Risky Business Podcast By Patrick Gray cover art

Risky Business

Risky Business

By: Patrick Gray
Listen for free

About this listen

 Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2025 Politics & Government
Episodes
  • Soap Box: AI has entered the SOC, and it ain't going anywhere

    Soap Box: AI has entered the SOC, and it ain't going anywhere
    Jun 16 2025

    In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.

    The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?

    This episode is also available on Youtube.

    Show notes
      Show more Show less
      31 mins
    • Risky Business #795 -- How The Com is hacking Salesforce tenants

      Risky Business #795 -- How The Com is hacking Salesforce tenants
      Jun 11 2025
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: New York Times gets a little stolen Russian FSB data as a treatiVerify spots possible evidence of iOS exploitation against the Harris-Walz campaignResearcher figures out a trick to get Google account holders’ full names and phone numbersMajor US food distributor gets ransomwaredThe Com’s social engineering of Salesforce app authorisations is a harbinger of our future problemsAustralian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar. This week’s episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta’s Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst. This episode is also available on Youtube. Show notes How The Times Obtained Secret Russian Intelligence Documents - The New York TimesUkraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future NewsHarris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm saysiVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone | The Record from Recorded Future NewsItalian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunchAndroid chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunchCellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoopApple Gave Governments Data on Thousands of Push NotificationsA Researcher Figured Out How to Reveal Any Phone Number Linked to a Google AccountBruteforcing the phone number of any Google userAcreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future NewsBidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future NewsNHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future NewsMajor food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future NewsKettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future NewsHackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Diveshubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / XRoss Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIREDAustralian navy ship causes radio and internet outages to parts of New Zealand
      Show more Show less
      1 hr and 8 mins
    • Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242

      Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
      Jun 4 2025

      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

      • Cyber firms agree to deconflict and cross-reference hacker group names
      • Russian nuclear facility blueprints gathered from public procurement websites
      • Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
      • Germany identifies the Trickbot kingpin
      • Google spots China’s MSS using Calendar events for malware C2
      • Meta apps abuse localhost listeners to track web sessions.

      This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.

      This episode is also available on Youtube.

      Show notes
      • 'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters
      • Ukraine's Massive Drone Attack Was Powered by Open Source Software
      • Massive security breach: Russian nuclear facilities exposed online
      • How a Spyware App Compromised Assad’s Army - New Lines Magazine
      • Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ
      • Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News
      • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security
      • Top counter antivirus service disrupted in global takedown | CyberScoop
      • Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED
      • Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News
      • Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive
      • Coinbase breach linked to customer data leak in India, sources say | Reuters
      • US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News
      • NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News
      • ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News
      • Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
      • Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica
      • An Open Letter to Third-Party Suppliers
      Show more Show less
      58 mins
    adbl_web_global_use_to_activate_webcro805_stickypopup
    No reviews yet