App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business

On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including:

 • Secret Service raids a SIM farm in New York

 • MI6 launches a dark web portal

 • Are the 2023 Scattered Spider kids finally getting their comeuppance?

 • Production halt continues for Jaguar Land Rover

 • GitHub tightens its security after Shai-Hulud worm

This week’s episode is sponsored by Sublime Security. In this week’s sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform.

This episode is also available on YouTube

 
 
 Show notes
 
 
 U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly
 
 MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News
 
 One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io
 
 Github npm changes
 
 Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive
 
 Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News
 
 When “Goodbye” isn’t the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net
 
 UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive
 
 Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News
 
 Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop
 
 DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News
 
 vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X
 
 JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% | The Record from Recorded Future News
 
 Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive
 
 New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News
 
 AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive

Risky Business #808 -- Insane megabug in Entra left all tenants exposed

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Shai-Hulud worm propagates via npm and steals credentials

 • Jaguar Land Rover attack may put smaller suppliers out of business

 • Leaked data emerges from the vendor behind the Great Firewall of China

 • Vastaamo hacker walks free while appeal is underway

 • Why is a senator so mad about Kerberos?

This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.

This week’s episode is also available on Youtube.

 
 
 Show notes
 
 
 Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
 
 Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis
 
 Jaguar Land Rover production shutdown could last until November
 
 U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
 
 U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
 
 How China’s Propaganda and Surveillance Systems Really Operate | WIRED
 
 Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council
 
 Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News
 
 US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News
 
 BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News
 
 Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News
 
 Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica
 
 Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters
 
 Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch

Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc

In this sponsored Soap Box edition of the Risky Business podcast, industry legend HD Moore joins the show to talk about runZero’s major push into vulnerability management.

With its new Nuclei integration, runZero is now able to get a very accurate picture of what’s vulnerable in your environment, without spraying highly privileged credentials at attackers on your network.

It can also integrate with your EDR platform, and other data sources, to give you powerful visibility into the true state of things on your network and in your cloud.

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: runZero shakes up vulnerability management

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Apple ruins exploit developers’ week with fresh memory corruption mitigations

 • Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack

 • Salesloft says its GitHub was the initial entry point for its compromise

 • Sitecore says people should “patch” its using-the-keymat-from-the-documentation “zero day”

 • Rogue certs for 1.1.1.1 appear to be just (stupid) testing

 • Jaguar Land Rover ransomware attackers are courting trouble

This week’s episode is sponsored by open source cloud security tool, Prowler. Founder Toni de la Fuente joins to discuss their new support for Microsoft 365. Time to point Prowler at your OneDrive and Sharepoint!

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
 
 Venezuela's president thinks American spies can't hack Huawei phones | TechCrunch
 
 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security
 
 Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Ars Technica
 
 Salesloft platform integration restored after probe reveals monthslong GitHub account compromise | Cybersecurity Dive
 
 CISA orders federal agencies to patch Sitecore zero-day following hacking reports | The Record from Recorded Future News
 
 SAP warns of high-severity vulnerabilities in multiple products - Ars Technica
 
 The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest. - Ars Technica
 
 Cyberattack on Jaguar Land Rover threatens to hit British economic growth | The Record from Recorded Future News
 
 Cyberattack forces Jaguar Land Rover to tell staff to stay at home | The Record from Recorded Future News
 
 Bridgestone Americas continues probe as it looks to restore operations | Cybersecurity Dive
 
 Qantas penalizes executives for July cyberattack | The Record from Recorded Future News
 
 Cyber Command, NSA to remain under single leader as officials shelve plan to end 'dual hat' | The Record from Recorded Future News
 
 GOP Cries Censorship Over Spam Filters That Work – Krebs on Security
 
 Risky Bulletin: APT report? No, just a phishing test! - Risky Business Media
 
 Post by @patrick.risky.biz — Bluesky

Risky Business #806 -- Apple's Memory Integrity Enforcement is a big deal

In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares:

 • Automated, AI-powered threat hunting with 
Nebulock

Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those “low” and “informational” findings your detection team doesn’t have time to look at.

 • Runtime security for hypervisors from 
Vali Cyber

Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor security product. It’s marketed as a counter-ransomware control but is just a generally useful security platform for virtualised environments.

 • A secure mobile telco: 
Cape

The only thing American cell providers love more than providing patchy coverage is getting their customers’ data owned. Cape is here to change that. It’s a security and anonymity-focussed virtual mobile network operator (MVNO) that’s been spun up by a highly competent team. If we lived in the USA we would be customers, and a bunch of CISOs listening to this might want to consider Cape subscriptions for their workforce.

This episode is also available on Youtube

 
 
 Show notes

Snake Oilers: Nebulock, Vali Cyber and Cape

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • The Salesloft breach and why OAuth soup is a problem

 • The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed

 • Google says it will stand up a “disruption unit”

 • Microsoft writes up a ransomware gang that’s all-in on the cloud future

 • Aussie firm hot-mics its work-from-home employees’ laptops

 • Youtube scam baiters help the feds take down a fraud ring

This episode is sponsored by Dropzone.AI. Founder and CEO Edward Wu joins the show to talk about how AI driven SOC tools can help smaller organisations claw their way above the “security poverty line”. A dedicated monitoring team, threat hunting and alert triage, in a company that only has a couple of part time infosec people? Yes please!

This episode is also available on Youtube.

 
 
 Show notes
 
 
 The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft – Krebs on Security
 
 Salesloft: The Leading AI Revenue Orchestration Platform
 
 Palo Alto Networks, Zscaler customers impacted by supply chain attacks | Cybersecurity Dive
 
 The impact of the Salesloft Drift breach on Cloudflare and our customers
 
 China used three private companies to hack global telecoms, U.S. says
 
 CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF
 
 Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense | CyberScoop
 
 Ransomware gang takedowns causing explosion of new, smaller groups | The Record from Recorded Future News
 
 Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier | The Record from Recorded Future News
 
 Storm-0501’s evolving techniques lead to cloud-based ransomware | Microsoft Security Blog
 
 The Era of AI-Generated Ransomware Has Arrived | WIRED
 
 Between Two Nerds: How threat actors are using AI to run wild - YouTube
 
 Affiliates Flock to ‘Soulless’ Scam Gambling Machine – Krebs on Security
 
 UK sought broad access to Apple customers’ data, court filing suggests
 
 ICE reactivates contract with spyware maker Paragon | TechCrunch
 
 WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch
 
 Safetrac turned staff laptops into covert recording devices to monitor WFH
 
 Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring - Risky Business Media

Risky Business #805 -- On the Salesloft Drift breach and "OAuth soup"

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Australia expels Iranian ambassador

 • Hackers sabotage Iranian shipping satcoms

 • APT hacker got doxxed in Phrack. Kind of. They’re probably Chinese, not DPRK?

 • Trail of Bits uses image-downscaling to sneak prompts into Google Gemini

 • The Com’s King Bob gets ten years in the slammer

 • It’s a day that ends in -y, so of course there’s a new Citrix Netscaler RCE being used in the wild.

This week’s episode is brought to you by Corelight. Chief Strategy Officer Greg Bell talks through how they’ve been implementing AI for sifting through your network data. A model-context-protocol server that can rummage in all those packet logs for you while you keep investigating? Yes please.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Embassy staff flee Canberra in dead of night | news.com.au — Australia’s leading news site for latest headlines
 
 Swedish security service says Iran uses criminal networks in Sweden | Reuters
 
 Risky Bulletin: Hackers sabotage Iranian ships at sea, again - Risky Business Media
 
 Microsoft scales back Chinese access to cyber early warning system | Reuters
 
 Microsoft Didn’t Disclose Key Details to U.S. Officials of China-Based Engineers, Record Shows — ProPublica
 
 .:: Phrack Magazine ::.
 
