Risky Business

By Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for informati... more

4.6

364364 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 609 episodes available.

Risky Business episodes:

October 12, 2023 Risky Biz Soap Box: Preventing MFA reset attacks
Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d.
He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.
...more
32min
October 10, 2023Risky Business #725 -- Microsoft knifes VBScript, passkeys the new default for Google accounts
On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover:
Microsoft has killed VBScript

Google to make passkeys the new default sign-in method

MGM losses to exceed $100m

Clorox has a bad quarter

Why a bug in cURL could be really bad news

Much, much more
This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.

Show notes
Deprecated features in the Windows client - What's new in Windows | Microsoft Learn

Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords | WIRED

AWS kicks off cloud race to mandate MFA by default | Cybersecurity Dive

MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack | Cybersecurity Dive

Clorox warns of quarterly loss related to August cyberattack, production delays | Cybersecurity Dive

Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states

Cybercrime gangs now deploying ransomware within 24 hours of hacking victims

Microsoft: Human-operated ransomware attacks tripled over past year

Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks

Microsoft: State-backed hackers grow in sophistication, aggressiveness | CyberScoop

67 X accounts spread coordinated Israel-Hamas disinformation: report

John Hultquist🌻 on X: "We are currently seeing pro-Iran information operations actors promoting content across various social media channels, in favor of Hamas and critical of Israel’s response to the attacks. 1/x" / X

Hacktivism erupts in response to Hamas-Israel war | TechCrunch

‘War has no rules’: Hacktivists scorn Red Cross’ new guidelines

Joe Truzman on X: "Israeli Police Spokesperson: The Cyber Unit of the Police at Lahav 433 has frozen accounts of cryptocurrencies that served Hamas' terrorist organization to solicit donations on social networks. The Cyber Unit of Lahav 433, in cooperation with the Ministry of Defense, the…" / X

Cloud giants sound alarm on record-breaking DDoS attacks | Cybersecurity Dive

Israel's Failure to Stop the Hamas Attack Shows the Danger of Too Much Surveillance | WIRED

Edward Snowden on X: "Netanyahu nurtured a zillion-dollar industry selling spying tools to despots that use them to break into the iPhones of critics, elected opponents, human rights lawyers, and even students (these are all real examples). Turns out they're not very useful for spying on Hamas, tho.…" / X

HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks

NVD - CVE-2023-44487

Maintainers warn of vulnerability affecting foundational open-source tool

23andMe user data targeting Ashkenazi Jews leaked online

23andMe User Data Stolen in Credential Stuffing Attack

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

From AI with love: Scammers integrate ChatGPT into dating-app tool

Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
...more
45min
October 03, 2023Risky Business #724 -- Exploitation moves away from Microsoft, Google and Apple products
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
Ransomware crews target WS_FTP and Jetbrains servers

Global energy supply shapes up as big target

The Dossier Center drops another banger

Indian nationalists DDoS Canadian targets

A look at the Exim drama

Much, much more
This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
Multiple exploits hit Progress Software’s WS_FTP Server | Cybersecurity Dive

Progress Software discloses 8 vulnerabilities in one of its other file-transfer services | Cybersecurity Dive

Progress Software says business impact ‘minimal’ from MOVEit attack spree | Cybersecurity Dive

NEXTA on X:

Гостайна по электричеству - Досье

Russian flight booking system suffers ‘massive’ cyberattack

Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News

NATO investigating breach, leak of internal documents | CyberScoop

Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters

FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers

Cisco routers abused by China-linked hackers against US, Japan companies | Cybersecurity Dive

Suspected China-based hackers target Middle Eastern telecom, Asian government

North Korean hackers posed as Meta recruiter on LinkedIn | CyberScoop

Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company

Ransomware gangs destroying data, using multiple strains during attacks: FBI

Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica

NSA is creating a hub for AI security, Nakasone says

Privacy watchdog recommends court approval for FBI searches of spy data | CyberScoop

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica

‘Snatch’ Ransom Group Exposes Visitor IP Addresses – Krebs on Security

IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch
...more
55min
September 27, 2023Risky Business #723 -- MGM and Caesars: Western youths are working with ransomware gangs
On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover:
How western youths are working with Russian ransomware crews

Russia has changed its targeting in Ukraine

A massive breach of historical Russian flight information is god’s gift to OSINT orgs

Cisco buys Splunk for $28bn

Much, much more
This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest.
Links to everything that we discussed are below.

Show notes
MGM Resorts says hotel, casino operations back up and running | Cybersecurity Dive

MGM Resorts warns customers of fraud as it faces class action lawsuits | Cybersecurity Dive

mgmkirwan - DocumentCloud

Cross-Tenant Impersonation: Prevention and Detection | Okta Security

'Power, influence, notoriety': The Gen-Z hackers who struck MGM, Caesars | Reuters

Youth hacking ring at the center of cybercrime spree | CyberScoop

UK logistics firm blames ransomware attack for insolvency, 730 redundancies

Philippines state health org struggling to recover from ransomware attack

Bermuda’s premier attributes system outages to ‘Russia-based’ attackers

Russian hackers target Ukrainian government systems involved in war crimes investigations

(4) Oleg Shakirov on X: "Huge data breach in Russia A previously unknown group claims it stole data from Russia's major flight booking system Sirena Travel. The whole dataset includes 665 mil entries and spans 16 years; they posted a sample with 3 mil lines. I was able to verify one flight. Looks legit" / X

Hackers break into Russian database with data on hundreds of millions of flights

Canada blames border checkpoint outages on cyberattack

Air Canada says hackers accessed limited employee records during cyberattack

3 iOS 0-days, a cellular network compromise, and HTTP used to infect an iPhone | Ars Technica

Yes, you have to update your Apple devices again, because spyware is bad | TechCrunch

GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica

CISA's catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years

Hong Kong crypto business Mixin says hackers stole $200 million in assets

Cisco to buy Splunk for $28B | Cybersecurity Dive

British Army general says UK now conducting ‘hunt forward’ operations

World on the Brink: How America Can Beat China in the Race for the Twenty-First Century: Alperovitch, Dmitri, Graff, Garrett M.: 9781541704091: Amazon.com: Books

Starlink in Ukraine: Why the Story Is Not So Simple | Geopolitics Decanted by Silverado
...more
58min
September 21, 2023Snake Oilers: Sublime Security, VulnCheck and Devicie
In this edition of Snake Oilers you’ll hear product pitches from:
Sublime Security: e-mail security for people who want to tune their detections

VulnCheck: Provides vulnerability intelligence to governments, large enterprises and vendors

Devicie: Manage your devices with Intune without pulling your hair out

Show notes
sublime.security

VulnCheck - Outpace Adversaries

Cloud-native device management platform | Devicie
...more
40min
September 19, 2023Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?
On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover:
Microsoft’s 38TB oopsie

MGM’s Okta compromised, was this what Okta was warning us about?

Why we need a cyber knife fight

Google Authenticator sync abused in the wild

Much, much more
This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop

Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X

Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center

(6) Microsoft's Security Culture Just Isn't up to Scratch

Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive

MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive

I Gambled in MGM's Hacked Casinos

‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail

MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive

Caesars Entertainment says it was also a victim of a cyberattack

Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive

DHS: Ransomware attackers headed for second most profitable year

(1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X

White House urging dozens of countries to publicly commit to not pay ransoms

Cyberattack on Kansas town affects email, phone, payment systems

Major trucking software provider confirms ransomware incident

Several Colombian government ministries hampered by ransomware attack

Manchester police officers’ data stolen following ransomware attack on supplier

Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack

Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say

How Google Authenticator made one company’s network breach much, much worse | Ars Technica

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

Mozilla, CISA urge users to patch Firefox security flaw

UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption

Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian

Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza

War crimes tribunal ICC says it has been hacked | Reuters

XINTRA - Cybersecurity Training

CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube

SaaS attack techniques

SaaS attack matrix: The shadow workflow’s evil twin

SaaS Attack: How to SAMLjack a poisoned tenant

SAMLjacking a poisoned tenant demo - YouTube

SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube
...more
1h
September 12, 2023Risky Business #721 -- Why Storm-0558's Microsoft hack should have failed
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
How Storm-0558 stole Microsoft’s signing key

Cisco 0day being used by ransomware crews

We were right about Elon stumbling into the Ukraine war

Someone’s amazing image library 0day just got crushed

Much, much more!
This week’s show is brought to you by Nucleus Security. Co-founder Scott Kuffer is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
Results of Major Technical Investigations for Storm-0558 Key Acquisition | MSRC Blog | Microsoft Security Response Center

Microsoft reveals how hackers stole its email signing key… kind of | TechCrunch

Kevin Beaumont: "One extra thing to highlight -…" - Cyberplace

Preventing Authentication Bypass: A Tale of Two Researchers - YouTube

BEC phishing kit hits thousands of Microsoft 365 business accounts | Cybersecurity Dive

Microsoft Teams phishing attack pushes DarkGate malware

CISA warns of attacks using Microsoft Word, Adobe bugs

New Emergency Chrome Security Update After Critical iOS 16.6.1 Release

Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks

Cisco security appliance 0-day is under attack by ransomware crooks | Ars Technica

Cisco BroadWorks vulnerability snags highest CVSS score | Cybersecurity Dive

High-profile CVEs turn up in vulnerability exploit sales | Cybersecurity Dive

MGM Resorts takes systems offline following cyberattack

Save the Children International hit with cyberattack, but says operations weren’t impacted

Sri Lankan government loses months of data following ransomware attack

(6) Risky Biz News: US and UK dox and sanction 11 more Trickbot/Conti members. Charges included too.

