Risky Business

By Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for informati... more

4.6

354354 ratings

Download on the App Store

Download on the App Store

Get it on Google Play

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 584 episodes available.

Risky Business episodes:

March 19, 2025Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Github Actions supply chain attack loots keys and secrets from 23k projects

Why a VC fund now owns a minority stake in Risky Business Media (!?!?)

China doxes Taiwanese military hackers

Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it

CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave

…and Google acquires Wiz for $32bn
This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years.
This episode is also available on Youtube.

Show notes
Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media

China says Taiwan's military is behind PoisonIvy APT

China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News

Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News

Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop

Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News

'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News

Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive

Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News

CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIRED

The Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For Director

White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters

Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News

Telegram CEO Pavel Durov allowed to leave France amid investigation

Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News

Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News

Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel
...more
57min
March 12, 2025Risky Business #783 -- Evil webcam ransomwares entire Windows network
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA.
They talk through:
A realistic bluetooth-proximity phishing attack against Passkeys

A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor

The ESP32 backdoor that is neither a door nor at the back

The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists

Years later, LastPass hackers are still emptying crypto-wallets

…and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice!
Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline.
This week’s episode is sponsored by SpecterOps, makers of the BloodHound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using BloodHound’s insight.
This episode is also available on Youtube.

Show notes
CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher

Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security

Camera off: Akira deploys ransomware via webcam

Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices

Alleged Co-Founder of Garantex Arrested in India – Krebs on Security

37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive

Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica

What Really Happened With the DDoS Attacks That Took Down X | WIRED

Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive

Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News

Safe.eth on X: "Investigation Updates and Community Call to Action" / X

How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support.

US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News

Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security | CyberScoop

U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post
...more
1h 4min
March 05, 2025Risky Business #782 -- Are the USA and Russia cyber friends now?
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Did the US decide to stop caring about Russian cyber, or not?

Adam stans hard for North Korea’s massive ByBit crypto-theft

Cellebrite firing Serbia is an example of the system working

Starlink keeps scam compounds in Myanmar running

Biggest DDoS botnet yet pushes over 6Tbps
This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon.
This episode is also available on Youtube.

Show notes
" rel="noopener noreferrer">Sygnia Preliminary Bybit Investigation Report

" rel="noopener noreferrer">Verichains Bybit Incident Investigation Preliminary Report

" rel="noopener noreferrer">North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News

" rel="noopener noreferrer">Risky Bulletin: Trump administration stops treating Russian hackers as a threat - Risky Business

" rel="noopener noreferrer">Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated)

" rel="noopener noreferrer">Russia to redeploy resources freed up by end of war in Ukraine, warns Finnish intelligence | The Record from Recorded Future News

" rel="noopener noreferrer">FBI urges crypto community to avoid laundering funds from Bybit hack | The Record from Recorded Future News

" rel="noopener noreferrer">Risky Bulletin: Cellebrite bans bad boy Serbia - Risky Business

" rel="noopener noreferrer">Belgium probes suspected Chinese hack of state security service | The Record from Recorded Future News

" rel="noopener noreferrer">Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US | The Record from Recorded Future News

" rel="noopener noreferrer">Elon Musk’s Starlink Is Keeping Modern Slavery Compounds Online | WIRED

" rel="noopener noreferrer">U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” – Krebs on Security

" rel="noopener noreferrer">Google Password Manager finally syncs to iOS—here’s how - Ars Technica

" rel="noopener noreferrer">Gmail Security Alert: Google To Ditch SMS Codes For Billions Of Users

" rel="noopener noreferrer">Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms | Cybersecurity Dive

" rel="noopener noreferrer">Microsoft-signed driver used in ransomware attacks | Cybersecurity Dive

" rel="noopener noreferrer">London member of ‘Com’ network convicted of making indecent images of children | The Record from Recorded Future News

" rel="noopener noreferrer">Volt Typhoon & Salt Typhoon Attackers Are Evading EDR: What Can You Do? | Corelight
...more
51min
February 26, 2025Risky Business #781 -- How Bybit oopsied $1.4bn
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
North Korea pulls off a 1.5 billion dollar crypto heist

Apple pulls Advanced Data Protection from the UK

Black Basta ransomware gang’s internal chats leak

Russians snoop on Signal with QR codes

And Myanmar ships thousands of freed scam compound workers to Thailand
Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she outed the NSA?
This week’s episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows’ own allow-listing software to block EDR from loading.
This episode is also available on Youtube.

