Risky Business

By Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for informati... more

4.6

352352 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 571 episodes available.

Risky Business episodes:

March 09, 2023 Risky Biz Soap Box: Six degrees of Domain Admin
Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound.
If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin.
Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.
...more
43min
March 07, 2023Risky Business #698 -- Why LastPass was probably DPRK*
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
Why the White House’s cybersecurity strategy is actually quite good

The LastPass breach was probably DPRK

UEFI bootkits are going downmarket, and this is bad

GitHub will scan repos for secrets

A look at some interesting DJI drone research

Much, much more
This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

Show notes
Risky Biz News: White House unveils National Cybersecurity Strategy

White House looks to put cybersecurity pressure on companies

Surveillance oversight board member explores concerns about Section 702 renewal | CyberScoop

Secret Service and ICE conducted warrantless stingray surveillance, says watchdog | TechCrunch

LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach

Give Me E2EE or Give Me Death - by Tom Uren

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw | Ars Technica

GitHub’s secret scanning alerts now available for all public repos

This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location | WIRED

Hackers steal gun owners’ data from firearm auction website | TechCrunch

New ATM Malware 'FiXS' Emerges - SecurityWeek

US government warns Royal ransomware is targeting critical infrastructure | TechCrunch

Ransomware gang posts breast cancer patient photos from Pennsylvania health network to dark web

Hospital Clínic de Barcelona severely impacted by ransomware attack

Hackers Release Data Stolen in Oakland Ransomware Attack – NBC Bay Area

Salt Labs | Traveling with OAuth - Account Takeover on Booking.com

Google adds client-side encryption to Gmail and Calendar. Should you care? | Ars Technica

The life-upending flaw that USPS won’t fix | TechCrunch

Powerful Meta large language model widely available online | CyberScoop

We’re going teetotal: It’s goodbye to The Daily Swig | The Daily Swig
...more
1h 1min
February 28, 2023Risky Business #697 -- LastPass attacker: Do you gotta hand it to 'em?
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
A look at LastPass’s intrusion post mortem

A very stable genius decided to ransomware the US Marshals Service

Why Signal’s complaints about UK’s Online Safety Act are bad faith

Much, much more…
This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
Additional details of the attack - LastPass Support

LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica

'Major' U.S. Marshals Service hack compromises sensitive info

DISH tells SEC that ransomware attack caused outages; personal info may have been stolen - The Record from Recorded Future News

DISH says ‘system issue’ affecting internal servers, phone systems - The Record from Recorded Future News

Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ - The Record from Recorded Future News

'A year of cyberwar' with Russia: An inside look from a top Ukrainian cybersecurity official | CyberScoop

Russia blames hackers as commercial radio stations broadcast fake air strike warnings - The Record from Recorded Future News

Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge - The Record from Recorded Future News

Signal CEO: We “1,000% won’t participate” in UK law to weaken encryption | Ars Technica

White House cybersecurity strategy to force large companies to make systems secure by design | CyberScoop

Popular IBM file transfer tool vulnerable to cyberattacks, CISA says - The Record from Recorded Future News

A world of hurt for Fortinet and ManageEngine after users fail to install patches | Ars Technica

Gigamon Exits NDR Market, Sells ThreatInsight Business to Fortinet

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw | The Daily Swig

How I Broke Into a Bank Account With an AI-Generated Voice

Hackers use ChatGPT phishing websites to infect users with malware - The Record from Recorded Future News

Venture capital financing of cyber companies slid to $18.5 billion in 2022 - The Record from Recorded Future News

Tines Automation Platform - YouTube
...more
1h
February 22, 2023An interview with Andrew Boyd, director of the CIA's Centre for Cyber Intelligence
In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about:
What CCI actually does

The CIA’s role in cyber intel and operations

What lessons have been learned from Russia’s cyber campaigns targeting Ukraine

Why a cyber conflict with China will be very, very different

His views on the ransomware threat

Much, much more
...more
53min
February 21, 2023Risky Business #696 -- Why Twitter had to kill SMS 2FA
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
Why Twitter had to kill SMS 2FA

A look at Meta’s new verification service

How a ransomware attack disrupted the semiconductor supply chain

Why Anonymous Sudan is probably a Russian info op

Microsoft mixes up public and private keys in Azure B2C (for real)

Much, much more
This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
" rel="noopener noreferrer">How to Protect Yourself From Twitter’s 2FA Crackdown | WIRED

" rel="noopener noreferrer">Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS | Commsrisk

" rel="noopener noreferrer">Twitter’s Two-Factor Authentication Change ‘Doesn't Make Sense’ | WIRED

" rel="noopener noreferrer">Elon Musk on Twitter: "@MKBHD Twitter is getting scammed by phone companies for $60M/year of fake 2FA SMS messages" / Twitter

