Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Player FM - Internet Radio Done Right
36 subscribers
Checked 4d ago
추가했습니다 four 년 전
Risky.biz and Patrick Gray에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Risky.biz and Patrick Gray 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Risky Biz와 비슷한 콘텐츠
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
2k
2k
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Babbage is our weekly podcast on science and technology, named after Charles Babbage—a 19th-century polymath and grandfather of computing. Host Alok Jha talks to our correspondents about the innovations, discoveries and gadgetry shaping the world. Published every Wednesday. If you’re already a subscriber to The Economist, you’ll have full access to all our shows as part of your subscription. For more information about Economist Podcasts+, including how to get access, please visit our FAQs pa ...
…
continue reading
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Technical interviews about software topics.
…
continue reading
The Jacaranda FM News team is based in Gauteng – but covers local and international news of the day, providing the latest developments online and on-air. News bulletins run from 5am to 7pm weekdays, and from 7am to 6pm on weekends and public holidays. Tune into Jacaranda FM, or log on to www.jacarandafm.com, for the news you need to know.. now.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
If you’re reading this, chances are you’re not an undecided voter. But if you don’t want Donald Trump to become president again, between now and November you’ll need to convince as many as you can to cast their ballot for Joe Biden. With the help of some of the smartest strategists, pollsters, and organizers in politics today, host Jon Favreau explores the minds of voters who will decide the 2024 election, and gives you everything you need to persuade the persuadables in your life. Season 4 ...
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Daily Deals
들어볼 가치가 있는 팟캐스트
스폰서 후원
I think you could probably go back and track the stages of grief, probably that is what I went through. But I think if you do it right, you end up at acceptance. And that's where I ended up. And that's not to say that I've fully accepted the idea that the golden toad is extinct. Personally, I do still hold out hope that it could still be out there in those forests." - Trevor Ritland This conversation is with Trevor Ritland, who—along with his twin brother Kyle—authored The Golden Toad . The book chronicles their remarkable journey into Costa Rica’s cloud forest, once home to hundreds of brilliant golden toads that would emerge for just a few weeks each year—until, one day, they vanished without a trace. What began as a search for a lost species soon became something much more profound: a confrontation with ecological grief, a meditation on hope, and a powerful call to protect the natural world while we still can. Links: SpeciesUnite.com Kyle and Trevor: https://kyleandtrevor.com/ Instagram: https://www.instagram.com/adventureterm/ Goodreads - https://www.goodreads.com/book/show/222249677-the-golden-toad Amazon - https://www.amazon.com/Golden-Toad-Ecological-Mystery-Species/dp/163576996…
Risky Biz
모두 재생(하지 않음)으로 표시
Manage series 3234705
Risky.biz and Patrick Gray에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Risky.biz and Patrick Gray 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
…
continue reading
129 에피소드
공유
모두 재생(하지 않음)으로 표시
Manage series 3234705
Risky.biz and Patrick Gray에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Risky.biz and Patrick Gray 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
…
continue reading
129 에피소드
ทุกตอน
×
R
Risky Biz
1 Risky Business #799 -- Everyone's Sharepoint gets shelled 1:13:55
1:13:55 
나중에 재생 
나중에 재생 
리스트 
좋아요 
좋아요1:13:55
나중에 재생 나중에 재생 리스트 좋아요 좋아요Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’) Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube . Show notes Update on DOD’s cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years…
R
Risky Biz
1 Risky Biz Soap Box: Prowler, the open cloud security platform 32:08
32:08 나중에 재생 나중에 재생 리스트 좋아요 좋아요32:08
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler. Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform. This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses 1:02:19
1:02:19 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:02:19
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ing Microsoft works towards blunting the next CrowdStrike disaster Changes are coming for Microsoft’s default enterprise app consenting setup Synology downplays hardcoded passwords for its M365 cloud backup agent The next Citrix Netscaler memory disclosure looks nasty Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses This week’s episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments. This episode is also available on Youtube . Show notes Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive (384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero AT&T deploys new account lock feature to counter SIM swapping | CyberScoop Iran-linked hackers threaten to release Trump aides' emails | Reuters US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop US, French authorities confirm arrest of BreachForums hackers | TechCrunch Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News…
R
Risky Biz
1 Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators 1:02:16
1:02:16 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:02:16
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with this hacker crap Shockingly, there are yet more ways to trick people into pasting commands into Windows Veeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper. This episode is also available on Youtube . Show notes No, the 16 billion credentials leak is not a new data breach Canadian telecom hacked by suspected China state group - Ars Technica Telecom giant Viasat breached by China's Salt Typhoon hackers WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC " / X Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X Top Pentagon spy pick rejected by White House - POLITICO DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say U.S. braces for Iran's response after overnight strikes on nuclear sites Assessing the Damage to Iran’s Nuclear Program Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times Iran's government says it shut down internet to protect against cyberattacks | TechCrunch Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2 README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog FileFix - A ClickFix Alternative | mr.d0x Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers…
R
Risky Biz
1 Risky Business #796 -- With special guest co-host Chris Krebs 1:01:04
1:01:04 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:01:04
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through: Israeli “hacktivists” take out an Iranian state-owned bank Scattered-spider and friends pivot into attacking insurers Securing identities in a cloud-first world keeps us awake at night Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software! An AI prompt injection into M365 exfils corporate data This week’s episode is sponsored by Kroll’s Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks. This episode is also available on Youtube . Show notes Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop Iran orders officials to ditch connected devices Heightened Cyberthreat Amidst Israel-Iran Conflict Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica Cyberattack on Washington Post Compromises Email Accounts of Journalists Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News A good one to talk to Chris about: Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News Advisory: Cybersecurity incident…
R
Risky Biz
1 Soap Box: AI has entered the SOC, and it ain't going anywhere 30:58
30:58 나중에 재생 나중에 재생 리스트 좋아요 좋아요30:58
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC. The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security? This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #795 -- How The Com is hacking Salesforce tenants 1:07:34
1:07:34 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:07:34
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: New York Times gets a little stolen Russian FSB data as a treat iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign Researcher figures out a trick to get Google account holders’ full names and phone numbers Major US food distributor gets ransomwared The Com’s social engineering of Salesforce app authorisations is a harbinger of our future problems Australian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar. This week’s episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta’s Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst. This episode is also available on Youtube . Show notes How The Times Obtained Secret Russian Intelligence Documents - The New York Times Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future News Harris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm says iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S. Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone | The Record from Recorded Future News Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunch Android chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch Cellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoop Apple Gave Governments Data on Thousands of Push Notifications A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account Bruteforcing the phone number of any Google user Acreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future News BidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future News NHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future News Major food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future News Kettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future News Hackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Dive shubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK " / X Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIRED Australian navy ship causes radio and internet outages to parts of New Zealand…
R
Risky Biz
1 Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242 58:22
58:22 나중에 재생 나중에 재생 리스트 좋아요 좋아요58:22
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Cyber firms agree to deconflict and cross-reference hacker group names Russian nuclear facility blueprints gathered from public procurement websites Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons Germany identifies the Trickbot kingpin Google spots China’s MSS using Calendar events for malware C2 Meta apps abuse localhost listeners to track web sessions. This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security. This episode is also available on Youtube . Show notes 'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters Ukraine's Massive Drone Attack Was Powered by Open Source Software Massive security breach: Russian nuclear facilities exposed online How a Spyware App Compromised Assad’s Army - New Lines Magazine Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security Top counter antivirus service disrupted in global takedown | CyberScoop Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive Coinbase breach linked to customer data leak in India, sources say | Reuters US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica An Open Letter to Third-Party Suppliers…
R
Risky Biz
1 Risky Business #793 -- Scattered Spider is hijacking MX records 1:04:52
1:04:52 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:04:52