Show notes
Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News

CertiK - Bybit Incident Technical Analysis

Hackers use ‘sophisticated’ macOS malware to steal cryptocurrency, Microsoft says | The Record from Recorded Future News

EU sanctions North Korean tied to Lazarus group over involvement in Ukraine war | The Record from Recorded Future News

Sanctions: Iranians Flock to Crypto; Int'l Actions Target Russia - Chainalysis

Apple turns off iCloud encryption feature in UK following reported government legal order | The Record from Recorded Future News

Swedish authorities seek backdoor to encrypted messaging apps | The Record from Recorded Future News

Leaked chat logs expose inner workings of secretive ransomware group - Ars Technica

Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News

Meta Sues Alleged Violent Extortionist For Holding Instagram Accounts Hostage

Weathering the storm: In the midst of a Typhoon

Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News

Genea confirms cyber breach after ‘unauthorised third party’ accesses data | news.com.au — Australia’s leading news site

Managed healthcare defense contractor to pay $11 million over alleged cyber failings | The Record from Recorded Future News

Botnet looks for quiet ways to try stolen logins in Microsoft 365 environments | The Record from Recorded Future News

Director-General's Annual Threat Assessment 2025 | ASIO

An inside look at NSA (Equation Group) TTPs from China’s lense
...more
1h 3min
February 21, 2025Wide World of Cyber: DeepSeek lobs an AI hand grenade
In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation.
From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be?
Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs.
This episode is also available on Youtube.

Show notes
...more
42min
February 19, 2025Risky Business #780 -- ASD torched Zservers data while admins were drunk
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Australian spooks scrubbed Medibank data off Zservers bulletproof hosting

Why device code phishing is the latest trick in confusing poor users about cloud authentication

Cloudflare gets blocked in Spain, but only on weekends and because of… football?

Palo Alto has yet another dumb bug

Adam gushes about Qualys’ latest OpenSSH vulns
Enterprise browser maker Island is this week’s sponsor and Chief Customer Officer Bradon Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches.
This episode is also available on Youtube.

Show notes
Five Russians went out drinking. When they got back, Australia had struck

Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News

Further cyber sanctions in response to Medibank Private cyberattack | Defence Ministers

What is device code phishing, and why are Russian spies so successful at it? - Ars Technica

Anyone Can Push Updates to the DOGE.gov Website

Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway (Update) * TorrentFreak

Palo Alto Networks warns firewall vulnerability is under active exploitation | Cybersecurity Dive

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog

China’s Salt Typhoon hackers targeting Cisco devices used by telcos, universities | The Record from Recorded Future News

RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks | WIRED

How Phished Data Turns into Apple & Google Wallets – Krebs on Security

New hack uses prompt injection to corrupt Gemini’s long-term memory

Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence | The Record from Recorded Future News

US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News

EXCLUSIVE: A Russia-linked Telegram network is inciting terrorism and is behind hate crimes in the UK – HOPE not hate

Remembering David Jorm - fundraising for Mental Health research
...more
1h 1min
February 14, 2025Risky Biz Soap Box: Run your own open source IDP with Authentik
In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik.
The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source it’s extremely flexible, and if you’re running it yourself, you get to decide where your IDP should sit in your architecture. You can run it on prem if you’re an emergency call centre or you’re operating an airgapped network, or you can spin it up in your cloud environment if you’re a typical enterprise.
Fletcher talks through the reasons Authentik users are decoupling themselves from the major SaaS Identity Providers, and the flexibility that comes from being able to assemble exactly what you need.
This episode is also available on Youtube.

Show notes
...more
39min
February 12, 2025Risky Business #779 -- DOGE staffer linked to The Com
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Musk’s DOGE kid has a history with The Com

Paragon fires Italy as a spyware customer

Thailand cuts power to scam compounds…

… and arrests Phobos/8Base Russian cybercrims

The CyberCX DFIR report shows non-U2F MFA is well and truly over

And much, much more.
This week’s episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious work, so they can focus on the value of human insight. Dropzone’s founder and CEO Edward Wu joins to talk about how they approach the problem.
This episode is also available on Youtube.

