Risky Biz Soap Box: Why your EDR won't save you
https://chtbl.com/track/383384/media3.risky.biz/soapbox76.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94701810993
https://risky.biz/soapbox76
In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll.
They talk about all sorts of things, like:
- How the ransomware ecosystem is evolving into “ma and pa” operations
- Some killer detections they’ve figured out
- What separates the good networks from the bad ones
- Why EDR is of limited value if you’re not actually monitoring it
- Why not letting MDRs do the R part of their job is really, really, really dumb
|
May 26, 2023 |
Risky Business #707 -- Inside China's information lockdown with Chris Krebs
https://chtbl.com/track/383384/media3.risky.biz/RB707.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94696982213
https://risky.biz/RB707
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Germans charge FinFisher executives
- The got FBI busted misusing 702 data
- Special guest Chris Krebs talks China, new CISA mandates and more
- New research breaks Android fingerprint auth
- Much, much more
This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
May 24, 2023 |
Risky Business #706 -- Why BlackBerry thinks Cuba ransomware is a Russian front
https://chtbl.com/track/383384/media3.risky.biz/RB706.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94682896710
https://risky.biz/RB706
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Wazawaka charged, sanctioned
- PlugwalkJoe extradited, pleads guilty
- BlackBerry thinks Cuba ransomware is a front for Russian intelligence
- Anonymous Sudan pops up in Israel
- Microsoft’s Outlook patch fail
- Much, much more
This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
May 17, 2023 |
Risky Business #705 -- USA's Turla takedown marks a shift in tactics
https://chtbl.com/track/383384/media3.risky.biz/RB705.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94669040630
https://risky.biz/RB705
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Joe Sullivan’s sentencing
- MSI key material leak
- Merck to be paid in NotPetya claim
- The FBI takes down Turla’s Snake malware operation
- Much, much more
This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
May 10, 2023 |
Snake Oilers: Resourcely, Panther and Island
https://chtbl.com/track/383384/media3.risky.biz/snakeoilers17pt2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94659135748
https://risky.biz/snakeoilers17pt2
In this edition of Snake Oilers:
- Travis McPeak pitches Resourcely’s automagic Terraform cloud-provisioning technology
- Ken Westin pitches Panther – a cloud-native SIEM developed by former practitioners
- Brian Kenyon from Island talks about the company’s enterprise browser
Enjoy!
|
May 04, 2023 |
Risky Business #704 -- Why LLMs aren't an exploit bonanza
https://chtbl.com/track/383384/media3.risky.biz/RB704.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94657505667
https://risky.biz/RB704
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Rob Joyce weighs in on AI and offsec
- Mysterious hacker doxes Russian intelligence agency bitcoin wallets
- Wired deep dives on SolarWinds
- AmeriCold food logistics giant suffers incident
- Iranian authorities roll low-tech spyware
- Much, much more
This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
May 03, 2023 |
Risky Business #703 -- Russia whines about its tech dependence on China
https://chtbl.com/track/383384/media3.risky.biz/RB703.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94653429222
https://risky.biz/RB703
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- The supply chain attack in the supply chain attack
- Russia has a China dependency problem
- Recent research into TLS resumption flaws
- Google and Intel team up on hardware hacking
- DHS will hack enterprise kit
- Much, much more
This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Apr 26, 2023 |
Snake Oilers: Socket, Teleport and Mandiant's Purple Team
https://chtbl.com/track/383384/media3.risky.biz/snakeoilers17pt1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94145871893
https://risky.biz/snakeoilers17pt1
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.
We’ll hear from three vendors in this edition of Snake Oilers:
- Socket.dev, a software supply chain product that currently deploys as a GitHub addon
- Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure
- Mandiant joins us to pitch its Purple Team engagement product
Enjoy!
|
Apr 20, 2023 |
Risky Business #702 -- 3CX: It's like SolarWinds, but stupider
https://chtbl.com/track/383384/media3.risky.biz/RB702.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
94034582233
https://risky.biz/RB702
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
- Why 3CX was the dumbest supply chain attack we’ve seen
- Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved
- How attackers are burning down cloud infrastructure
- The latest from the world of spyware
- Much, much more
This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Show notes
- Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms | WIRED
- 3CX support tells customers to investigate malware warnings themselves | Ars Technica
- North Korean hackers linked to 3CX supply-chain attack, investigation finds
- BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover | Wiz Blog
- Microsoft leads effort to disrupt illicit use of Cobalt Strike, a dangerous hacking tool in the wrong hands | CyberScoop
- MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
- CISA, Cisco highlight Russian military targeting of router vulnerabilities
- Israeli spyware software surveilling journalists, politicians
- Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch
- Israeli Spyware Maker QuaDream Closes, Fires All Employees - National Security & Cyber - Haaretz.com
- Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch
- Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch
- US commits $25 million to Costa Rica for Conti ransomware recovery
- State Department, Congress working on formal program for US cyber aid
- CISA and partners issue secure-by-design principles for software manufacturers | FedScoop
- Time to Designate Space Systems as Critical Infrastructure
- Apple’s Macs Have Long Escaped Ransomware. That May Be Changing | WIRED
- Cyber company Darktrace gets caught up in LockBit gang's apparent blunder
- Payments giant says it is investigating ransomware incident that caused POS outage
- Cyberattack causing treatment delays at Canadian hospital
- German arms manufacturer Rheinmetall confirms cyberattack
- Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme
- Police arrest almost 120 people globally following Genesis Market takedown
- FBI accessed Genesis Market's backend servers as part of takedown
- LinkedIn Verification Now Lets You Verify Your Job and Account | WIRED
- Tech industry’s pain is NSA’s gain, cyber leader says about layoffs
- QueueJumper: Critical Unauthenticated RCE Vulnerability in MSMQ Service - Check Point Research
- Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
- Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
- Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. | CyberScoop
- From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat
- U.S. intel agencies may change how they monitor social media, chatrooms after missing leaked U.S. documents for weeks
- Taiwan highly vulnerable to Chinese air attack, leaked documents show - The Washington Post
- Pentagon document leak raises questions about internal security - The Washington Post
- Leaked secret documents detail additional Chinese spy balloons - The Washington Post
|
Apr 19, 2023 |
Risky Biz Soap Box: Haroon Meer on why the VC apocalypse is great news
https://media3.risky.biz/soapbox75.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
93187073928
https://risky.biz/soapbox75
In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing.
He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.
|
Apr 11, 2023 |
Risky Business #701 -- Why infosec is wrong about TikTok
https://chtbl.com/track/383384/media3.risky.biz/RB701.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
91808554898
https://risky.biz/RB701
NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.
On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:
- The Biden White House’s executive order on spyware
- Why the infosec community writ large is wrong on TikTok
- Clop campaign: it’s time to ditch your file transfer gateways
- Major Android app booted from store because it was full of 0day privesc exploits lol
- More detail on the BreachForums admin arrest
- Much, much more
This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.
|
Mar 29, 2023 |
Risky Business #700 -- Yevgeny Prigozhin's empire gets owned
https://chtbl.com/track/383384/media3.risky.biz/RB700.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
90953528372
https://risky.biz/RB700
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra.
They cover:
- Yevgeny Prigozhin’s entire enterprise got majorly owned
- Kremlin bans iPhones among President’s staff
- A look at those Android handset baseband bugs (woof)
- A discussion of the acropalypse issue
- Why you need to sort out your egress filtering in light of the latest Outlook bug
- Shanna Daly joins us on stage to talk about why the infosec industry sucks
- Plus much much more
This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Mar 22, 2023 |
Risky Business #699 -- BYOD risks ramp up
https://chtbl.com/track/383384/media3.risky.biz/RB699a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
90092610845
https://risky.biz/RB699
Threat actors are really enjoying home networks and BYOD these days…
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Why our LastPass/DPRK hunch weakened
- CISA launches ransomware warning program
- Is the Ring data extortion real?
- White House flags cloud service security regulation
- Pig Butchering overtakes BEC as top cybercrime earner
- Much more!
This week’s show is sponsored by Yubico. The company’s COO, Jerrod Chong, is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Mar 15, 2023 |
Risky Biz Soap Box: Six degrees of Domain Admin
https://chtbl.com/track/383384/media3.risky.biz/soapbox74.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
89460534311
https://risky.biz/soapbox74
Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound.
If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin.
Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.
|
Mar 10, 2023 |
Risky Business #698 -- Why LastPass was probably DPRK*
https://chtbl.com/track/383384/media3.risky.biz/RB698.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
89216028497
https://risky.biz/RB698
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Why the White House’s cybersecurity strategy is actually quite good
- The LastPass breach was probably DPRK
- UEFI bootkits are going downmarket, and this is bad
- GitHub will scan repos for secrets
- A look at some interesting DJI drone research
- Much, much more
This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show
|
Mar 08, 2023 |
Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?