" rel="noopener noreferrer">rat king 🐀 on Twitter: "as twitter goes through diff versions of what it’s subscription service looks like, meta rolls out its own verified program… https://t.co/BPNILEFGZ0" / Twitter

" rel="noopener noreferrer">WA wedding photographer’s fury as Instagram account deactivated | news.com.au — Australia’s leading news site

" rel="noopener noreferrer">Semiconductor industry giant says ransomware attack on supplier will cost it $250 million - The Record from Recorded Future News

" rel="noopener noreferrer">State of emergency as City of Oakland grapples with ransomware attack - The Record from Recorded Future News

" rel="noopener noreferrer">Irish TV broadcaster says attempted hack will affect programming - The Record from Recorded Future News

" rel="noopener noreferrer">Revealed: the US adviser who tried to swing Nigeria’s 2015 election | Cambridge Analytica | The Guardian

" rel="noopener noreferrer">Political aides hacked by ‘Team Jorge’ in run-up to Kenyan election | World news | The Guardian

" rel="noopener noreferrer">Fox News stars and staffers privately blasted election fraud claims as bogus, court filing shows

" rel="noopener noreferrer">google_fog_of_war_research_report.pdf

" rel="noopener noreferrer">Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine | CyberScoop

" rel="noopener noreferrer">Scandinavian Airlines hit by cyberattack, 'Anonymous Sudan' claims responsibility - The Record from Recorded Future News

" rel="noopener noreferrer">Azure B2C Crypto Misuse and Account Compromise - Praetorian

" rel="noopener noreferrer">GoDaddy: Hackers stole source code, installed malware in multi-year breach

" rel="noopener noreferrer">WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks - SentinelOne

" rel="noopener noreferrer">Hyundai, Kia to provide anti-theft software updates following viral TikTok challenge - The Record from Recorded Future News

" rel="noopener noreferrer">Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

" rel="noopener noreferrer">Latest attack on PyPI users shows crooks are only getting better | Ars Technica

" rel="noopener noreferrer">Belgium launches nationwide safe harbor for ethical hackers | The Daily Swig

" rel="noopener noreferrer">Tor Project Moves Away from Infrastructure Ran by Internet Monitoring Firm

Bank accounts overdrawn, missing and suspended without warning, bank won't talk to me : LegalAdviceUK
...more
1h 4min
February 15, 2023 Risky Biz Soap Box: Greynoise has built the world's biggest, and smartest, honeypot
In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris.
Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you.
And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more.
Enjoy!
...more
36min
February 14, 2023Risky Business #695 -- North Korea is ransomwaring hospitals, Russia to make "patriotic" hacking legal
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
North Korea is ransomwaring hospitals with homegrown and Russian strains

Russia proposes law greenlighting “patriotic hacks”

It’s 702 renewal time… again

CISA releases ESXiArgs recovery script (yay!)

UK mulls crimephone ban

Much, much more
This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
North Korean hackers extort health care organizations to fund further cyberattacks, US and South Korea say | CNN Politics

Risky Biz News: US and UK sanction seven Trickbot members

United States and United Kingdom Sanction Members of Russia-Based Trickbot Cybercrime Gang | U.S. Department of the Treasury

Risky Biz News: Russia wants to absolve patriotic hackers from any criminal liability

The FBI’s Most Controversial Surveillance Tool Is Under Threat | WIRED

Meet the Creator of North Korea’s Favorite Crypto Privacy Service | WIRED

CISA publishes recovery script for ESXiArgs ransomware as Florida courts, universities reel - The Record from Recorded Future News

decrypt your crypted files in ESXi servers affected by CVE-2020-3992 / CryptoLocker attack

Tonga is the latest Pacific Island nation hit with ransomware - The Record from Recorded Future News

UK Proposes Making the Sale and Possession of Encrypted Phones Illegal

UK High Court allows Bahraini activists to sue government over spyware - The Record from Recorded Future News

Russian cybersecurity expert convicted of charges in $90M hack-to-trade case | CyberScoop

Deepfake 'news anchors' appear in pro-China footage on social media, research group says - ABC News

Geotargeting tools are allowing phishing campaigns to home in on potential victims - The Record from Recorded Future News

This week’s Reddit breach shows company’s security is (still) woefully inadequate | Ars Technica

Namecheap denies system breach after email service used to spread phishing scams - The Record from Recorded Future News

Mysterious leak of Booking.com reservation data is being used to scam customers | Ars Technica

DOM XSS vulnerability in Gartner Peer Insights widget patched | The Daily Swig

Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game - Avast Threat Labs

OAuth ‘masterclass’ crowned top web hacking technique of 2022 | The Daily Swig

New XSS Hunter host Truffle Security faces privacy backlash | The Daily Swig

'No evidence of malicious access,' Toyota says about serious bug exploited by outside researcher - The Record from Recorded Future News

