship—and Now the Backlash | WIRED American businessman settles hacking case in UK against law firm Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government Another Chicago hospital announces cyberattack Deepfake scammer walks off with $25 million in first-of-its-kind AI heist | Ars Technica As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3 | Ars Technica Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations Agencies using vulnerable Ivanti products have until Saturday to disconnect them | Ars Technica The far right is scaring away Washington's private hacker army - POLITICO Our thoughts on AIxCC’s competition format | Trail of Bits Blog How CISA can improve OSS security | Trail of Bits Blog Securing open-source infrastructure with OSTIF | Trail of Bits Blog Announcing the Trail of Bits Testing Handbook | Trail of Bits Blog 30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more | Trail of Bits Blog Publishing Trail of Bits’ CodeQL queries | Trail of Bits Blog The Unguarded Moment (2002 Digital Remaster) - YouTube Boy Swallows Universe | Official Trailer | Netflix - YouTube
Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube
Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about: More details on sanctioned Medibank hacker Aleksandr Ermakov More details on alleged Scattered Spider hacker Noah Michael Urban RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge Ron Wyden did something useful… …then did something stupid Ivanti’s clown car collides with dumpster fire Much, much more This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob. Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing. Show notes Exclusive: US disabled Chinese hacking network targeting critical infrastructure | Reuters Medibank’s Attacker: IT Businessman, Claimed Psychologist… | Intel471 Who is Alleged Medibank Hacker Aleksandr Ermakov? – Krebs on Security Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider – Krebs on Security Microsoft says Russian hackers also targeted other organizations | TechCrunch HPE hit by a monthslong cyberattack on its cloud-based email | Cybersecurity Dive (99+) Microsoft's Dangerous Addiction To Security Revenue | LinkedIn Microsoft critics accuse the firm of ‘negligence’ in latest breach | CyberScoop N.S.A. Buys Americans’ Internet Data Without Warrants, Letter Says - The New York Times Trading platform EquiLend down following cyberattack | Cybersecurity Dive Ivanti Connect Secure zero-day patches delayed | Cybersecurity Dive Popular CI/CD tool Jenkins discloses critical CVE | Cybersecurity Dive MOVEit liabilities mount for Progress Software | Cybersecurity Dive Tim Watts bio: Pennywise - Down Under [Men at Work Cover] - YouTube
Risky Business #733 -- Say cheese, motherf---er
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. Microsoft honks its clown car horn Australia’s hounds, released, catch their man The beginning of the end for Scattered Spider SEC was SIM swapped but had MFA off any way Ivanti learns a lesson… … while Progress does not and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register
Risky Business #733 -- Say cheese, motherf---er
In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. * Microsoft honks its clown car horn * Australia’s hounds, released, catch their man * The beginning of the end for Scattered Spider * SEC was SIM swapped but had MFA off any way * Ivanti learns a lesson… * … while Progress does not * and much more DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs. In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong. Show notes Microsoft network breached through password-spraying by Russia-state hackers | Ars Technica Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard | MSRC Blog | Microsoft Security Response Center Medibank cyber attack: The weakness that saw Medibank hacker Aleksandr Ermakov exposed | Exclusive Russian man identified as Medibank hacker, hit with sanctions by Australian government - ABC News Middle District of Florida | Palm Coast Man Arrested For Wire Fraud And Aggravated Identity Theft Charges | United States Department of Justice SEC.gov | SECGov X Account Owner of BreachedForums sentenced to time served plus 20 years supervised release with special conditions CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities | Cybersecurity Dive Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative | Cybersecurity Dive Progress Software shakes off MOVEit’s financial consequences, maintains customers | Cybersecurity Dive Cyberattack on Ukraine’s largest telecom provider will cost it about $100 million Ransomware attacks leave small business owners feeling suicidal, report says Canadian Man Stuck in Triangle of E-Commerce Fraud – Krebs on Security Experts call for US Cyber Safety Review Board rethink • The Register
Risky Business #732 — We are CRUSHED
On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says
Risky Business #732 — We are CRUSHED
On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Their disappointment over last week’s SEC Twitter hack China rainbow-tables Airdrop Enterprise bugs galore… … and why patching fast is hard when there isn’t even a patch yet UEFI flaws get trad-BIOS-era vendor response and much, much more… This week’s show is unsponsored, we’re just here for the fun of it. Show notes The SEC’s Official X Account Was ‘Compromised’ and Used to Post Fake Bitcoin News | WIRED Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up. | Ars Technica FireChat – the messaging app that’s powering the Hong Kong protests End-of-life Cisco routers targeted by China’s Volt Typhoon group Ivanti Connect Secure attacks part of deliberate espionage operation | Cybersecurity Dive Ivanti Connect Secure VPN Exploitation Goes Global NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Aria Automation Missing Access Control Vulnerability (CVE-2023-34063) Security Bulletin - January 16 2024 Stable Channel Update for Desktop “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. LeftoverLocals: Listening to LLM responses through leaked GPU local memory Bigpanzi TV Botnet Southeast Asian casino industry supercharging cyber fraud, UN says