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this week’s edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week’s news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutes The SVG format brings the all horrors of HTML+JS to image files, and attackers have noticed Brian Krebs eats a 6.3Tbps DDoS … ‘cause that’s how you demo your packet cannon Law enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickers Iranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guilty CISA’s leadership is fleeing in droves, even though the US needs them more than ever. This week’s episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year’s RSA conference. This episode is also available on Youtube . Show notes China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events🕊️👀 https://t.co/MOjCSMMErK " / X Ransomware hackers charged, infrastructure dismantled in international law enforcement operation | The Record from Recorded Future News Oops: DanaBot Malware Devs Infected Their Own PCs – Krebs on Security DOJ charges man allegedly behind Qakbot malware | The Record from Recorded Future News US, Europol arrest 270 dark web drug traffickers in Operation RapTor | The Record from Recorded Future News Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars | The Record from Recorded Future News Decentralized crypto platform Cetus hit with $223 million hack | The Record from Recorded Future News Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand | The Record from Recorded Future News USA: Crypto investor charged with kidnapping, torturing man in an NYC apartment Vietnam orders ban on Telegram messaging app over security concerns | The Record from Recorded Future News Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government | Reuters CISA loses nearly all top officials as purge continues | Cybersecurity Dive White House dismisses scores of National Security Council staff - The Washington Post…
R
Risky Biz
1 Risky Business #792 -- Beware, Coinbase users. Crypto thieves are taking fingers now 53:01
53:01 나중에 재생 나중에 재생 리스트 좋아요 좋아요53:01
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britain’s legal aid service gets 15 years worth of applicant data stolen Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library This week’s episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks! This episode is also available on Youtube . Show notes TeleMessage - Distributed Denial of Secrets How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED Coinbase says thieves stole user data and tried to extort $20M Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive Severed Fingers and ‘Wrench Attacks’ Rattle the Crypto Elite Money Stuff: US Debt Rates Itself | NewsletterHunt 2 massive black market services blocked by Telegram, messaging app says | Reuters Telegram Gave Authorities Data on More than 20,000 Users GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch ATO warning as hackers steal $14,000 in tax returns: ‘Be wary’ Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News 19-year-old accused of largest child data breach in U.S. agrees to plead guilty Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)…
R
Risky Biz
1 Risky Biz Soap Box: Push Security's browser-first twist on identity security 34:24
34:24 나중에 재생 나중에 재생 리스트 좋아요 좋아요34:24
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security. Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up. It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it. There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable? This is a fun one! This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #791 -- Woof! Copilot for Sharepoint coughs up creds and keys 57:52
57:52 나중에 재생 나중에 재생 리스트 좋아요 좋아요57:52
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week’s episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. This episode is also available on Youtube . Show notes Exploiting Copilot AI for SharePoint | Pen Test Partners MrBruh's Epic Blog Ransomware group Lockbit appears to have been hacked, analysts say | Reuters "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET’s birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states The organizational structure of ransomware groups is evolving rapidly. SAP NetWeaver exploitation enters second wave of threat activity China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures DOGE software engineer’s computer infected by info-stealing malware Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades FBI and Dutch police seize and shut down botnet of hacked routers Poland arrests four in global DDoS-for-hire takedown School districts hit with extortion attempts after PowerSchool breach EU launches vulnerability database to tackle cybersecurity threats Training Solo - vusec Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet PSIRT | FortiGuard Labs EPMM Security Update | Ivanti…
R
Risky Biz
1 Wide World of Cyber: How state adversaries attack security vendors 52:42
52:42 나중에 재생 나중에 재생 리스트 좋아요 좋아요52:42
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this edition of the Wide World of Cyber podcast Patrick Gray talks to SentinelOne’s Steve Stone and Alex Stamos about how foreign adversaries are targeting security vendors, including them. From North Korean IT workers to Chinese supply chain attacks, SentinelOne and its competitors are constantly fending off sophisticated hacking campaigns. This edition of the Wide World of Cyber was recorded in front of a live audience in San Francisco, with Patrick attending via Zoom. The Wide World of Cyber podcast series is a wholly sponsored co-production between SentinelOne and Risky Business Media. This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate 56:12
56:12 나중에 재생 나중에 재생 리스트 좋아요 좋아요56:12
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow. Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad After six years dormant, a Magento eCommerce platform backdoor comes to life The North Korean IT worker scam is truly webscale NSO group owes Meta $168m for hacking WhatsApp This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars? This week’s show also features an excerpt from Pat’s interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube . This episode is available on Youtube too. Show notes Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs The Signal Clone the Trump Admin Uses Was Hacked App used by Mike Waltz suspends services after hacking claims Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3 " / X Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News Co-op DragonForce cyber attack includes customer data, firm admits Co-op cyber attack: Staff told to keep cameras on in meetings Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica Microsoft’s new “passwordless by default” is great but comes at a cost - Ars Technica Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News Trump proposes major cut to CISA’s budget, citing false ‘censorship’ claims | Cybersecurity Dive NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop…
R
Risky Biz
1 BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs 49:44
49:44 나중에 재생 나중에 재생 리스트 좋아요 좋아요49:44
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about: The latest developments in the Signalgate scandal Why America needs to be more aggressive in responding to Volt Typhoon How tariffs are affecting American alliances Why the Five Eyes alliance is sacrosanct This episode is available on Youtube Show notes…
R
Risky Biz
1 Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful 1:02:31
1:02:31 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:02:31
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: British retail stalwart Marks & Spencer gets cybered South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat It’s a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then) Anti-DOGE whistleblower sure sounds like he has a point This week’s episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc’s CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems. Editors Note : Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don’t look at how fresh that AAAA record in the DNS is, friends 😉 This episode is also available on Youtube . Show notes British retailer M&S confirms being hit by ‘cyber incident’ amid store delays | The Record from Recorded Future News M&S cyber-attack linked to hacking group Scattered Spider | Marks & Spencer | The Guardian Bina Puri shares, Warrant B close sharply lower day after hacking Bina Puri, Pos Malaysia tumble following hacking incident | FMT Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts | The Record from Recorded Future News US conducts cyberattacks against major Chinese commercial encryption provider: report - Global Times Iran says major cyberattack on infrastructure repelled | Iran International Spain rules out cyber attack - but what could have caused power cut? South Korea's SK Telecom begins SIM card replacement after data breach AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security iOS and Android juice jacking defenses have been trivial to bypass for years - Ars Technica How Android 16's new security mode will stop USB-based attacks - Android Authority Researchers warn of critical flaw found in Erlang OTP SSH | Cybersecurity Dive Critical vulnerability in SAP NetWeaver under threat of active exploitation | Cybersecurity Dive CVE-2025-31324: Critical SAP Flaw Explained | Strobes Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) Risky Bulletin: NFC card malware keeps evolving in Russia, a bad omen for the future - Risky Business Media Hegseth had unsecured internet line in Pentagon for Signal, sources say | AP News Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security 2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf CISA gets a deputy director as it braces for major layoffs | Cybersecurity Dive Two top cyber officials resign from CISA | The Record from Recorded Future News Ex-CISA chief Chris Krebs leaving SentinelOne following Trump pressure | Reuters Former cyber official targeted by Trump speaks out after cuts to digital defense Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today's Adversaries | SentinelOne ZachXBT on X: "Nine hours ago a suspicious transfer was made from a potential victim for 3520 BTC ($330.7M)"…
R
Risky Biz
1 Snake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and Outflank 38:50
38:50 나중에 재생 나중에 재생 리스트 좋아요 좋아요38:50
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products: LimaCharlie : A public cloud for SecOps Honeywell Cyber Insights : An OT security/discovery solution Fortra’s CobaltStrike and Outflank : Security tooling for red teamers This episode is also available on Youtube . Show notes…
In this edition of Snake Oilers three vendors pitch host Patrick Gray on their tech: Pangea: Guardrails and security for AI agents and applications (https://pangea.cloud) Worried about your AI apps going rogue, being mean to your customers or even disclosing sensitive information? Pangea exists to address these risks. Fascinating stuff. Cosive: A threat intelligence company that can host your MISP server in AWS. CloudMISP! (https://www.cosive.com/snakeoilers) Are you running a MISP server on some old hardware under a desk in your SOC? There’s a better way! Cosive can run it for you on AWS so you can just use it instead of wrestling with maintaining it. They also do some CTI consulting to help you get better use out of MISP. Sysdig: A Linux runtime security platform (https://sysdig.com/) The modern Windows network is an all-singing, all-dancing, perfectly orchestrated, EDR-protected ballet. The modern Linux production environment… isn’t. Find out how Sysdig can help you get some visibility and control over your Linux fleet. This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #788 -- Trump targets Chris Krebs, SentinelOne 53:35
53:35 나중에 재생 나중에 재생 리스트 좋아요 좋아요53:35
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray talks to former NSA Cybersecurity Director Rob Joyce about Donald Trump’s unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne. They also talk through the week’s cybersecurity news, covering: Mitre’s stewardship of the CVE database gets its funding DOGE’d The US signs on to the Pall Mall anti-spyware agreement China tries to play the nationstate cyber-attribution game, but comedically badly Hackers run their malware inside the Windows sandbox, for security against EDR This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins to talk through the increasing sprawl of the identity ecosystem. This episode is also available on Youtube . Show notes Cybersecurity industry falls silent as Trump turns ire on SentinelOne | Reuters U.S. cyber defenders shaken by Trump's attack on their former boss Trump Revenge Tour Targets Cyber Leaders, Elections – Krebs on Security Wyden to block Trump's CISA nominee until agency releases report on telecoms’ ‘negligent cybersecurity’ | The Record from Recorded Future News Gabbard sets up DOGE-style team to cut costs, uncover intel ‘weaponization’ MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty US to sign Pall Mall pact aimed at countering spyware abuses | The Record from Recorded Future News Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America | WIRED NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups | The Record from Recorded Future News Risky Bulletin: Chinese APT abuses Windows Sandbox to go invisible on infected hosts China escalates cyber fight with U.S., names alleged NSA hackers Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Risky Bulletin: CA/B Forum approves 47-days TLS certs Ransomware in het mkb: Cybercriminelen verhogen losgeld bij cyberverzekering 4chan Is Down Following What Looks to Be a Major Hack Spurred By Meme War…
R
Risky Biz
1 Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape 43:29
43:29 나중에 재생 나중에 재생 리스트 좋아요 좋아요43:29
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this podcast, Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrow’s threat environment is going to be very different to today’s. Tune in to hear analysis from two of the best in the business! This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #787 -- Trump fires NSA director, CISA cuts inbound 53:01
53:01 나중에 재생 나중에 재생 리스트 좋아요 좋아요53:01
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them …which is a great time to discuss slashing CISA’s staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube . Show notes Oracle privately confirms Cloud breach to customers Oracle have finally issued a written notification to customers about their cybersecurity incident. Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive Trump fires numerous National Security Council staff - The Washington Post Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive Hackers Spied on US Bank Regulators’ Emails for Over a Year - Bloomberg This is how Jeffrey Goldberg got added to the Signal chat Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News Everest ransomware group’s darknet site offline following defacement | The Record from Recorded Future News On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub The DragonForce ransomware group hacked two rivals this month CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News Kill Security Campaign Targets CrushFTP Servers National Vulnerability Database | NIST Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)…
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Yes, Oracle Health and Oracle Cloud did get hacked The fallout from Signalgate continues North Korean IT workers pivot to Europe Honeypot data suggests a storm is brewing for Palo Alto VPNs Canadian Anon gets arrested for hacking Texas GOP This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit. This episode is also available on Youtube . Show notes Oracle Health breach compromises patient data at US hospitals FBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & Analysis Oracle Still Denies Breach as Researchers Persist Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity Dive Publius on X: "🚨 SIGNAL SCANDAL: Katherine Maher, the leftist NPR CEO, is currently the Chair of the Board of Signal! WHAT ARE THE ODDS? https://t.co/jWNTeAt3Jz " / X Mike Waltz Is Losing Support Inside the White House - WSJ Waltz and staff used Gmail for government communications, officials say - The Washington Post Pete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online - DER SPIEGEL Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public | WIRED You Need to Use Signal's Nickname Feature SignalGate Is Driving the Most US Downloads of Signal Ever | WIRED Wickr - Wikipedia When Getting Phished Puts You in Mortal Danger – Krebs on Security DPRK IT Workers Expanding in Scope and Scale | Google Cloud Blog How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack Defense contractor to pay $4.6 million over third-party provider’s security weakness | The Record from Recorded Future News Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats CISA warns new malware targeting Ivanti zero-day vulnerability | Cybersecurity Dive Canadian hacker arrested for allegedly stealing data from Texas Republican Party | The Record from Recorded Future News British intel intern pleads guilty to smuggling top secret data out of protected facility | The Record from Recorded Future News…
R
Risky Biz
1 Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access 30:46
30:46 나중에 재생 나중에 재생 리스트 좋아요 좋아요30:46
나중에 재생 나중에 재생 리스트 좋아요 좋아요In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors. This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #785 -- Signal-gate is actually as bad as it looks 59:05
59:05 나중에 재생 나중에 재생 리스트 좋아요 좋아요59:05
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam. This episode is also available on Youtube . Show notes The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive Researchers back claim of Oracle Cloud breach despite company’s denials | Cybersecurity Dive The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop US scraps sanctions on Tornado Cash, crypto ‘mixer’ accused of laundering North Korea money | Reuters Tornado Cash Delisting | U.S. Department of the Treasury Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News Clevo Boot Guard Keys Leaked in Update Package Six additional countries identified as suspected Paragon spyware customers | CyberScoop The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it | The Record from Recorded Future News Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News DNA of 15 Million People for Sale in 23andMe Bankruptcy…
R
Risky Biz
1 Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects 56:58
56:58 나중에 재생 나중에 재생 리스트 좋아요 좋아요56:58
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projects Why a VC fund now owns a minority stake in Risky Business Media (!?!?) China doxes Taiwanese military hackers Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave …and Google acquires Wiz for $32bn This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years. This episode is also available on Youtube . Show notes Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media China says Taiwan's military is behind PoisonIvy APT China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News 'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW ‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIRED The Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For Director White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News Telegram CEO Pavel Durov allowed to leave France amid investigation Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel…
R
Risky Biz
1 Risky Business #783 -- Evil webcam ransomwares entire Windows network 1:03:40
1:03:40 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:03:40
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice! Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline. This week’s episode is sponsored by SpecterOps, makers of the BloodHound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using BloodHound’s insight. This episode is also available on Youtube . Show notes CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security Camera off: Akira deploys ransomware via webcam Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices Alleged Co-Founder of Garantex Arrested in India – Krebs on Security 37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica What Really Happened With the DDoS Attacks That Took Down X | WIRED Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News Safe.eth on X: "Investigation Updates and Community Call to Action" / X How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support. US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security | CyberScoop U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post…
R
Risky Biz
1 Risky Business #782 -- Are the USA and Russia cyber friends now? 50:12
50:12 나중에 재생 나중에 재생 리스트 좋아요 좋아요50:12
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Did the US decide to stop caring about Russian cyber, or not? Adam stans hard for North Korea’s massive ByBit crypto-theft Cellebrite firing Serbia is an example of the system working Starlink keeps scam compounds in Myanmar running Biggest DDoS botnet yet pushes over 6Tbps This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon. This episode is also available on Youtube . Show notes Sygnia Preliminary Bybit Investigation Report Verichains Bybit Incident Investigation Preliminary Report North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News Risky Bulletin: Trump administration stops treating Russian hackers as a threat - Risky Business Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated) Russia to redeploy resources freed up by end of war in Ukraine, warns Finnish intelligence | The Record from Recorded Future News FBI urges crypto community to avoid laundering funds from Bybit hack | The Record from Recorded Future News Risky Bulletin: Cellebrite bans bad boy Serbia - Risky Business Belgium probes suspected Chinese hack of state security service | The Record from Recorded Future News Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US | The Record from Recorded Future News Elon Musk’s Starlink Is Keeping Modern Slavery Compounds Online | WIRED U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security Google Password Manager finally syncs to iOS—here’s how - Ars Technica Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms | Cybersecurity Dive Microsoft-signed driver used in ransomware attacks | Cybersecurity Dive London member of ‘Com’ network convicted of making indecent images of children | The Record from Recorded Future News Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight…
R
Risky Biz