Show notes
Teen on Musk’s DOGE Team Graduated from ‘The Com’ – Krebs on Security

ACLU Warns DOGE’s ‘Unchecked’ Access Could Violate Federal Law | WIRED

Lawsuit accuses Trump administration of violating federal information security law | The Record from Recorded Future News

The Recruitment Effort That Helped Build Elon Musk’s DOGE Army | WIRED

States prepare privacy lawsuit against DOGE over access to federal data | The Record from Recorded Future News

Union groups sue Treasury over giving DOGE access to sensitive data | The Record from Recorded Future News

Student group sues Education Department over reported DOGE access to financial aid databases | The Record from Recorded Future News

Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts | The Record from Recorded Future News

DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers - Ars Technica

DeepSeek Is a Win for Chinese Hackers - Risky Business

Owner of spyware used in alleged WhatsApp breach ends contract with Italy | WhatsApp | The Guardian

Another person targeted by Paragon spyware comes forward | TechCrunch

Apple fixes security flaw allowing third-party access to locked devices | The Record from Recorded Future News

U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure | CyberScoop

Thailand cuts power supply to Myanmar scam hubs | The Record from Recorded Future News

8Base ransomware site taken down as Thai authorities arrest 4 connected to operation | The Record from Recorded Future News

Two Russian nationals arrested in takedown of Phobos ransomware infrastructure | The Record from Recorded Future News

The Company Man: Binance exec detained in Nigeria breaks his silence | The Record from Recorded Future News

Deloitte pays $5M in connection with breach of Rhode Island benefits site | Cybersecurity Dive

DFIR - Threat Report 2025 | CyberCX

Request a Demo | Dropzone AI
...more
59min
February 05, 2025Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
DeepSeek leaves an unauthed database on the internet

Russia hacked UK prime minister’s personal mail

Australia sanctions a Telegram group… which is more sensible than it sounds

Medical device backdoor turns out to be just poorly thought out upgrade feature

Google abuses weak hashing to patch AMD CPU microcode

And much, much more.
This week’s episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers’ abuse of legitimate services like Docusign is a challenge for email security vendors.
This episode is also available on Youtube.

Show notes
Exclusive: Musk aides lock workers out of OPM computer systems | Reuters

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog

Криптостилер SparkCat в магазинах Google Play и App Store | Securelist

Russian hackers suspected of compromising British PM’s personal email account | The Record from Recorded Future News

PowerSchool hack: missed basic security step resulted in data breach

Australia sanctions ‘Terrorgram’ white supremacist online group | The Record from Recorded Future News

‘Paid actors’ could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The Guardian

Interview with James Glenday, ABC News Breakfast | Australian Minister for Foreign Affairs

WhatsApp says spyware company Paragon Solutions targeted journalists

Spyware maker Paragon confirms US government is a customer | TechCrunch

Former Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future News

Sweden releases suspected ship, says cable break ‘clearly’ not sabotage | The Record from Recorded Future News

Backdoor found in two healthcare patient monitors, linked to IP in China

Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive

AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub

22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars Technica

A method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UK

Living Off the Land: Credential Phishing via Docusign abuse

Living Off the Land: Callback Phishing via Docusign comment

B2B freight-forwarding scams on the rise to evade financial fraud crackdowns

Callback phishing via invoice abuse and distribution list relays

Enhanced message groups: Improving efficiency in email incident response
...more
57min
January 29, 2025Risky Business #777 -- It's SonicWall's turn
Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:
Sonicwall firewalls hand out remote code exec like candy

Mastercard make a slapstick-grade mistake with their DNS

The data breach at PowerSchool and other niche SaaS providers

Academic research proposes taking down Europe’s power grid

Apple CPUs get a new speculative execution side channel

And much, much more.
This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.
This episode is also available on Youtube.

Show notes
SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive

MasterCard DNS Error Went Unnoticed for Years – Krebs on Security

Data breach hitting PowerSchool looks very, very bad - Ars Technica

OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks’ | The Record from Recorded Future News

Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News

UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News

Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News

Researchers say new attack could take down the European power grid - Ars Technica

At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News

BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News

Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica

Apple fixes zero-day flaw affecting all devices | TechCrunch

I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny

Government websites vanish under Trump, from the Constitution to DEI

Trail of Bits: Director, Technical Marketing

Push Security: Security Researcher (remote in the USA)

A new class of phishing: Verification phishing and cross-IdP impersonation
...more
52min

FAQs about Risky Business:

How many episodes does Risky Business have?

The podcast currently has 584 episodes available.

More shows like Risky Business

Security Now (Audio) by TWiT

Security Now (Audio)

1,970 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

Hacked by Hacked

Hacked

176 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

408 Listeners

Malicious Life by Malicious Life

Malicious Life

925 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,871 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

166 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners