Risky Business #599 -- You get domain admin! And YOU get domain admin!

EVERYONE gets domain admin!!!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Russia, China, Iran having a red hot go at US political orgs
  • Crowdstrike drops report, telcos having a bad time
  • MSS owning US government with dumb bugs
  • DoJ indicts Iranian script kiddie because reasons
  • Proposed TikTok-Oracle deal barely makes sense
  • The mother of all Microsoft auth bugs, wow
  • Much, much more…

GRU eyes US election

The Risky Biz newsletter for September 15, 2020...

Microsoft has outed attempts by GRU attackers to hack into the Office365 accounts of political campaigns.

Risky Business #598 -- China closing the "cyber gap" with USA

PLUS: Operation Warp Speed efforts to ensure COVID research data integrity, availability...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Why integrity and availability are key to developing a COVID vaccine
  • China closing the “cyber gap” with USA
  • ASPI publishes research on TikTok, WeChat censorship
  • Belarusian “news app” was tracking activists
  • Julian Assange back in court to fight extradition
  • Much, much more

Risky Biz Soap Box: Canary's Royal origin story

Haroon Meer, this is your life...

This is a sponsored podcast.

Today we’re chatting with a very special guest, Haroon Meer.

Haroon is the founder of Thinkst Canary. Some call it a deception company, but he doesn’t, as you’ll hear. He says Canary is a detection company and the distinction is important.

Risky Business #597 -- Alex Stamos talks news, Pompeo's "clean networks" initiative

PLUS: Why Electron apps are a security trashfire...

On this week’s show Patrick and Alex discuss the week’s security news, including:

  • NZ stock exchange felled by DDoS attack
  • DNI cancels in-person election security briefings for Democats
  • Russians didn’t hack Michigan voter data
  • Sendgrid having a bad time of its own making
  • US to doxes historical DPRK crypto laundering infrastructure, processes

The US exposes how the DPRK cashes out from cybercrime

The Risky Biz newsletter for September 1, 2020...

The US Government has stepped up its campaign to expose North Korea’s state-backed cybercrime operations, this week doxxing malware the DPRK uses to cash out attacks on banks and the techniques it uses to launder funds stolen from cryptocurrency exchanges.

Former Uber CSO charged with obstruction of justice

The Risky Biz newsletter for August 25, 2020...

A criminal complaint filed against Uber’s former chief security officer this week was an extraordinary event because Uber’s response to its 2016 breach was anything but ordinary. There are nonetheless some hard lessons in it for every CSO.

Risky Business #595 -- NSA and FBI document GRU's Linux malware for them

PLUS: All the week's security news...

On this week’s show Patrick, Adam and Sherrod DeGrippo discuss the week’s security news, including:

  • NSA and FBI doxx GRU malware. Lol.
  • Malicious Azure app snags SANS staffer
  • Oracle to acquire TikTok?
  • Trump weighs Snowden pardon
  • Much, much more

This week’s show is brought to you by Airlock Digital. They make allowlist/safelist software that is actually manageable at scale! David Cottingham, an Airlock co-founder, joins the show this week to talk through a few product updates.

Risky Business #594 -- How ESNIs will change censorship and NDR

Wave goodbye to destination metadata and say hello to network monitoring hell...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • WeChat joins TikTok in the naughty corner
  • TLS 1.3 with ESNI will have a massive impact on censorship AND security
  • Belarus goes dark after dodgy election
  • Capital One fined $80m
  • Much, much more

America's clean path is slippery

The Risky Biz newsletter for August 11, 2020...

A US-China trade war and a global pandemic have in a few short months accelerated a drift into ‘network sovereignty’: a world in which the internet is no longer a truly open, global network.

Australia wants boards held to account for infosec

Company directors better get schooled up on the cybers

Australia’s 2020 cyber security strategy is the latest national plan to propose that company directors be held accountable for meeting minimum information security baselines prescribed by the government.

In the absence of anything specific in the strategy document, Risky.Biz talked to some real experts on measuring cyber security maturity to suggest some ways forward.

Risky Business #593 -- China promises "mortal combat in the tech realm"

Round one, FIGHT!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Trump’s war on TikTok (featuring guest Alex Stamos)
  • Twitter hackers caught. Pretty embarrassing stuff, really.
  • NSO implants target Easter Bunny
  • Garmin may need a good OFAC lawyer (featuring comment from Dmitri Alperovitch)
  • Blackberry cracked after five years leads to multiple arrests in Australia
  • Much, much more

TikTok review reduced to meaningless farce

As China threatens "mortal combat in the tech realm"...

Donald Trump’s personal involvement in threats to ban TikTok is distracting from any legitimate national security concerns the video sharing app might present to the United States. What started as some half-hearted sabre rattling after he was thoroughly punk’d by TikTok teens at his Tulsa rally in late June has spiralled into a theatre of the absurd.

Risky Biz Soap Box: Yubico Chief Solutions Officer Jerrod Chong

Yubikey support is everywhere. Now what?

Soap Box is the wholly sponsored podcast series we do here at Risky.Biz. That means everyone you hear on this podcast paid to be here. In this podcast you’re going to hear my latest interview with Jerrod Chong, Yubico’s Chief Solutions Officer.

Hardware security keys like Yubikeys have come a long way, even over the last couple of years. The biggest change is that the support for hardware keys is borderline ubiquitous now. FIDO2 support is in all the major browsers. You can even use Yubikeys with Google apps on an iPhone. The plumbing is here, it’s arrived.