Podcasts

News, analysis and commentary

Risky Bulletin: HTTP2 flaw enables massive DDoS attacks

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments.

Risky Bulletin: HTTP2 flaw enables massive DDoS attacks
0:00 / 8:03

Risky Biz Soap Box: How to measure vulnerability reachability

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications.

It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can say whether or not that vulnerability actually impacts your application.

They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it’s playing the CVE game as well.

This episode is also available on Youtube.

Risky Biz Soap Box: How to measure vulnerability reachability
0:00 / 35:48

Srsly Risky Biz: Drug cartels are the new APTs

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Tom Uren
Tom Uren

Policy & Intelligence

Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It’s about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years.

They also discuss Microsoft’s involvement in an Israeli surveillance system and the head of Australia’s security organisation’s blunt warning about espionage.

This episode is also available on Youtube.

Srsly Risky Biz: Drug cartels are the new APTs
0:00 / 16:41

Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds

Presented by

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

  • CISA warns about the path from on-prem Exchange to the cloud
  • Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are
  • Everyone and their dog seems to have a shell in US Federal Court information systems
  • Google pays $250k for a Chrome sandbox escape
  • Attackers use javascript in adult SVG files to … farm facebook likes?!
  • SonicWall says users aren’t getting hacked with an 0day… this time.

This week’s episode is sponsored by SpecterOps. Chief product officer Justin Kohler talks about how the flagship Bloodhound tool has evolved to map attack paths anywhere. Bring your own applications, directories and systems into the graph, and join the identity attacks together.

This episode is also available on Youtube.

Risky Business #802 -- Accessing internal Microsoft apps with your Hotmail creds
0:00 / 60:00

Risky Bulletin: Russia suspected of US Courts hack

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Russia suspected of hacking a US Court system, researchers break the DarkBit ransomware’s encryption, a new attack can leak sensitive data from AMD processors, and a brute-force campaign targets Fortinet devices.

Risky Bulletin: Russia suspected of US Courts hack
0:00 / 8:18

Risky Bulletin: Researcher scores $250,000 for Chrome bug

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

A security researcher scores $250,000 for a Chrome bug, WinRAR patches another zero-day, new vulnerabilities found in the Tetra communications protocol, and a researcher gains access to Microsoft’s internal network for fun… and no profit.

Risky Bulletin: Researcher scores $250,000 for Chrome bug
0:00 / 7:22

Sponsored: The phishing-resistant employee

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico’s Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys.

Sponsored: The phishing-resistant employee
0:00 / 15:54

Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Federal agencies told to patch a new Exchange flaw, millions of sites are vulnerable to HTTP desync attacks, Trend Micro patches a zero-day, and the Salesforce data breaches continue.

Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack
0:00 / 8:27

Risky Business #801 -- AI models can hack well now and it's weirding us out

Presented by

Amberleigh Jack
Amberleigh Jack

Producer and Editor

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray
Patrick Gray

CEO and Publisher

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut.

This episode explores the rise of AI-powered bug hunting:

  • Google’s Project Zero and Deepmind team up to find and report 20 bugs to open source projects
  • The XBOW AI bug hunting platform sees success on HackerOne
  • Is an AI James Kettle on the horizon?

There’s also plenty of regular cybersecurity news to discuss:

  • On-prem Sharepoint’s codebase is maintained out of China… awkward!
  • China frets about the US backdooring its NVIDIA chips, how you like ‘dem apples, China?
  • SonicWall advises customers to turn off their VPNs
  • Hardware controlling Dell laptop fingerprint and card readers has nasty driver bugs
  • Russia uses its ISPs to in-the-middle embassy computers and backdoor ‘em.
  • The Russian government pushes VK’s Max messenger for everything

This week’s show is sponsored by device management platform Devicie. Head of Solutions Sean Ollerton talks through the impending Windows 10 apocalypse, as Microsoft ends mainstream support. He says Windows 11 isn’t as scary as people make out, but if the update isn’t on your radar now, time is running out.

This episode is also available on Youtube.

Risky Business #801 -- AI models can hack well now and it's weirding us out
0:00 / 66:01

Risky Bulletin: Russia's war on foreign software continues

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Claire Aird
Claire Aird

Newsreader

Russian companies must migrate to domestic ERP systems; A Thai hospital gets fined over the the dumbest data breach ever; Ohio’s public sector will have to approve ransom payments in public; …and Chanel and Cisco disclose data breaches.

Risky Bulletin: Russia's war on foreign software continues
0:00 / 7:37