A year after outcry, IRS still doesn't offer taxpayers alternative to ID.me | CyberScoop
...more
1h 0min
February 07, 2023Risky Business #694 -- Cleansing fire claims ESXi, GoAnywhere servers
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
Unpatched ESXi boxes are getting rinsed

GoAnywhere MFT file transfer boxes are too

Royal Mail data being ransomed by Lockbit

Advanced materials manufacturer and finance company among latest rware victims

Guilty plea in Ubiquiti case

Much, much more
This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
Risky Biz News: Ransomware wave hits thousands of VMWare ESXi servers

Risky Biz News: Zero-day alert for GoAnywhere file transfer servers

Royal Mail faces threat from ransomware group LockBit | Reuters

ION brings clients back online after ransomware attack: Source | Business Insurance

Hackers who breached ION say ransom paid; company declines comment | Reuters

Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with | Evening Standard

K-12 schools in Tucson, Nantucket respond to cyberattacks - The Record from Recorded Future News

Ransomware gang attempts to extort UK school by posting files about at-risk children - The Record from Recorded Future News

British steel industry supplier Vesuvius ‘currently managing cyber incident’ - The Record from Recorded Future News

Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack - The Record from Recorded Future News

All classes canceled at Irish university as it announces ‘significant IT breach’ - The Record from Recorded Future News

Switzerland’s largest university confirms ‘serious cyberattack’ - The Record from Recorded Future News

Dutch Police Read Messages of Encrypted Messenger 'Exclu'

Julius 'zeekill' Kivimäki, former Lizard Squad hacker, arrested in France - The Record from Recorded Future News

New York attorney general fines developer of stalking apps - The Record from Recorded Future News

Microsoft alleges attacks on French magazine came from Iranian-backed group | Ars Technica

Hackers linked to North Korea targeted Indian medical org, energy sector - The Record from Recorded Future News

Google Cuts Company Protecting People From Surveillance To A ‘Skeleton Crew,’ Say Laid Off Workers

Feds get guilty plea in Ubiquiti data extortion case - The Record from Recorded Future News

For Hire: Ex-Ubiquiti Developer Charged With Extortion

Microsoft notifies UK customers affected by hackers abusing ‘verified publisher’ tag - The Record from Recorded Future News

Darknet drug market BlackSprut openly advertises on billboards in Moscow - The Record from Recorded Future News

Toyota sealed up a backdoor to its global supplier management network | The Daily Swig
...more
53min
January 31, 2023Risky Business #693 -- Hive takedown is the beginning, not the end
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
A look at the Hive takedown

UK’s Royal Mail still struggling

GitHub’s code signing certificates stolen

TSA misses the point on no-fly list theft

Much, much more
This week’s show is brought to you by Remediant, which is now a part of Netwrix.
Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
U.S. Department of Justice Disrupts Hive Ransomware Variant | OPA | Department of Justice

U.S. Department of Justice Disrupts Hive Ransomware Variant - YouTube

Ransomware experts laud Hive takedown but question impact without arrests - The Record from Recorded Future News

Royal Mail progressing to full operations following ransomware attack - The Record from Recorded Future News

British government minister told council to keep quiet after ransomware attack - The Record from Recorded Future News

The Untold Story of a Crippling Ransomware Attack | WIRED

Russia blocks access to US ‘Rewards for Justice,’ FBI and CIA websites - The Record from Recorded Future News

GitHub says hackers cloned code-signing certificates in breached repository | Ars Technica

ESET: Sandworm could be behind new file-deleting malware targeting Ukraine - The Record from Recorded Future News

TSA issues security directive to airports, carriers after 'no-fly' list leak - The Record from Recorded Future News

U.S. No Fly list shared on a hacking forum, government investigating

Chinese influence operations may lack critical element: influence | CyberScoop

Cybercriminals scam two federal agencies via remote desktop tool, CISA warns | CyberScoop

Kevin Rose loses pricey NFTs to wallet hack

Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

NFT company gets restraining order to freeze hacker’s online wallet - The Record from Recorded Future News

Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges | WIRED

Exploiting a Critical Spoofing Vulnerability in Windows CryptoAPI | Akamai

Facebook two-factor authentication bypass issue patched | The Daily Swig

AI-Generated Voice Firm Clamps Down After 4chan Makes Celebrity Voices for Abuse
...more
55min
January 24, 2023 Risky Biz Soap Box: Tools alone won't solve your vuln management problems
In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.
...more
32min

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 571 episodes available.

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,961 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

634 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

368 Listeners

Hacked by Hacked

Hacked

176 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,008 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

386 Listeners

Malicious Life by Malicious Life

Malicious Life

923 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,840 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

141 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

182 Listeners

Hacking Humans by N2K Networks

Hacking Humans

309 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

71 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

120 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners