Risky Business

By Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for informati... more

4.6

352352 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 569 episodes available.

Risky Business episodes:

April 10, 2025Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape
In this podcast, Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrow’s threat environment is going to be very different to today’s. Tune in to hear analysis from two of the best in the business!
This episode is also available on Youtube.

Show notes
...more
44min
April 09, 2025Risky Business #787 -- Trump fires NSA director, CISA cuts inbound
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter

NSA and CyberCom leaders fired for not being MAGA enough

US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them

…which is a great time to discuss slashing CISA’s staffing

Ransomware crews and bullet proof hosting providers are getting rekt, and we love it

And Microsoft patches yet another logging 0-day being used in the wild.
This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve.
This episode is also available on Youtube.

Show notes
Oracle privately confirms Cloud breach to customers

Oracle have finally issued a written notification to customers about their cybersecurity incident.

Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive

Trump fires numerous National Security Council staff - The Washington Post

Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive

Hackers Spied on US Bank Regulators’ Emails for Over a Year - Bloomberg

This is how Jeffrey Goldberg got added to the Signal chat

Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News

$500,000 stolen in Australian super fund data breach | Superannuation | The Guardian

Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News

Everest ransomware group’s darknet site offline following defacement | The Record from Recorded Future News

On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34).

There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub

The DragonForce ransomware group hacked two rivals this month

CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News

Kill Security Campaign Targets CrushFTP Servers

National Vulnerability Database | NIST

Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop

Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)
...more
54min
April 02, 2025Risky Business #786 -- Oracle is lying
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Yes, Oracle Health and Oracle Cloud did get hacked

The fallout from Signalgate continues

North Korean IT workers pivot to Europe

Honeypot data suggests a storm is brewing for Palo Alto VPNs

Canadian Anon gets arrested for hacking Texas GOP
This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit.
This episode is also available on Youtube.

Show notes
Oracle Health breach compromises patient data at US hospitals

FBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & Analysis

Oracle Still Denies Breach as Researchers Persist

Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity Dive

Publius on X: "🚨 SIGNAL SCANDAL: Katherine Maher, the leftist NPR CEO, is currently the Chair of the Board of Signal! WHAT ARE THE ODDS? https://t.co/jWNTeAt3Jz" / X

Mike Waltz Is Losing Support Inside the White House - WSJ

Waltz and staff used Gmail for government communications, officials say - The Washington Post

Pete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online - DER SPIEGEL

Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public | WIRED

You Need to Use Signal's Nickname Feature

SignalGate Is Driving the Most US Downloads of Signal Ever | WIRED

Wickr - Wikipedia

When Getting Phished Puts You in Mortal Danger – Krebs on Security

DPRK IT Workers Expanding in Scope and Scale | Google Cloud Blog

How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack

Defense contractor to pay $4.6 million over third-party provider’s security weakness | The Record from Recorded Future News

Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats

CISA warns new malware targeting Ivanti zero-day vulnerability | Cybersecurity Dive

Canadian hacker arrested for allegedly stealing data from Texas Republican Party | The Record from Recorded Future News

British intel intern pleads guilty to smuggling top secret data out of protected facility | The Record from Recorded Future News
...more
56min
March 26, 2025Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access
In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls.
Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers??
You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure.
Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors.
This episode is also available on Youtube.

Show notes
...more
31min
March 26, 2025Risky Business #785 -- Signal-gate is actually as bad as it looks
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group

The Github actions hack is smaller than we thought, but was targeting crypto

Remote code exec in Kubernetes, ouch

Oracle denies its cloud got owned, but that sure does look like customer keymat

Taiwanese hardware maker Clevo packs its private keys into bios update zip

US Treasury un-sanctions Tornado Cash, party time in Pyongyang?
This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam.
This episode is also available on Youtube.

Show notes
The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic

Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED

Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed

GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21)

Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive

Researchers back claim of Oracle Cloud breach despite company’s denials | Cybersecurity Dive

The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK

Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop

US scraps sanctions on Tornado Cash, crypto ‘mixer’ accused of laundering North Korea money | Reuters

Tornado Cash Delisting | U.S. Department of the Treasury

Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News

Clevo Boot Guard Keys Leaked in Update Package

Six additional countries identified as suspected Paragon spyware customers | CyberScoop

The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it | The Record from Recorded Future News

Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News

Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News

Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News

DNA of 15 Million People for Sale in 23andMe Bankruptcy
...more
1h
March 19, 2025Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Github Actions supply chain attack loots keys and secrets from 23k projects

Why a VC fund now owns a minority stake in Risky Business Media (!?!?)

China doxes Taiwanese military hackers

Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it

CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave

…and Google acquires Wiz for $32bn
This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years.
This episode is also available on Youtube.

