App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Australia expels Iranian ambassador

 • Hackers sabotage Iranian shipping satcoms

 • APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?

 • Trail of Bits uses image-downscaling to sneak prompts into Google Gemini

 • The Com’s King Bob gets ten years in the slammer

 • It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.

This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Embassy staff flee Canberra in dead of night | news.com.au — Australia’s leading news site for latest headlines
 
 Swedish security service says Iran uses criminal networks in Sweden | Reuters
 
 Risky Bulletin: Hackers sabotage Iranian ships at sea, again - Risky Business Media
 
 Microsoft scales back Chinese access to cyber early warning system | Reuters
 
 Microsoft Didn’t Disclose Key Details to U.S. Officials of China-Based Engineers, Record Shows — ProPublica
 
 .:: Phrack Magazine ::.
 
 Uncovering the Chinese Proxy Service Used in APT Campaigns
 
 Weaponizing image scaling against production AI systems -The Trail of Bits Blog
 
 FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations | Cybersecurity Dive
 
 CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop
 
 Kevin Beaumont: "There’s a bunch of new Netscal…" - Cyberplace
 
 US charges Oregon man in vast botnet-for-hire operation | Cybersecurity Dive
 
 South Korea arrests suspected Chinese hacker accused of targeting BTS singer and other celebrities | The Record from Recorded Future News
 
 SIM-Swapper, Scattered Spider Hacker Gets 10 Years – Krebs on Security
 
 Chinese national who sabotaged Ohio company’s systems handed four-year jail stint | The Record from Recorded Future News
 
 Nevada state offices close after wide-ranging 'network security incident' | Reuters
 
 DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security
 
 Russia weighs Google Meet ban as part of foreign tech crackdown | The Record from Recorded Future News
 
 Kremlin-Mandated Messaging App Max Is Designed To Spy On Users
 
 Иеромонах РПЦ Макарий призвал помолиться за мессенджер MAX

Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy

The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsoft’s entanglement in China.

Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. It’s all blown up in the press over the last month, but how did we get here? Did Microsoft make these decisions to save money? Or was it more about getting access to the Chinese market? And how can we all make the world’s most important software company stop doing things like this? Tune in to the Wide World of Cyber podcast to find out!

This episode is also available on Youtube.

 
 
 Show notes

Wide World of Cyber: Microsoft's China Entanglement

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Oracle’s long term CSO departs, and we’re not that sad about it

 • Canada’s House of Commons gets popped through a Microsoft bug

 • Russia degrades voice calls via Whatsapp and Telegram to push people towards Max

 • South-East Asian scam compounds are also behind child sextortion

 • Reports that the UK has backed down on Apple crypto are… strange

 • Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Is Oracle facing headwinds? After layoffs, its 4-decade veteran Chief Security Officer Mary Ann Davidson departs
 
 Oracle CSO blasted over anti-security research rant - iTnews
 
 New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts | The Record from Recorded Future News
 
 Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme – Krebs on Security
 
 How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch
 
 UK has backed down on demand to access US Apple user data, spy chief says
 
 DNI Tulsi Gabbard on X: "As a result, the UK has agreed to drop its mandate for"
 
 Hackers target Workday in social engineering attack
 
 Russia curbs WhatsApp, Telegram calls to counter cybercrime | The Record from Recorded Future News
 
 Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News
 
 Norway police believe pro-Russian hackers were behind April dam sabotage | The Record from Recorded Future News
 
 US agencies, international allies issue guidance on OT asset inventorying | Cybersecurity Dive
 
 FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
 
 U.S. State Dept - Near Eastern Affairs on X: "He did not claim diplomatic immunity and was released by a state judge"
 
 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds | WIRED
 
 .:: Phrack Magazine ::.
 
 Accenture to buy Australian cyber security firm CyberCX - iTnews

Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: How to measure vulnerability reachability

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • CISA warns about the path from on-prem Exchange to the cloud

 • Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are

 • Everyone and their dog seems to have a shell in US Federal Court information systems

 • Google pays $250k for a Chrome sandbox escape

 • Attackers use javascript in adult SVG files to … farm facebook likes?!

 • SonicWall says users aren’t getting hacked with an 0day… this time.

This week’s episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 CISA, Microsoft issue alerts on ‘high-severity’ Exchange vulnerability | The Record from Recorded Future News
 
 Advanced Active Directory to Entra ID lateral movement techniques
 
 Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
 
 Cartels may be able to target witnesses after major court hack
 
 Federal judiciary tightens digital security as it deals with ‘escalated cyberattacks’ | The Record from Recorded Future News
 
 Citrix NetScaler flaws lead to critical infrastructure breaches | Cybersecurity Dive
 
 DARPA touts value of AI-powered vulnerability detection as it announces competition winners | Cybersecurity Dive
 
 Buttercup is now open-source!
 
 HTTP/1.1 must die: the desync endgame
 
 US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms | The Record from Recorded Future News
 
 North Korean cyber-espionage group ScarCruft adds ransomware in recent attack | The Record from Recorded Future News
 
 Adult sites are stashing exploit code inside racy .svg files - Ars Technica
 
 Google pays 250k for Chromium sandbox escape
 
 SonicWall says recent attack wave involved previously disclosed flaw, not zero-day | Cybersecurity Dive
 
 Two groups exploit WinRAR flaws in separate cyber-espionage campaigns | The Record from Recorded Future News
 
 Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge | The Record from Recorded Future News
 
 Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home | WIRED
 
 Malware in Open VSX: These Vibes Are Off
 
 How attackers are using Active Directory Federation Services to phish with legit office.com links
 
 Introducing our guide to phishing detection evasion techniques
 
 The State of Attack Path Management

Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut.

