Episodes

  • Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems

    Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems
    Feb 5 2025
    On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: DeepSeek leaves an unauthed database on the internetRussia hacked UK prime minister’s personal mailAustralia sanctions a Telegram group… which is more sensible than it soundsMedical device backdoor turns out to be just poorly thought out upgrade featureGoogle abuses weak hashing to patch AMD CPU microcodeAnd much, much more. This week’s episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers’ abuse of legitimate services like Docusign is a challenge for email security vendors. This episode is also available on Youtube. Show notes Exclusive: Musk aides lock workers out of OPM computer systems | ReutersWiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz BlogКриптостилер SparkCat в магазинах Google Play и App Store | SecurelistRussian hackers suspected of compromising British PM’s personal email account | The Record from Recorded Future NewsPowerSchool hack: missed basic security step resulted in data breachAustralia sanctions ‘Terrorgram’ white supremacist online group | The Record from Recorded Future News‘Paid actors’ could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The GuardianInterview with James Glenday, ABC News Breakfast | Australian Minister for Foreign AffairsWhatsApp says spyware company Paragon Solutions targeted journalistsSpyware maker Paragon confirms US government is a customer | TechCrunchFormer Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future NewsSweden releases suspected ship, says cable break ‘clearly’ not sabotage | The Record from Recorded Future NewsBackdoor found in two healthcare patient monitors, linked to IP in ChinaAttackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity DiveAMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars TechnicaA method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UKLiving Off the Land: Credential Phishing via Docusign abuseLiving Off the Land: Callback Phishing via Docusign commentB2B freight-forwarding scams on the rise to evade financial fraud crackdownsCallback phishing via invoice abuse and distribution list relaysEnhanced message groups: Improving efficiency in email incident response
    Show more Show less
    56 mins
  • Risky Business #777 -- It's SonicWall's turn

    Risky Business #777 -- It's SonicWall's turn
    Jan 29 2025

    Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

    • Sonicwall firewalls hand out remote code exec like candy
    • Mastercard make a slapstick-grade mistake with their DNS
    • The data breach at PowerSchool and other niche SaaS providers
    • Academic research proposes taking down Europe’s power grid
    • Apple CPUs get a new speculative execution side channel
    • And much, much more.

    This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.

    This episode is also available on Youtube.

    Show notes
    • SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive
    • MasterCard DNS Error Went Unnoticed for Years – Krebs on Security
    • Data breach hitting PowerSchool looks very, very bad - Ars Technica
    • OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks’ | The Record from Recorded Future News
    • Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News
    • UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News
    • Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News
    • Researchers say new attack could take down the European power grid - Ars Technica
    • At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News
    • BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News
    • Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica
    • Apple fixes zero-day flaw affecting all devices | TechCrunch
    • I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
    • Government websites vanish under Trump, from the Constitution to DEI
    • Trail of Bits: Director, Technical Marketing
    • Push Security: Security Researcher (remote in the USA)
    • A new class of phishing: Verification phishing and cross-IdP impersonation
    Show more Show less
    51 mins
  • Risky Business #776 -- Trump will flex American cyber muscles

    Risky Business #776 -- Trump will flex American cyber muscles
    Jan 22 2025
    Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss: The incoming Trump administration guts the CSRBBiden’s last cyber Executive Order has sensible things in itChina’s breach of the US Treasury gets our reluctant admirationRoss Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardonNew year, same shameful comedy Forti- and Ivanti- bugsUS soldier behind the Snowflake hacks faces charges after a solid Krebs-ingAnd much, much (much! after a month off) more. This week’s episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you’ve got a telco full of unix, and people are asking how much Salt Typhoon you’ve got in there… Sandfly’s tools are probably what you’re looking for. If you like your Business like us… - Risky - then we’re hiring! We’re looking for someone to help with audio and video production for our work, manage our socials, and if you’re also into the Cybers… even better. Position is remote, with a preference for timezones amenable to Australia/NZ. Drop us a line: editorial at risky.biz. This episode is also available on Youtube. Show notes POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisersTreasury’s sanctions office hacked by Chinese government, officials say Strengthening America’s Resilience Against the PRC Cyber Threats | CISAAT&T, Verizon say they evicted Salt Typhoon from their networksRisky Bulletin: Looking at Biden's last cyber executive order - Risky BusinessInternet-connected devices can now have a label that rates their security | ReutersUS sanctions prominent Chinese cyber company for role in Flax Typhoon attacksFCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense billCIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoopTrump tells Justice Department not to enforce TikTok ban for 75 daysJudge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future NewsUnpacking WhatsApp’s Legal Triumph Over NSO Group | LawfareTime to check if you ran any of these 33 malicious Chrome extensionsConsole Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic WolfOngoing attacks on Ivanti VPNs install a ton of sneaky, well-written malwareResearchers warn of active exploitation of critical Apache Struts 2 flaw DOJ deletes China-linked PlugX malware off more than 4,200 US computersRussian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future NewsUkraine restores state registers after suspected Russian cyberattack | The Record from Recorded Future NewsHackers claim to breach Russian state agency managing property, land records | The Record from Recorded Future NewsU.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
    Show more Show less
    1 hr and 4 mins
  • Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser

    Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser
    Dec 20 2024

    In this sponsored Soap Box edition of the show Patrick Gray talks to Island CEO Michael Fey about some of the cool tricks in the Island enterprise browser. You can use it to tick off so many compliance boxes, and not just cybersecurity boxes.

    This is largely a conversation about compliance, but it’s actually interesting and fun. These are words we never thought we’d type!

    You can find Island at https://island.io/

    This episode is also available on Youtube.

    Show notes
      Show more Show less
      27 mins
    • Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

      Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint
      Dec 18 2024

      On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

      • The SEC’s cyber incident reporting isn’t very exciting after all
      • China Telecom on the way to being thrown out of the US
      • The NSA/Cybercom might get two separate hats
      • The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks
      • (Yet another) File upload bug in Struts makes Java admins weep
      • And much, much more.

      This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they’re not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps’ Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing.

      This episode is also available Youtube.

      Show notes
      • SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive
      • US senators, green groups call for accountability over hacking of Exxon critics | Reuters
      • Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times
      • Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News
      • EU opens investigation into TikTok and the Romanian election – POLITICO
      • Clop ransomware claims responsibility for Cleo data theft attacks
      • CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News
      • CVE-2024-55956 | AttackerKB
      • Apache issues patches for critical Struts 2 RCE bug • The Register
      • Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News
      • Israeli spyware firm Paragon acquired by US investment group, report says | Reuters
      • How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security
      • Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop
      • Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News
      Show more Show less
      1 hr and 1 min
    • Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations

      Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations
      Dec 13 2024

      In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOne’s Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations.

      They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of China’s Ministry of State Security and People’s Liberation Army.

      It’s a very dense hour of conversation!

      This podcast was recorded in front of an audience at the Museum of Contemporary Art in Sydney.

      This episode is also available on Youtube.

      Show notes
        Show more Show less
        50 mins
      • Risky Business #774 -- Cleo file transfer appliances under widespread attack

        Risky Business #774 -- Cleo file transfer appliances under widespread attack
        Dec 11 2024
        On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Cleo file transfer products have a remote code exec, here we go again!Snowflake phases out password-based authChinese Sophos-exploit-dev company gets sanctionedRomania’s election gets rolled back after Tiktok changed the outcomeAMD’s encrypted VM tech bamboozled by RAM with one extra address bitSome cool OpenWRT researchAnd much, much more. This week’s episode is sponsored by Thinkst, who love sneaky canary token traps. Jacob Torrey previews an upcoming Blackhat talk filled with interesting operating system tricks you can use to trigger canaries in your environment. You wont believe the third trick! Attackers hate him! This episode is also available on Youtube. Show notes Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 | HuntressBlue Yonder investigating data leak claim following ransomware attack | Cybersecurity DiveSnowflake to phase out single-factor authentication by late 2025 | Cybersecurity DiveTreasury Sanctions Cybersecurity Company Involved in Compromise of Firewall Products and Attempted Ransomware Attacks | U.S. Department of the TreasuryAnother teenage hacker charged as feds continue Scattered Spider crackdown | The Record from Recorded Future NewsGermany arrests suspected admin of country’s largest criminal marketplace | The Record from Recorded Future NewsFCC, for first time, proposes cybersecurity rules tied to wiretapping law | CyberScoopRussian state hackers abuse Cloudflare services to spy on Ukrainian targets | The Record from Recorded Future NewsCloudflare’s pages.dev and workers.dev Domains Increasingly Abused forRomania annuls presidential election over alleged Russian interference | The Record from Recorded Future NewsEU demands TikTok 'freeze and preserve data' over alleged Russian interference in Romanian elections | The Record from Recorded Future NewsResearch Note: Meta’s Role in Romania’s 2024 Presidential Election - CheckFirstKey electricity distributor in Romania warns of ‘cyber attack in progress’ | The Record from Recorded Future NewsBackdoor slipped into popular code library, drains ~$155k from digital wallets - Ars TechnicaAMD’s trusted execution environment blown wide open by new BadRAM attack - Ars TechnicaNew dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader – PT SWARMTelegram partners with child safety group to scan content for sexual abuse materialApple hit with $1.2B lawsuit after killing controversial CSAM-detecting tool - Ars TechnicaCompromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security ResearchHow do I turn on the Do Not Track feature? | Firefox Help
        Show more Show less
        1 hr and 2 mins
      • Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered

        Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered
        Dec 8 2024

        In this interview Patrick Gray talks to Yubico’s COO and President Jerrod Chong about a new Yubikey feature: pre-registration.

        You can now ship pre-registered Yubikeys to your staff so you don’t need to rely on your staff to enrol them. They’ve achieved this with really slick Okta and Entra ID integrations.

        Jerrod also talks about a recent trip to Singapore and concerns he has about the cybersecurity of critical infrastructure in the energy sector.
        Show more Show less
        30 mins