Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 1327
Reviews: 3


 Aug 1, 2021

Anders
 Jul 13, 2020


 Oct 10, 2018

Description

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #669 -- Finally, an ICS attack that made stuff explode!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Activists who are totally not Israeli military hackers make Iranian steel mills firebally
  • Chinese APT crews use ransomware to muddy attribution
  • Attackers are now ransoming cloud access
  • Chinese APTs using building control systems for persistence and stealth
  • USA, UK and NZ govts issue PowerShell advice
  • Much, much more

This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Jun 29, 2022
Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery.

If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions.

But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

Jun 26, 2022
Risky Business #668 -- Microsoft is hiding its Azure security problems

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Paige Thompson guilty of Capital One hack
  • Microsoft is hiding serious Azure security issues
  • New Australian government lobbying for Julian Assange
  • How to ransomware documents in the cloud
  • Microsoft stops Windows 10/11 downloads in Russia
  • Belarusian cyber partisans obtain spy agency’s audio recordings
  • Much, much more

This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Jun 22, 2022
Risky Business #667 -- "Shields Up" for cyber's forever war

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • “Shields Up” advice is now provably meaningless
  • Russia to ditch offshore comms apps like WhatsApp
  • Evil Corp’s Lockbit sanctions evasion attempt backfires
  • Binance is a cesspit of shady financial dealings
  • Apple’s passkey release foreshadows FIDO mass adoption
  • Much, much more

This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Jun 13, 2022
Risky Business #666 -- The msdt RTF of DOOM

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • The msdt/office lolbinapalooza
  • Microsoft to introduce sensible defaults to Azure
  • Twitter fined $150m for sms 2fa spam
  • It turns out npm got owned in that Heroku/Travis CI thing
  • AWS cred-stealing supply chain attack was research your honour, I swear!
  • Much, much more

We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

May 31, 2022
Risky Business -- #665 You can ransomware whole countries now

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Conti’s war against Costa Rica
  • DoJ revises CFAA guidance
  • Naughty kids get access to DEA portal
  • A look at a Russian disinfo tool
  • PyPI and PHP supply chain drama
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

May 25, 2022
SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns

The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here.

May 20, 2022
Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you

In this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations against exotic threats when, really, the trifecta of ransomware, BEC and staff being careless with data are the thing that will sink them.

May 18, 2022
Risky Business #664 -- The Spanish Prime Minister got Pegasus'd

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Spanish PM’s phone infected by Pegasus
  • Microsoft drops Ukraine research report
  • We can’t make heads or tails out of the FBI’s transparency report
  • France hit with coordinated fibre sabotage campaign
  • Why Musk’s algorithm pledge is meaningless
  • Much, much more

This week’s sponsor interview is with ExtraHop Networks’ CEO Patrick Dennis. He’s joining us this week to talk about how you can turn “Shield’s Up!” advice into something actionable.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

May 04, 2022
Risky Business #663 -- Israel cracks down on spyware exports

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Israel Ministry of Defence is denying a lot of spyware export licences
  • Private detective in New York pleads guilty over BellTroX shenanigans
  • Scammers enrol stolen credit cards into Apple Pay
  • The Blackcat ransomware crew is very active right now
  • VirusTotal shells lol
  • Much, much more

This week’s sponsor interview is with Okta’s Brett Winterford, who talks in detail about the company’s brush with the Lapsus$ hacking crew. It’s unusual for a sponsor interview to be a must listen, but here we are.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Apr 27, 2022
Risky Business #662 -- It's a bad month to be an electricity grid

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including:

  • Ukraine foils Russian ICS hack
  • US Government burns someone’s ICS toolkit
  • China gets all up in India’s energy gridz
  • The Heroku/Hithub/Travis CI story is very confusing
  • US DOJ removes GRU malware from Watchguard boxes under Rule 41
  • North Korea behind $540m crypto hack
  • Much, much more

This week’s sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They’ll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator.

Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that’s your thing.

Show notes

Apr 21, 2022
Snake Oilers: Vectra, Google Security and SecureStack

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  • Kevin Kennedy from Vectra talks about the company’s cloud native detection – it crunches stuff like CloudTrail and AzureAD logs and correlates it with network event information
  • Paul McCarty from SecureStack on its software composition analysis and “SBOM plus” tool
  • Google Cloud’s Anton Chuvakin talks about cloud-based SIEMs like Chronicle
Apr 13, 2022
Risky Business #661 -- Viasat hack details firm up

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Why Spring4Shell isn’t all hype
  • How Viasat actually got owned
  • Russian war crimes likely extend to coercing sysadmis
  • Why lighter fluid and a box of matches is more effective than cyber in Belarus
  • Much, much more

This week’s sponsor interview is with Bernard Brantley, Corelight’s Chief Information Security Officer.

Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It’s based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing.

And they’ve just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Apr 06, 2022
Snake Oilers: PentesterLab, AttackForge and Sysdig

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

  • Upskill your testers and developers with PentesterLab for US$20 a month
  • Manage penetration tests and reporting with AttackForge
  • How Sysdig can help herd your container cats (vuln management and detection for container environments)
Apr 04, 2022
Risky Business #660 -- Lapsus$ arrests, latest on Okta incident

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Some arrests of suspected Lapsus$ members in the UK
  • Why the Okta incident is probably a fizzer
  • Four FSB officers indicted over Triton/Trisis malware
  • Kim Zetter interviewed Intrusion Truth
  • Australian government to upsize ASD
  • Wave bye bye to Finfisher
  • Much, much more

This week’s sponsor interview is with Mike Wiacek from Stairwell.

Stairwell makes a product that catalogues the files in your environment and lets you slice and dice that data. That makes threat hunting pretty easy and Mike is joining the show this week to talk about why organisations of all stripes should be doing threat hunting.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Mar 30, 2022
Risky Biz Soap Box: Why allowlisting is ready for prime time

Airlock Digital co-founders Daniel Schell and Dave Cottingham join host Patrick Gray to talk about:

  • What an effective allowlisting program looks like
  • Why the third party allowlisting industry failed the first time
  • What you can achieve with Microsoft tooling versus specialist tools
  • How much effort is involved to do this right
Mar 24, 2022
Risky Business #659 -- Okta and Microsoft meet LAPSUS$

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Okta’s somewhat awful comms around its LAPSUS$ incident
  • Inside Microsoft’s brush with the same group
  • How Elon Musk’s Starlink service is being used to drop bombs on Russian tanks
  • US, UK governments warn of impending Russian cyberdoom
  • Much, much more…

This week’s sponsor interview is with Paul Lanzi, co-founder of Remediant. Paul joins the show this week to talk about cyber insurance. It’s a topic that has come up a lot for us lately – ransomware has borderline sunk the current cyber insurance model as payments ballooned and payouts made a lot of insurers adjust premiums to the. But all is not lost – Paul says this blowup means the insurance industry is actually adapting and could wind up being a driver of better security practices.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Mar 23, 2022
Risky Business #658 -- Germany sounds alarm on Kaspersky software

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

  • Germany issues stark warning to Kaspersky users
  • Ukraine SATCOM hack keeps getting more interesting
  • Russia to spin up its own CA, but it’s not what it seems
  • Why the ransomware threat could get worse, then better
  • Much, much more

This week’s show is brought to you by Fastly. Kelly Shortridge, Fastly’s Senior Principal Product Technologist, joins the show this week to tell us what modern security actually looks like. Kelly is always fascinating so we were thrilled she was in the sponsor chair this week.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Mar 16, 2022
Risky Business #657 -- Belarus targets refugee data

On this week’s show Patrick Gray, Brian Krebs and Adam Boileau discuss the week’s security news, including:

  • The Contileaks latest
  • Belarus targeted refugee data. Was it behind the ICRC hack?
  • How APT41 hacked America’s livestock
  • SATCOM hack in Ukraine may bode ill for Musk
  • Much, much more

Material Security’s co-founder Ryan Noon is this week’s sponsor guest. He joins the show to talk about a few things, how the building blocks for a whole new generation of security tooling – like large-scale data crunching tech – is now just available off the shelf. He also talks us through an integration Material has done with a groovy new SOAR platform called Tines.

Links to everything we discussed – and a YouTube demo of Material’s technology – are below.

Show notes

Mar 09, 2022
Risky Business #656 – We expected a cyberwar but got an infowar

On this week’s show Patrick Gray, Dmitri Alperovitch and Adam Boileau discuss the week’s security news, including:

  • We expected a cyberwar but got an information war
  • People with SDR kits are doing SIGINT in Ukraine
  • Conti has imploded and it’s hilarious
  • Much, much more

This week’s show is brought to you by Proofpoint. Sherrod DeGrippo, Proofpoint’s Vice President of Threat Research and Detection is this week’s sponsor guest. She joins us to talk about how there isn’t really any magic advice she can dispense to protect customers from Russian attacks.

There are some show notes below, but they’re not exhaustive.

Show notes

Mar 03, 2022