On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


  Ukraine sanctions may lead to Russia going “cyber feral”
  Brian Krebs links Red Cross breach to Iranian actor
  APT10 uses cred stuffing as misdirection
  Report: Global logistics behemoth Expeditors ransomwared
  NFT thefts still hilarious
  Inside the epic KlaySwap hack
  Much, much more


In this week’s sponsor interview Thinkst Canary’s Marco Slaviero talks about some work they’ve done on introducing a “Safety Net” against AWS token enumeration edge cases. That’s a very interesting interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #655 -- USG: Expect Russian cyber drama

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

On this week’s show Patrick and Adam discuss the week’s security news, including:

  Russian delivery company gets ransomware-wiper’d
  A supply-chain attack targets video software used in US courts
  Checkpoint firewalls get hacked, details as clear as mud
  Microsoft Recall delights hackers
  Aussie telco Optus gets told its IR report isn’t legal advice
  Cyber insurer says you’re 5x more likely to get rekt if you have a Cisco ASA
  And much, much more.


This week’s episode is sponsored by Kroll Cyber. Alex Cowperthwaite, Kroll’s technical director research and development for offence joins to talk about how his team attacks AI models, in ways both classic and new.

Risky Business #750 -- Why Microsoft's Recall is an attacker's best friend

This week’s episode was recorded in front of a live audience at AusCERT’s 2024 conference. Pat and Adam talked through:


  Google starts using security as a marketing tool against Microsoft, along with steep discounts
  Microsoft announces a creepy desktop recording AI
  UK govt proposes ransom payment controls
  Arizona woman runs a laptop farm for North Korea
  Julian Assange just keeps on with his malarky
  And much, much more


This week’s episode is sponsored by Tines. Its CEO Eoin Hinchy joins the show to talk about how AI can be genuinely useful in automation.

Risky Business #749 -- Google answer to Microsoft's insecurity? Buy Google stuff!

In this podcast SentinelOne’s Chief Trust officer Alex Stamos and its Chief Intelligence and Public Policy Officer Chris Krebs join Patrick Gray to talk all about AI.

It’s been a year and a half since ChatGPT landed and freaked everyone out. Since then, AI has really entrenched itself as the next big thing. It’s popping up everywhere, and the use cases for cybersecurity are starting to come into focus.

Threat actors and defenders are using this stuff already, but it’s early days and as you’ll hear, things are really going to change, and fast.

Wide World of Cyber: Krebs and Stamos on How AI Will Change Cybersecurity

This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including:


  The ongoing Ascension healthcare disruption, and
  Whether its reasonable for healthcare orgs to be pushing back
  Platforming cybercriminals for interviews
  Own the libs by… not using E2EE messaging?
  CISA’s secure by design, we want to believe!
  The $64billion scale of indusrialised fraud
  And much, much more.


This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report.

Risky Business #748 -- New cyber rules for US healthcare are coming

Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including:


  The west doxxes LockbitSupp, who must now hide his hundred million dollars
  Revil hacker behind Kasaya breach gets 14 years
  Microsoft makes some positive sounding* noises on security
  A fun flaw in nearly all VPN clients
  Gitlab admins continue their never-ending incident response
  And much, much more.


This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data.

* we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland.

Risky Business #655 -- USG: Expect Russian cyber drama

Download our free app to listen on your phone