Show notes
Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media

China says Taiwan's military is behind PoisonIvy APT

China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News

Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News

Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop

Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News

'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News

Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive

Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News

CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIRED

The Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For Director

White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters

Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News

Telegram CEO Pavel Durov allowed to leave France amid investigation

Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News

Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News

Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel
...more
57min
March 12, 2025Risky Business #783 -- Evil webcam ransomwares entire Windows network
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA.
They talk through:
A realistic bluetooth-proximity phishing attack against Passkeys

A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor

The ESP32 backdoor that is neither a door nor at the back

The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists

Years later, LastPass hackers are still emptying crypto-wallets

…and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice!
Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline.
This week’s episode is sponsored by SpecterOps, makers of the BloodHound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using BloodHound’s insight.
This episode is also available on Youtube.

Show notes
CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher

Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security

Camera off: Akira deploys ransomware via webcam

Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices

Alleged Co-Founder of Garantex Arrested in India – Krebs on Security

37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive

Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica

What Really Happened With the DDoS Attacks That Took Down X | WIRED

Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive

Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News

Safe.eth on X: "Investigation Updates and Community Call to Action" / X

How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support.

US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News

Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security | CyberScoop

U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post
...more
1h 4min
March 05, 2025Risky Business #782 -- Are the USA and Russia cyber friends now?
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Did the US decide to stop caring about Russian cyber, or not?

Adam stans hard for North Korea’s massive ByBit crypto-theft

Cellebrite firing Serbia is an example of the system working

Starlink keeps scam compounds in Myanmar running

Biggest DDoS botnet yet pushes over 6Tbps
This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon.
This episode is also available on Youtube.

Show notes
" rel="noopener noreferrer">Sygnia Preliminary Bybit Investigation Report

" rel="noopener noreferrer">Verichains Bybit Incident Investigation Preliminary Report

" rel="noopener noreferrer">North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News

" rel="noopener noreferrer">Risky Bulletin: Trump administration stops treating Russian hackers as a threat - Risky Business

" rel="noopener noreferrer">Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated)

" rel="noopener noreferrer">Russia to redeploy resources freed up by end of war in Ukraine, warns Finnish intelligence | The Record from Recorded Future News

" rel="noopener noreferrer">FBI urges crypto community to avoid laundering funds from Bybit hack | The Record from Recorded Future News

" rel="noopener noreferrer">Risky Bulletin: Cellebrite bans bad boy Serbia - Risky Business

" rel="noopener noreferrer">Belgium probes suspected Chinese hack of state security service | The Record from Recorded Future News

" rel="noopener noreferrer">Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US | The Record from Recorded Future News

" rel="noopener noreferrer">Elon Musk’s Starlink Is Keeping Modern Slavery Compounds Online | WIRED

" rel="noopener noreferrer">U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

" rel="noopener noreferrer">Google Password Manager finally syncs to iOS—here’s how - Ars Technica

" rel="noopener noreferrer">Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users

" rel="noopener noreferrer">Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms | Cybersecurity Dive

" rel="noopener noreferrer">Microsoft-signed driver used in ransomware attacks | Cybersecurity Dive

" rel="noopener noreferrer">London member of ‘Com’ network convicted of making indecent images of children | The Record from Recorded Future News

" rel="noopener noreferrer">Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight
...more
51min
February 26, 2025Risky Business #781 -- How Bybit oopsied $1.4bn
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
North Korea pulls off a 1.5 billion dollar crypto heist

Apple pulls Advanced Data Protection from the UK

Black Basta ransomware gang’s internal chats leak

Russians snoop on Signal with QR codes

And Myanmar ships thousands of freed scam compound workers to Thailand
Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she outed the NSA?
This week’s episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows’ own allow-listing software to block EDR from loading.
This episode is also available on Youtube.

Show notes
Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News

CertiK - Bybit Incident Technical Analysis

Hackers use ‘sophisticated’ macOS malware to steal cryptocurrency, Microsoft says | The Record from Recorded Future News

EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News

Sanctions: Iranians Flock to Crypto; Int'l Actions Target Russia - Chainalysis

Apple turns off iCloud encryption feature in UK following reported government legal order | The Record from Recorded Future News

Swedish authorities seek backdoor to encrypted messaging apps | The Record from Recorded Future News

Leaked chat logs expose inner workings of secretive ransomware group - Ars Technica

Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News

Meta Sues Alleged Violent Extortionist For Holding Instagram Accounts Hostage

Weathering the storm: In the midst of a Typhoon

Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News

Genea confirms cyber breach after ‘unauthorised third party’ accesses data | news.com.au — Australia’s leading news site

Managed healthcare defense contractor to pay $11 million over alleged cyber failings | The Record from Recorded Future News

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Director-General's Annual Threat Assessment 2025 | ASIO

An inside look at NSA (Equation Group) TTPs from China’s lense
...more
1h 3min
February 21, 2025Wide World of Cyber: DeepSeek lobs an AI hand grenade
In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation.
From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be?
Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs.
This episode is also available on Youtube.

Show notes
...more
42min

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 569 episodes available.

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,952 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

634 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

Hacked by Hacked

Hacked

174 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,010 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

308 Listeners

Click Here by Recorded Future News

Click Here

390 Listeners

Malicious Life by Malicious Life

Malicious Life

923 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,822 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

141 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

186 Listeners

Hacking Humans by N2K Networks

Hacking Humans

304 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

70 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

118 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

32 Listeners