Russian bears all up in your VMwares

The Risky Biz newsletter for December 8, 2020...

The NSA has warned that an unnamed Russian state-backed actor has been observed exploiting bugs in VMware’s endpoint and identity management solutions.

Risky Biz Soap Box: VMRay co-founders on the evolution of sandbox tech

From simple hooking to fully virtualised environments, sandboxes aren't sandboxes...

Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.

VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.

Risky Business #606 -- BEC nukes Australian hedge fund

PLUS: UK unveils Cyber Force, USA passes IoT security laws...

On this week’s show Patrick and Mark Piper discuss the week’s security news, including:

  • UK unveils Cyber Force
  • US passes surprisingly sane IoT security law
  • Symantec drops some APT10 research
  • MobileIron bugs getting a decent workout courtesy of state-backed attackers
  • Much, much more…

UK military to attack cyber-enabled crime

The Risky Biz newsletter for November 24, 2020...

The UK Government has thrown a coming out party for its National Cyber Force (NCF), a military unit with a similar remit to US Cyber Command, confirming that the capability can be used in offensive security operations against criminal targets.

Risky Biz Soap Box: Bugcrowd CEO Ashish Gupta

Bug bounty platforms are about more than bug bounties these days...

This is not an edition of the weekly news show, scroll back one episode in your podcast feed if you’re looking for that. Rhis is a wholly sponsored podcast brought to you by Bugcrowd.

Bugcrowd’s CEO Ashish Gupta joins us in this edition of the Soap Box. He’s been the CEO over there for about three years, taking the reins from our friend Casey Ellis who moved into the CTO position.

As you’re about to hear, the bug bounty companies have moved on from the days when they just provided the simple service of running bug bounty competitions for their clients. What’s emerging is a much more nuanced product mix designed to extract as much usefulness as possible out of the testers registered on their platforms.

Risky Business #605 -- Trump fires CISA director Chris Krebs

Krebs pays the price for debunking Trumpworld's "nonsense"...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • CISA director Chris Krebs fired
  • Trump ramps up his disinformation campaign
  • TikTok ban stalls
  • BlackBerry discovers new hacker-for-hire crew
  • DNS cache poisoning is back. But do we really care?
  • Much, much more

Risky Business #604 -- Election-related cyber shenanigans fail to materialise

But don't worry, there's been plenty of carnage elsewhere…

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Zoom settles with FTC over misleading E2EE claim
  • Some poor sod had to give up $1bn in Bitcoin
  • Solaris SSH 0day? Let’s party like it’s 1999
  • Samy Kamkar’s latest trick: NAT Slipstreaming
  • Australia’s hardcore critical infrastructure protection bill
  • Much, much more

The many personalities of Lazarus

OpEd: North Korea's "Lazarus Group" is best understood as a network of distinct groups or "clusters", each with unique capabilities and quirks.

North Korea’s “Lazarus Group” gets through an impossibly prodigious amount of activity. That’s because this “group” is better understood as several distinct, connected clusters that together add up to North Korea’s formidable hacking operation.

Risky Business #603 -- YOU get sanctions, and YOU get sanctions


On this week’s show Patrick and Adam discuss the week’s security news, including:

  • “Proud Boys” email campaign attributed to Iran in record time
  • Sanctions for everyone!
  • US doxes more adversary TTPs
  • Katie Nickels and Chris Krebs join the show

This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.

CISA, FBI roll the dice on transparency

The Risky Biz newsletter for October 27, 2020...

CISA and the FBI are calling out Russian intrusions as they see them, while US Treasury imposes sanctions on the developers of Triton ICS malware and Iranian disinformation shops.

Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform

PLUS: Don Pezet from ITProTV talks 2020 online training trends...

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Gravwell pitches its “structure on read” approach to SIEM
  • Plextrac describes its red team/pentest reporting platform
  • ITProTV’s Don Pezet talks about trends in online training

Risky Business #602 -- US DoJ hooks Sandworm

PLUS: A mercifully brief recap of the absolutely bonkers Wilmington Mac Shop story...

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US DoJ unseals indictments against Sandworm operators
  • Twitter backtracks on “hacked materials” policy
  • No consensus on Trickbot c2 status
  • NSA publishes “most exploited” listicle that’s actually interesting
  • Much, much more