This episode explores the rise of AI-powered bug hunting:

 • Google’s Project Zero and Deepmind team up to find and report 20 bugs to open source projects

 • The XBOW AI bug hunting platform sees success on HackerOne

 • Is an AI James Kettle on the horizon?

There’s also plenty of regular cybersecurity news to discuss:

 • On-prem Sharepoint’s codebase is maintained out of China… awkward!

 • China frets about the US backdooring its NVIDIA chips, how you like ‘dem apples, China?

 • SonicWall advises customers to turn off their VPNs

 • Hardware controlling Dell laptop fingerprint and card readers has nasty driver bugs

 • Russia uses its ISPs to in-the-middle embassy computers and backdoor ‘em.

 • The Russian government pushes VK’s Max messenger for everything

This week’s show is sponsored by device management platform Devicie. Head of Solutions Sean Ollerton talks through the impending Windows 10 apocalypse, as Microsoft ends mainstream support. He says Windows 11 isn’t as scary as people make out, but if the update isn’t on your radar now, time is running out.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Google says its AI-based bug hunter found 20 security vulnerabilities | TechCrunch
 
 Is XBOW’s success the beginning of the end of human-led bug hunting? Not yet. | CyberScoop
 
 James Kettle on X: "There I am being careful to balance hyping my talk without going too far and then this gets published 😂 maybe the countdown timer is just too ominous! 
 
 Risky Bulletin: China with the accusations again - Risky Business Media
 
 美情报机构频繁对我国防军工领域实施网络攻击窃密
 
 SharePoint Exploit: Microsoft Used China-Based Engineers to Maintain the Software — ProPublica
 
 China fears Nvidia chips could track, trace and shut down its AIs - Asia Times
 
 SonicWall urges customers to take VPN devices offline after ransomware incidents | The Record from Recorded Future News
 
 Gen 7 SonicWall Firewalls – SSLVPN Recent Threat Activity
 
 ReVault! When your SoC turns against you…
 
 Nearly 100,000 ChatGPT Conversations Were Searchable on Google
 
 Microsoft catches Russian hackers targeting foreign embassies - Ars Technica
 
 The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware | WIRED
 
 Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats | Microsoft Security Blog
 
 Russia blocks popular US-made internet speed test tool over national security concerns | The Record from Recorded Future News

Risky Business #801 -- AI models can hack well now and it's weirding us out

In this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices.

This episode is also available on Youtube.

 
 
 Show notes

Soap Box: Why AI can't fix bad security products

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

 • Did the SharePoint bug leak out of the Microsoft MAPP program?

 • Expel retracts its FIDO bypass writeup

 • The mess surrounding the women-only dating-safety app Tea gets worse

 • Broadcom customers struggle to get patches for VMWare hypervisor escapes

 • Aeroflot gets hacked by the Cyber Partisans, disrupting flights

This week’s episode is sponsored by Push Security. Daniel Cuthbert joins and explains how having telemetry about identity from inside the browser is a key pillar for investigating intrusions in the browser-centric future.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Microsoft Probing Whether Cyber Alert Tipped Off Chinese Hackers
 
 Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble | The Record from Recorded Future News
 
 What we know about the Microsoft SharePoint attacks | Cybersecurity Dive
 
 An important update (and apology) on our PoisonSeed blog
 
 Tea User Files Class Action After Women’s Safety App Exposes Data
 
 A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating
 
 Top Lawyer for National Security Agency Is Fired
 
 From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
 
 VMware prevents some perpetual license holders from downloading patches
 
 Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel - Ars Technica
 
 КИБЕРУДАР ПО АЭРОФЛОТУ РФ!v
 
 Treasury sanctions North Koreans involved in IT-worker schemes | Cybersecurity Dive
 
 Minnesota governor activates National Guard amid St. Paul cyberattack | StateScoop
 
 Outage was result of cyberattack, Post Luxembourg says
 
 Clorox files $380 million suit blaming Cognizant for 2023 cyberattack | Cybersecurity Dive
 
 Cisco network access security platform vulnerabilities under active exploitation | CyberScoop
 
 Arizona woman sentenced to 8.5 years for running North Korean laptop farm | The Record from Recorded Future News
 
 Cybercrime forum Leak Zone publicly exposed its users' IP addresses | TechCrunch

Risky Business #800 — The SharePoint bug may have leaked from Microsoft MAPP

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:

 • Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)

 • She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)

 • Four (alleged) Scattered Spider members arrested (and bailed) in the UK

 • Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M

 • Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!

This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Update on DOD’s cloud services
 
 Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review
 
 A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
 
 While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks
 
 Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security
 
 National Guard was hacked by China's 'Salt Typhoon' group, DHS says
 
 Suspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity Dive
 
 Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News
 
 UK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on Security
 
 Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods
 
 Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News
 
 At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIRED
 
 Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record
 
 Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record
 
 Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record
 
 PoisonSeed bypassing FIDO keys to ‘fetch’ user accounts
 
 Risky Bulletin: Browser extensions hijacked for web scraping botnet
 
 A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
 
 A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch
 
 Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says
 
 File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record
 
 HPE warns of hardcoded passwords in Aruba access points
 
 Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
 
 Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive
 
 Google finds custom backdoor being installed on SonicWall network devices - Ars Technica
 
 Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

Risky Business #799 -- Everyone's Sharepoint gets shelled

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.

Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: How to measure vulnerability reachability

Lyt når som helst, hvor som helst

Other podcasts you might like ...