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: North Korea pulls off a 1.5 billion dollar crypto heist Apple pulls Advanced Data Protection from the UK Black Basta ransomware gang’s internal chats leak Russians snoop on Signal with QR codes And Myanmar ships thousands of freed scam compound workers to Thailand Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she outed the NSA? This week’s episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows’ own allow-listing software to block EDR from loading. This episode is also available on Youtube . Show notes Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News CertiK - Bybit Incident Technical Analysis Hackers use ‘sophisticated’ macOS malware to steal cryptocurrency, Microsoft says | The Record from Recorded Future News EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News Sanctions: Iranians Flock to Crypto; Int'l Actions Target Russia - Chainalysis Apple turns off iCloud encryption feature in UK following reported government legal order | The Record from Recorded Future News Swedish authorities seek backdoor to encrypted messaging apps | The Record from Recorded Future News Leaked chat logs expose inner workings of secretive ransomware group - Ars Technica Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News Meta Sues Alleged Violent Extortionist For Holding Instagram Accounts Hostage Weathering the storm: In the midst of a Typhoon Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News Genea confirms cyber breach after ‘unauthorised third party’ accesses data | news.com.au — Australia’s leading news site Managed healthcare defense contractor to pay $11 million over alleged cyber failings | The Record from Recorded Future News Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News Director-General's Annual Threat Assessment 2025 | ASIO An inside look at NSA (Equation Group) TTPs from China’s lense…
R
Risky Biz
In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation. From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be? Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs. This episode is also available on Youtube . Show notes…
R
Risky Biz
1 Risky Business #780 -- ASD torched Zservers data while admins were drunk 1:00:35
1:00:35 나중에 재생 나중에 재생 리스트 좋아요 좋아요1:00:35
나중에 재생 나중에 재생 리스트 좋아요 좋아요On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Australian spooks scrubbed Medibank data off Zservers bulletproof hosting Why device code phishing is the latest trick in confusing poor users about cloud authentication Cloudflare gets blocked in Spain, but only on weekends and because of… football? Palo Alto has yet another dumb bug Adam gushes about Qualys’ latest OpenSSH vulns Enterprise browser maker Island is this week’s sponsor and Chief Customer Officer Bradon Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches. This episode is also available on Youtube . Show notes Five Russians went out drinking. When they got back, Australia had struck Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News Further cyber sanctions in response to Medibank Private cyberattack | Defence Ministers What is device code phishing, and why are Russian spies so successful at it? - Ars Technica Anyone Can Push Updates to the DOGE.gov Website Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway (Update) * TorrentFreak Palo Alto Networks warns firewall vulnerability is under active exploitation | Cybersecurity Dive Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog China’s Salt Typhoon hackers targeting Cisco devices used by telcos, universities | The Record from Recorded Future News RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED How Phished Data Turns into Apple & Google Wallets – Krebs on Security New hack uses prompt injection to corrupt Gemini’s long-term memory Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence | The Record from Recorded Future News US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News EXCLUSIVE: A Russia-linked Telegram network is inciting terrorism and is behind hate crimes in the UK – HOPE not hate Remembering David Jorm - fundraising for Mental Health research…
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
Daily Deals
Risky Biz와 비슷한 콘텐츠
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
S
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
2k2k
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Babbage is our weekly podcast on science and technology, named after Charles Babbage—a 19th-century polymath and grandfather of computing. Host Alok Jha talks to our correspondents about the innovations, discoveries and gadgetry shaping the world. Published every Wednesday. If you’re already a subscriber to The Economist, you’ll have full access to all our shows as part of your subscription. For more information about Economist Podcasts+, including how to get access, please visit our FAQs pa ...
…
continue reading
The avforums podcast brings you the latest tech, movie and gaming news, plus special features, interviews and show reports from the world of audio visual home entertainment
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Technical interviews about software topics.
…
continue reading
The Jacaranda FM News team is based in Gauteng – but covers local and international news of the day, providing the latest developments online and on-air. News bulletins run from 5am to 7pm weekdays, and from 7am to 6pm on weekends and public holidays. Tune into Jacaranda FM, or log on to www.jacarandafm.com, for the news you need to know.. now.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Tech News Briefing is your guide to what people in tech are talking about. Every weekday, we’ll bring you breaking tech news and scoops from the pros at the Wall Street Journal, insight into new innovations and policy debates, tips from our personal tech team, and exclusive interviews with movers and shakers in the industry.
…
continue reading
If you’re reading this, chances are you’re not an undecided voter. But if you don’t want Donald Trump to become president again, between now and November you’ll need to convince as many as you can to cast their ballot for Joe Biden. With the help of some of the smartest strategists, pollsters, and organizers in politics today, host Jon Favreau explores the minds of voters who will decide the 2024 election, and gives you everything you need to persuade the persuadables in your life. Season 4 ...
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