https://chtbl.com/track/383384/media3.risky.biz/RB697.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
88370446643
https://risky.biz/RB697
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- A look at LastPass’s intrusion post mortem
- A very stable genius decided to ransomware the US Marshals Service
- Why Signal’s complaints about UK’s Online Safety Act are bad faith
- Much, much more…
This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Mar 01, 2023 |
An interview with Andrew Boyd, director of the CIA's Centre for Cyber Intelligence
https://chtbl.com/track/383384/media3.risky.biz/andrewboyd.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
87640229972
https://risky.biz/andrewboyd
In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about:
- What CCI actually does
- The CIA’s role in cyber intel and operations
- What lessons have been learned from Russia’s cyber campaigns targeting Ukraine
- Why a cyber conflict with China will be very, very different
- His views on the ransomware threat
- Much, much more
|
Feb 23, 2023 |
Risky Business #696 -- Why Twitter had to kill SMS 2FA
https://chtbl.com/track/383384/media3.risky.biz/RB696.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
87538941803
https://risky.biz/RB696
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Why Twitter had to kill SMS 2FA
- A look at Meta’s new verification service
- How a ransomware attack disrupted the semiconductor supply chain
- Why Anonymous Sudan is probably a Russian info op
- Microsoft mixes up public and private keys in Azure B2C (for real)
- Much, much more
This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Feb 22, 2023 |
Risky Biz Soap Box: Greynoise has built the world's biggest, and smartest, honeypot
https://chtbl.com/track/383384/media3.risky.biz/soapbox73.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
86961251685
https://risky.biz/soapbox73
In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris.
Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you.
And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more.
Enjoy!
|
Feb 16, 2023 |
Risky Business #695 -- North Korea is ransomwaring hospitals, Russia to make "patriotic" hacking legal
https://chtbl.com/track/383384/media3.risky.biz/RB695a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
86756488369
https://risky.biz/RB695
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- North Korea is ransomwaring hospitals with homegrown and Russian strains
- Russia proposes law greenlighting “patriotic hacks”
- It’s 702 renewal time… again
- CISA releases ESXiArgs recovery script (yay!)
- UK mulls crimephone ban
- Much, much more
This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Feb 15, 2023 |
Risky Business #694 -- Cleansing fire claims ESXi, GoAnywhere servers
https://chtbl.com/track/383384/media3.risky.biz/RB694.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
86036824419
https://risky.biz/RB694
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Unpatched ESXi boxes are getting rinsed
- GoAnywhere MFT file transfer boxes are too
- Royal Mail data being ransomed by Lockbit
- Advanced materials manufacturer and finance company among latest rware victims
- Guilty plea in Ubiquiti case
- Much, much more
This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Feb 08, 2023 |
Risky Business #693 -- Hive takedown is the beginning, not the end
https://chtbl.com/track/383384/media3.risky.biz/RB693.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
85312443358
https://risky.biz/RB693
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- A look at the Hive takedown
- UK’s Royal Mail still struggling
- GitHub’s code signing certificates stolen
- TSA misses the point on no-fly list theft
- Much, much more
This week’s show is brought to you by Remediant, which is now a part of Netwrix.
Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Feb 01, 2023 |
Risky Biz Soap Box: Tools alone won't solve your vuln management problems
https://chtbl.com/track/383384/media3.risky.biz/soapbox72.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
84660220306
https://risky.biz/soapbox72
In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.
|
Jan 25, 2023 |
Risky Business #692 -- Google search results spew malware, phishing sites
https://chtbl.com/track/383384/media3.risky.biz/RB692.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
84575666735
https://risky.biz/RB692
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Google’s search results have become a malware-riddled sh*tshow
- Ransomware payment values dropped by 40% YoY in 2022
- Kraken takes over Solaris the old school way
- Grand Theft Auto RCE is wreaking havoc
- ManageEngine customers are all getting owned
- So you know, pretty much business as usual
This week’s show is brought to you by Kroll.
Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Jan 25, 2023 |
Risky Business #691 -- LockBit and "Pablo Escobar syndrome"
https://chtbl.com/track/383384/media3.risky.biz/RB691.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
83844819095
https://risky.biz/RB691
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Royal Mail attack was LockBit and GCHQ will probably “bust some heads”
- CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age
- Cloudflare backs Mastodon
- Paul Nakasone: NSA did some great stuff! It was really good!
- Cisco won’t patch SMB routers sold in 2020
- Much, much more
This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Jan 18, 2023 |
Risky Business #690 -- 2023 will be a rough year for critical online services
https://chtbl.com/track/383384/media3.risky.biz/RB690.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
83060933281
https://risky.biz/RB690
On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:
- Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
- All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
- A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
- Why automotive security research will actually be interesting this year
- PLUS: A bunch of random news!
This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Jan 11, 2023 |
Risky Business #689 -- FBI baulks at Apple's iCloud encryption push
https://chtbl.com/track/383384/media3.risky.biz/RB689.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
79804611050
https://risky.biz/RB689
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
- Apple to introduce user-encrypted backups, FBI is sad
- Twitter ices e2ee plans for DMs
- RackSpace is getting sued over its hosted Exchange ransomware incident
- Dodgy driving: Microsoft signs some shady stuff
- Japan to change laws, release the Shibas
- A look at the US NDAA
- Much, much more
This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
|
Dec 14, 2022 |