Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
ThunderCast
An inside look at the making of Mozilla Thunderbird, and community-driven conversations with our friends in the open-source software space.
Risky Business #716 -- This ain't your grandma's cloud
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Tenable gives Microsoft a spray over Azure bug fix delay, quality Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization Ransomware targets hospitals, special needs schools Japan’s cybersecurity has some catching up to do Much, much more This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop Microsoft resolves vulnerability following criticism from Tenable CEO New Microsoft Azure AD CTS feature can be abused for lateral movement Hackers force hospital system to take its national computer system offline Israeli hospital redirects new patients following ransomware attack Russia-linked cybercriminals target school for children with learning difficulties Hackers accessed 16 years of Colorado public school student data in June ransomware attack Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms China hacked Japan’s classified defense cyber networks, officials say - The Washington Post Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne Ukraine says it thwarted attempt to breach military tablets The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving U.K. election regulator says hackers had access for over a year but elections still secure Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED New Inception attack leaks sensitive data from all AMD Zen CPUs Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch ‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents
Risky Business #715 -- Pressure mounts on Microsoft to explain itself
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ron Wyden’s “please explain” letter to Microsoft Chinese APT crews prepositioning to disrupt US military logistics China claims US hacked its seismology sensors Ivanti/MobileIron exploitation going vertical Much, much more This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica John Hultquist🌻 on Twitter: "We found this actor in land, air, and sea transportation targets which could be leveraged for a serious disruption to logistics." / X China accuses U.S. of hacking earthquake monitoring equipment Exclusive: Pentagon Investigates ‘Critical Compromise’ Of Air Force Communications Systems CISA: Ivanti hacks targeting Norway began in April US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’ | TechCrunch Ivanti warns of second vulnerability used in attacks on Norway gov’t Andrew Morris on Twitter: "Exploitation of Ivanti EPMM (MobileIron Core) CVE-2023-35078 is currently popping off https://t.co/tkRoWqvtv1 https://t.co/XOaWEZ3U3X" / X Trail of Bits | Products US contractor says info of up to 10 million leaked in MOVEit breach British ambulances unable to access patient records system following cyberattack Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive An Unexpected Endorsement for WebAuthn | Okta Security SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive White House unveils ‘whole of society’ push to expand cybersecurity workforce Section 702 surveillance powers are necessary, but FBI access needs limits, panel says The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED Kazakhstan refuses to extradite detained Russian cyber expert to US Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters No evidence ransomware victims with cyber insurance pay up more often, UK report says ‘Worm-like’ botnet malware targeting popular Redis storage tool Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Bug in Minecraft mods allows hackers to exploit players' devices
Risky Business #715 -- Pressure mounts on Microsoft to explain itself
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Ron Wyden’s “please explain” letter to Microsoft Chinese APT crews prepositioning to disrupt US military logistics China claims US hacked its seismology sensors Ivanti/MobileIron exploitation going vertical Much, much more This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Wyden letter to CISA, DOJ, FTC re 2023 Microsoft breach Senator calls on DOJ to investigate alleged China hack of Microsoft cloud tools U.S. Hunts Chinese Malware That Could Disrupt American Military Operations - The New York Times Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica John Hultquist🌻 on Twitter: "We found this actor in land, air, and sea transportation targets which could be leveraged for a serious disruption to logistics." / X China accuses U.S. of hacking earthquake monitoring equipment Exclusive: Pentagon Investigates ‘Critical Compromise’ Of Air Force Communications Systems CISA: Ivanti hacks targeting Norway began in April US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’ | TechCrunch Ivanti warns of second vulnerability used in attacks on Norway gov’t Andrew Morris on Twitter: "Exploitation of Ivanti EPMM (MobileIron Core) CVE-2023-35078 is currently popping off https://t.co/tkRoWqvtv1 https://t.co/XOaWEZ3U3X" / X Trail of Bits | Products US contractor says info of up to 10 million leaked in MOVEit breach British ambulances unable to access patient records system following cyberattack Valid account credentials are behind most cyber intrusions, CISA finds | Cybersecurity Dive An Unexpected Endorsement for WebAuthn | Okta Security SEC votes to overhaul disclosure rules for material cyber events | Cybersecurity Dive White House unveils ‘whole of society’ push to expand cybersecurity workforce Section 702 surveillance powers are necessary, but FBI access needs limits, panel says The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' | WIRED Kazakhstan refuses to extradite detained Russian cyber expert to US Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED Cloud company assisted 17 different government hacking groups, U.S. researchers say | Reuters No evidence ransomware victims with cyber insurance pay up more often, UK report says ‘Worm-like’ botnet malware targeting popular Redis storage tool Hackers are infecting Call of Duty players with a self-spreading malware | TechCrunch Bug in Minecraft mods allows hackers to exploit players' devices
Feature interview: Australia's Cyber Security Minister Clare O'Neil
In this interview Patrick Gray speaks to Australia’s Home Affairs and Cyber Security Minister Clare O’Neil and NCSC founding director Ciaran Martin about the government’s upcoming cybersecurity strategy, releasing the hounds and more.
Feature interview: Australia's Cyber Security Minister Clare O'Neil
In this interview Patrick Gray speaks to Australia’s Home Affairs and Cyber Security Minister Clare O’Neil and NCSC founding director Ciaran Martin about the government’s upcoming cybersecurity strategy, releasing the hounds and more.
Risky Business #714 -- Microsoft vs Wiz: pistols at dawn
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The dust-up between Microsoft and Wiz MobileIron/Ivanti 0day hoses Norwegian government agencies That’ll do TETRA, that’ll do… Microsoft finally agrees to offer decent logging without price gouging Much, much more This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes Hackers exploited Ivanti zero-day to breach Norway’s government Citrix zero day exposes critical infrastructure, one provider hit | Cybersecurity Dive Interview with the ETSI Standards Organization That Created TETRA "Backdoor" Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios Microsoft attackers may have data access beyond Outlook, researchers warn | Cybersecurity Dive Risky Biz News: Microsoft feels the heat, gives customers access to more cloud security logs Risky Biz News: JumpCloud compromised by APT group North Korean hackers breached a US tech company to steal crypto | Reuters North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says Latest North Korean hack targeting cryptocurrency shows troubling evolution, experts say | CyberScoop White House secures safety commitments from 7 AI companies | Cybersecurity Dive Renewable technologies add risk to the US electric grid, experts warn | CyberScoop Statement on Labor’s rush to renewables leaves Australia vulnerable to catastrophic cyber attack Zenbleed Firmware vulnerabilities in millions of computers could give hackers superuser status | Ars Technica Satellites Are Rife With Basic Security Flaws | WIRED Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says Apple issues third mobile OS update after zero-click spyware campaign | CyberScoop Apple slams UK surveillance-bill proposals - BBC News Bill that Would Stop the Government Buying Data Without a Warrant Passes Key Hurdle Kevin Mitnick Obituary - Las Vegas, NV
Risky Business #714 -- Microsoft vs Wiz: pistols at dawn
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The dust-up between Microsoft and Wiz MobileIron/Ivanti 0day hoses Norwegian government agencies That’ll do TETRA, that’ll do… Microsoft finally agrees to offer decent logging without price gouging Much, much more This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Risky Biz Soap Box: BEC actors embrace LLMs to attack Japan
This Soap Box edition of the podcast is sponsored by Proofpoint. Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet. That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC. So, with that in mind, what role could large language models play in email security? Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.
Risky Biz Soap Box: BEC actors embrace LLMs to attack Japan
This Soap Box edition of the podcast is sponsored by Proofpoint. Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet. That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC. So, with that in mind, what role could large language models play in email security? Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.
Risky Business #713 -- Microsoft activates PR weasels after State Department hack
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Microsoft’s weasel-word response to the State Department email hack JumpCloud got owned, maybe by DPRK Citrix 0day is getting stuff rekt Two more spyware firms sanctioned by USA Scammers list fake phone numbers for major airlines on Google Maps Much, much more This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes China-based hackers breach email accounts at State Department Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant Hackers target Pakistani government, bank and telecom provider with China-made malware Risky Biz News: JumpCloud compromised by APT group Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity Two more foreign spyware firms blacklisted by US Phone numbers for airlines listed on Google directed to scammers By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success… https://t.co/fAcrYhT696" / Twitter FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive Fed ends Capital One breach-related enforcement action | Cybersecurity Dive Norwegian Refugee Council hit by cyberattack Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says Albania’s PM complains US is not providing country with cyberdefense funds VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL Genesis Market sold to anonymous buyer despite FBI disruption
Risky Business #713 -- Microsoft activates PR weasels after State Department hack
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: Microsoft’s weasel-word response to the State Department email hack JumpCloud got owned, maybe by DPRK Citrix 0day is getting stuff rekt Two more spyware firms sanctioned by USA Scammers list fake phone numbers for major airlines on Google Maps Much, much more This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes China-based hackers breach email accounts at State Department Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts | Cybersecurity Dive Microsoft takes pains to obscure role in 0-days that caused email breach | Ars Technica Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant Hackers target Pakistani government, bank and telecom provider with China-made malware Risky Biz News: JumpCloud compromised by APT group Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns | Ars Technica CISA warns of dangerous Rockwell industrial bug being exploited by gov’t group Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products | Cybersecurity Dive CISA gives US civilian agencies until August 1 to resolve four Microsoft vulnerabilities Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service White House unveils consumer labeling program to strengthen IoT security | Cybersecurity Dive Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity Two more foreign spyware firms blacklisted by US Phone numbers for airlines listed on Google directed to scammers By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails Itamar Golan 🤓 on Twitter: "A malicious LLM-based tool known as WormGPT 🪱 is rapidly gaining traction in underground forums. This tool empowers attackers to automate sophisticated phishing and BEC (Business Email Compromise) attacks, leveraging personalized fake emails to significantly enhance success… https://t.co/fAcrYhT696" / Twitter FCC chair proposes $200M investment to boost K-12 cybersecurity | Cybersecurity Dive Fed ends Capital One breach-related enforcement action | Cybersecurity Dive Norwegian Refugee Council hit by cyberattack Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says Albania’s PM complains US is not providing country with cyberdefense funds VirusTotal: Datenleck offenbart Kunden der Google-Sicherheitsplattform - DER SPIEGEL Genesis Market sold to anonymous buyer despite FBI disruption
Risky Business #712 -- The 336,000 undead Fortigates of DOOM
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The SEC is targeting SolarWinds executives UK to make banks liable for fraud NSA issues advice on UEFI trojan Microsoft blocks 100+ dodgy drivers The US IC knew what Prihozhin was up to. But what FSB doing? Much, much more This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop Major Japanese port suspends operation following ransomware attack Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive Chinese state-backed hackers accidentally infected a European hospital with malware Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica CISA says latest VMware analytics bug being exploited MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop Hackers claim to take down Russian satellite communications provider Russian railway site allegedly taken down by Ukrainian hackers Several US states investigating ‘SiegedSec’ hacking campaign Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop Hacktivists steal government files from Texas city Fort Worth | TechCrunch Belarusian hacktivists сlaim to breach country’s leading state university British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow More than 6,500 arrested since French and Dutch police’s EncroChat hack BreachForums seized by FBI three months after arrest of alleged admin BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop Genesis Market gang tries to sell platform after FBI disruption Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive CSI_BlackLotus_Mitigation_Guide.PDF Hacks targeting British exam boards raise fears of students cheating More than $125 million taken from crypto platform Multichain Twitter’s chaotic weekend of outages and rate limits leaves more questions than answers Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica
Risky Business #712 -- The 336,000 undead Fortigates of DOOM
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover: The SEC is targeting SolarWinds executives UK to make banks liable for fraud NSA issues advice on UEFI trojan Microsoft blocks 100+ dodgy drivers The US IC knew what Prihozhin was up to. But what FSB doing? Much, much more This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing. Show notes SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation | Cybersecurity Dive While Australian banks refuse most scam victims refunds, the UK is making them mandatory - ABC News New law could allow GCHQ to monitor UK internet logs in real-time to tackle fraud Federal incentives could help utilities overcome major cybersecurity hurdle: money | CyberScoop Major Japanese port suspends operation following ransomware attack Petro-Canada reports service restoration after suspected Suncor breach | Cybersecurity Dive Chinese state-backed hackers accidentally infected a European hospital with malware Hackers exploit gaping Windows loophole to give their malware kernel access | Ars Technica 336,000 servers remain unpatched against critical Fortigate vulnerability | Ars Technica CISA says latest VMware analytics bug being exploited MOVEit vulnerability snags almost 200 victims, more expected | Cybersecurity Dive Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica U.S. intelligence learned in mid-June Prigozhin was plotting uprising - The Washington Post Russian election-meddling ‘troll factory’ reportedly shut down after Wagner revolt Russian telecom confirms hack after group backing Wagner boasted about an attack | CyberScoop Hackers claim to take down Russian satellite communications provider Russian railway site allegedly taken down by Ukrainian hackers Several US states investigating ‘SiegedSec’ hacking campaign Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems | CyberScoop Hacktivists steal government files from Texas city Fort Worth | TechCrunch Belarusian hacktivists сlaim to breach country’s leading state university British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison | WIRED Russian cyber expert arrested in Kazakhstan, triggering a showdown between US and Moscow More than 6,500 arrested since French and Dutch police’s EncroChat hack BreachForums seized by FBI three months after arrest of alleged admin BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop Genesis Market gang tries to sell platform after FBI disruption Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn | Cybersecurity Dive CSI_BlackLotus_Mitigation_Guide.PDF Hacks targeting British exam boards raise fears of students cheating More than $125 million taken from crypto platform Multichain Twitter’s chaotic weekend of outages and rate limits leaves more questions than answers Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica
Risky Biz Soap Box: Defeating Living of the Land
In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land. The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques. So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware? Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.
Risky Biz Soap Box: Defeating Living of the Land
In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land. The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques. So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware? Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.