Risky Business #736 -- Azure misconfigurations are 2024's looming threat

PLUS: Broadcom is killing VMWare...

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Somehow there are still more Ivanti and Fortinet exploits
  • Volt Typhoon have been at it for years
  • Starlink in Ukraine gets complicated
  • Canadians hate poor Flipper
  • Much, much more…

In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.

Between Two Nerds: The cyber magic bullet

Why authoritarian states focus on information warfare

In this edition of Between Two Nerds Tom Uren and The Grugq talk about why military doctrine in authoritarian states has an emphasis on cyber and information supremacy.

Soap Box: How to dismantle Volt Typhoon-style relay networks

A terrific conversation with Greynoise's Andrew Morris...

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about:

  • Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action
  • How vendors are using Greynoise as an early warning system to identify exploitation of their products
  • How he’s using large language models to reverse exploitation attempts into actual exploits

It truly is a great conversation, we hope you enjoy it!

Sponsored: North Korea's DMARC spoofing tricks

When espionage is just asking nicely over email

In this Risky Business News sponsored interview, Tom Uren talks to Proofpoint Senior Threat Researcher Greg Lesnewich. Greg explains how a North Korean group is using DMARC spoofing in its efforts to gather strategic intelligence.

Risky Biz News: Ransomware passed $1 billion mark in 2023

PLUS: Volt Typhoon breached US government networks for five years; security researcher charged for hacking Apple; and a large Chinese disinfo network discovered operating in 30 countries.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: Beating back Volt Typhoon

PLUS: When everything becomes a cyber knife fight

In this podcast Adam Boileau and Tom Uren talk about how the US has kicked off a campaign to combat Volt Typhoon, a PRC group that is positioning itself in US critical infrastructure to be able to disrupt it in the event of conflict.

They also discuss how changing attacker behaviour has led to CISA’s emergency directive to disconnect Ivanti Connect Secure devices.

Risky Business #735 -- AnyDesk fails the transparency test

PLUS: CISA's executive assistant director for cybersecurity drops by...

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Thought eels were slippery? Check out AnyDesk’s PR!
  • Why Microsoft’s 365 is a nightmare to secure
  • Cloudflare’s needlessly hostile blog post
  • US Government introduces “Disneyland ban” for spyware peddlers
  • Much, much more…

This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles.

This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!

Risky Biz News: Two Iranian cyber groups doxed in a week

PLUS: CIA Vault7 leaker gets prison time; Gen. Haugh takes over as NSA and Cyber Command lead; AnyDesk grapples with security breach.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Risky Biz News: Ivanti finally releases zero-day patches

PLUS: Hackers steal data on hundreds of Mexican journalists; State Farm sued because of a ransomware gang's lies; and Proofpoint and Okta lay off staff.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird.

You can find the newsletter version of this podcast click here.

Srsly Risky Biz: US data dumpster fire singes NSA

PLUS: What to do about the PRC

In this podcast Patrick Gray and Tom Uren talk about how the NSA suffered collateral damage from the US’s lax data privacy environment.

They also discuss how to respond to aggressive adversaries, how the current SEC cyber security disclosure regime is pointless and finally admit they occasionally get things wrong.

Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing

PLUS: Australia's assistant foreign minister Tim Watts joins the show to talk about the Ermakov sanctions...

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • More details on sanctioned Medibank hacker Aleksandr Ermakov
  • More details on alleged Scattered Spider hacker Noah Michael Urban
  • RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge
  • Ron Wyden did something useful…
  • …then did something stupid
  • Ivanti’s clown car collides with dumpster fire
  • Much, much more

This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob.

Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing.

REPOSTED: Sponsored: Talking with Island on how enterprise browsers could replace some technology stacks

Modern enterprise browsers go far beyond group policies, look to control the "last mile."

NOTE: We initially published the wrong mp3 for this episode. It has been corrected!

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bradon Rogers, Chief Customer Officer at enterprise browser Island, on how a modern enterprise browser solution like Island can be used to replace, complement, or enhance some enterprise security tools or technology stacks.