Risky Business Podcast
January 29, 2025
Risky Business #777 -- It's SonicWall's turn
Presented by
Technology Editor
CEO and Publisher
Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:
- Sonicwall firewalls hand out remote code exec like candy
- Mastercard make a slapstick-grade mistake with their DNS
- The data breach at PowerSchool and other niche SaaS providers
- Academic research proposes taking down Europe’s power grid
- Apple CPUs get a new speculative execution side channel
- And much, much more.
This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.
This episode is also available on Youtube.
Brought to you by Push Security
Stop identity attacks
Show notes
MasterCard DNS Error Went Unnoticed for Years – Krebs on Security
Data breach hitting PowerSchool looks very, very bad - Ars Technica
Researchers say new attack could take down the European power grid - Ars Technica
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica
Apple fixes zero-day flaw affecting all devices | TechCrunch
I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
Government websites vanish under Trump, from the Constitution to DEI
Trail of Bits: Director, Technical Marketing
Push Security: Security Researcher (remote in the USA)
A new class of phishing: Verification phishing and cross-IdP impersonation