 Uncovering the Chinese Proxy Service Used in APT Campaigns
 
 Weaponizing image scaling against production AI systems -The Trail of Bits Blog
 
 FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations | Cybersecurity Dive
 
 CrowdStrike warns of uptick in Silk Typhoon attacks this summer | CyberScoop
 
 Kevin Beaumont: "There’s a bunch of new Netscal…" - Cyberplace
 
 US charges Oregon man in vast botnet-for-hire operation | Cybersecurity Dive
 
 South Korea arrests suspected Chinese hacker accused of targeting BTS singer and other celebrities | The Record from Recorded Future News
 
 SIM-Swapper, Scattered Spider Hacker Gets 10 Years – Krebs on Security
 
 Chinese national who sabotaged Ohio company’s systems handed four-year jail stint | The Record from Recorded Future News
 
 Nevada state offices close after wide-ranging 'network security incident' | Reuters
 
 DSLRoot, Proxies, and the Threat of ‘Legal Botnets’ – Krebs on Security
 
 Russia weighs Google Meet ban as part of foreign tech crackdown | The Record from Recorded Future News
 
 Kremlin-Mandated Messaging App Max Is Designed To Spy On Users
 
 Иеромонах РПЦ Макарий призвал помолиться за мессенджер MAX

Risky Business #804 -- Phrack's DPRK hacker is probably a Chinese APT guy

The Wide World of Cyber podcast is back! In this episode host Patrick Gray chats with Alex Stamos and Chris Krebs about Microsoft’s entanglement in China.

Redmond has been using Chinese engineers to do everything from remotely support US DoD private cloud systems to maintain the on premise version of the SharePoint code base. It’s all blown up in the press over the last month, but how did we get here? Did Microsoft make these decisions to save money? Or was it more about getting access to the Chinese market? And how can we all make the world’s most important software company stop doing things like this? Tune in to the Wide World of Cyber podcast to find out!

This episode is also available on Youtube.

 
 
 Show notes

Wide World of Cyber: Microsoft's China Entanglement

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Oracle’s long term CSO departs, and we’re not that sad about it

 • Canada’s House of Commons gets popped through a Microsoft bug

 • Russia degrades voice calls via Whatsapp and Telegram to push people towards Max

 • South-East Asian scam compounds are also behind child sextortion

 • Reports that the UK has backed down on Apple crypto are… strange

 • Oh and of course there’s a Fortinet bug! There’s always a Fortinet bug!

This week’s episode is sponsored by open source identity provider Authentik. CEO Fletcher Heisler joins the show this week, and explains the journey of implementing SSO backed login on Windows, Mac and Linux. You’ll never guess which one was a few lines of PAM config, and which was a multi-month engineering project!

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Is Oracle facing headwinds? After layoffs, its 4-decade veteran Chief Security Officer Mary Ann Davidson departs
 
 Oracle CSO blasted over anti-security research rant - iTnews
 
 New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts | The Record from Recorded Future News
 
 Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme – Krebs on Security
 
 How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch
 
 UK has backed down on demand to access US Apple user data, spy chief says
 
 DNI Tulsi Gabbard on X: "As a result, the UK has agreed to drop its mandate for"
 
 Hackers target Workday in social engineering attack
 
 Russia curbs WhatsApp, Telegram calls to counter cybercrime | The Record from Recorded Future News
 
 Hackers reportedly compromise Canadian House of Commons through Microsoft vulnerability | The Record from Recorded Future News
 
 Norway police believe pro-Russian hackers were behind April dam sabotage | The Record from Recorded Future News
 
 US agencies, international allies issue guidance on OT asset inventorying | Cybersecurity Dive
 
 FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
 
 U.S. State Dept - Near Eastern Affairs on X: "He did not claim diplomatic immunity and was released by a state judge"
 
 493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds | WIRED
 
 .:: Phrack Magazine ::.
 
 Accenture to buy Australian cyber security firm CyberCX - iTnews

Risky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departs

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: How to measure vulnerability reachability

Lyt når som helst, hvor som helst

Other podcasts you might like ...