Opinion | The untold story of Elon Musk’s support for Ukraine - The Washington Post

Elon Musk on X:

SpaceX unveils Starshield, a military variation of Starlink satellites

China-Linked Hackers Breached a Power Grid—Again | WIRED

Just waiting for a mate - YouTube

North Korea-backed hackers target security researchers with 0-day | Ars Technica

Cars are collecting data on par with Big Tech, watchdog report finds

Crypto Town Hall on X: "Crypto Kingpin's Downfall: 11,196 Years Behind Bars!"https://t.co/1RCNJ8um4c" / X
...more
59min
September 07, 2023Snake Oilers: ConductorOne, Bloodhound Enterprise and Zero Networks
In this edition of Snake Oilers you’ll hear product pitches from:
ConductorOne: PAM, account cycle management and access auditing for cloud and SaaS accounts

Bloodhound Enterprise: Enumerate attack paths in your environment and shut them down

Zero Networks: Agentless: heavily automated microsegmentation and a VPN product that won’t get you insta-owned

Show notes
ConductorOne - Identity security & access control

Home - BloodHound Enterprise

Microsegmentation in a Matter of Minutes | Zero Networks
...more
40min
September 05, 2023Risky Business #720 -- How cloud identity provider federation features can get you mega-owned
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
Why everyone should pay attention to some recent attacks on Okta customers

Why third party comms apps are risky af

Why are Russian espionage opps using Tor for C2?

Surveillance firms abuse Fiji Telco Digicel’s SS7 access

Much, much more!
This week’s show is brought to you by Gigamon. Mark Jow, Gigamon’s EMEA Technical Director is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
Cross-Tenant Impersonation: Prevention and Detection | Okta Security

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

NCSC-MAR-Infamous-Chisel.pdf

Ukraine says an energy facility disrupted a Fancy Bear intrusion

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach – Krebs on Security

Telstra-owned Pacific mobile network likely exploited by spies for hire - ABC News

CISA, MITRE shore up operational tech networks with adversary emulation platform

LogicMonitor customers hit by hackers, because of default passwords | TechCrunch

Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

Why is .US Being Used to Phish So Many of Us? – Krebs on Security

UK cyber agency announces Ollie Whitehouse as its first ever CTO

Embattled consulting firm PwC swept up in global cyber breach of file service MOVEit by cybercrime group C10p

ONLINE-SCAM-OPERATIONS-2582023.pdf

Unmasking Trickbot, One of the World’s Top Cybercrime Gangs | WIRED
...more
57min
August 29, 2023Risky Business #719 -- FBI vapes 700,000 Qakbot infections
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:
The FBI takes down Qakbot, steals operators’ bitcoins ha ha

Danish hosting provider completely destroyed in ransomware attack

Sophisticated Russian cyber attack on Polish trains. Well. Not really.

Microsoft revokes cert then revokes its revocation

Much, much more!
This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes
US says it and partners have taken down notorious 'Qakbot' hacking network | Reuters

Danish cloud host says customers ‘lost all data’ after ransomware attack | TechCrunch

VDP Platform 2022 Annual Report Showcases Platform’s Success | CISA

Proposed bill would require vulnerability disclosure policies for all federal contractors

The Cheap Radio Hack That Disrupted Poland's Railway System | WIRED

Two suspects arrested following Poland railway hack

‘Incredible concern and anger’ among Metropolitan Police after hackers breach data

New malware from North Korea’s Lazarus used against healthcare industry

North Korea’s Lazarus hackers behind recent crypto heists: FBI

US arrests Tornado Cash co-founder, sanctions another who remains at large

Kroll Employee SIM-Swapped for Crypto Investor Data – Krebs on Security

(2) Risky Biz News: WinRAR zero-day used to hack stock and crypto traders

Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

Renegade certificate removed from Windows. Then it returns. Microsoft stays silent. | Ars Technica

Barracuda ESG zero-day exploit still under way after patches fail | Cybersecurity Dive

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) | Mandiant

Unpacking the MOVEit Breach: Statistics and Analysis

The DEA Accidentally Sent $50,000 Of Seized Cryptocurrency To A Scammer

Akira Ransomware Targeting VPNs without Multi-Factor Authentication - Cisco Blogs

Ransomware attack dwell times fall, pressuring companies to quickly respond | Cybersecurity Dive

British court convicts two teen Lapsus$ members of hacking tech firms

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders. – Krebs on Security

Apple security updates could be banned by British government
...more
55min

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 609 episodes available.

More shows like Risky Business

Hacked by Hacked

Hacked

184 Listeners

Security Now (Audio) by TWiT

Security Now (Audio)

2,003 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

638 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,019 Listeners

Smashing Security by Graham Cluley

Smashing Security

322 Listeners

Click Here by Recorded Future News

Click Here

415 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,013 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

174 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

134 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

169 Listeners