Podcasts

News, analysis and commentary

Risky Business #799 -- Everyone's Sharepoint gets shelled

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss:

  • Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)
  • She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)
  • Four (alleged) Scattered Spider members arrested (and bailed) in the UK
  • Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M
  • Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things!

This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system.

This episode is also available on Youtube.

Risky Business #799 -- Everyone's Sharepoint gets shelled
0:00 / 73:55

Risky Bulletin: Three Chinese APTs are behind the SharePoint zero-day attacks

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Three Chinese APTs are behind the recent SharePoint zero-day attacks, the UK wants to ban the public sector from paying ransoms, Russia takes down a malware operation, and South Korea charges airline employees over selling celebrity data.

Risky Bulletin: Three Chinese APTs are behind the SharePoint zero-day attacks
0:00 / 5:41

Between Two Nerds: How China's cyber militia make sense

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether China’s ‘cyber militia’ make sense and what they could be good for.

This episode is also available on Youtube.

Between Two Nerds: How China's cyber militia make sense
0:00 / 33:20

Risky Bulletin: Iranian security firm behind airline hacking spree

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

An Iranian security firm is behind an airline hacking spree, Chinese hackers breach Singapore’s critical infrastructure, new SharePoint and CrushFTP zero-days are being used in the wild, and Japan releases free ransomware decrypters.

Risky Bulletin: Iranian security firm behind airline hacking spree
0:00 / 6:07

Sponsored: Haroon Meer's secret to business success is… love

Presented by

Casey Ellis
Casey Ellis

Founder, Bugcrowd

In this Risky Business sponsored interview, Thinkst Canary CEO Haroon Meer chats to Casey Ellis about the company’s impressive growth over the past decade, and how it approached that path a little differently to other firms. Haroon’s advice for young startup founders: Is your problem worth solving? And can you actually solve it? And… Love your customers.

Sponsored: Haroon Meer's secret to business success is… love
0:00 / 20:53

Risky Bulletin: New phishing technique bypasses FIDO keys

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Hackers bypass FIDO keys with a new phishing technique, a mobile surveillance vendor deploys an SS7 exploit, ransomware hits South Korea’s largest insurance provider, and law enforcement agencies dismantle a pro-Kremlin DDoS group.

Risky Bulletin: New phishing technique bypasses FIDO keys
0:00 / 8:03

Srsly Risky Biz: Spain leaves key under mat for Huawei

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about Huawei’s contract to manage storage for Spain’s lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004!

They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that there are key individuals with outsize impact. But they also reinforce that the online communities they are involved in act as training grounds for cyber criminals. Arrests will slow hacks, not stop them.

This episode is also available on Youtube.

Srsly Risky Biz: Spain leaves key under mat for Huawei
0:00 / 21:23

Risky Bulletin: China breaches US National Guard

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Salt Typhoon breaches a US state’s National Guard, Ukrainian hackers wipe the servers of a Russian drone maker, the UK relocates Afghans caught up in a data leak, and Microsoft outsources some US government work to China.

Risky Bulletin: China breaches US National Guard
0:00 / 7:08

Between Two Nerds: Is US cyber espionage too careful?

Presented by

The Grugq
The Grugq

Independent Security Researcher

Tom Uren
Tom Uren

Policy & Intelligence

In this edition of Between Two Nerds Tom Uren and The Grugq examine whether US cyber operations are too stealthy. Could they get more bang for the buck if they adopted a devil may care attitude to getting busted?

This episode is also available on Youtube.

Between Two Nerds: Is US cyber espionage too careful?
0:00 / 31:30

Risky Biz Soap Box: Prowler, the open cloud security platform

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.

Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.

This episode is also available on Youtube.

Risky Biz Soap Box: Prowler, the open cloud security platform
0:00 / 32:08