Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter
• NSA and CyberCom leaders fired for not being MAGA enough
• US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them
• …which is a great time to discuss slashing CISA’s staffing
• Ransomware crews and bullet proof hosting providers are getting rekt, and we love it
• And Microsoft patches yet another logging 0-day being used in the wild.

This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. And one that Yubico is actually really ideally positioned to solve.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, Oracle Health and Oracle Cloud did get hacked
• The fallout from Signalgate continues
• North Korean IT workers pivot to Europe
• Honeypot data suggests a storm is brewing for Palo Alto VPNs
• Canadian Anon gets arrested for hacking Texas GOP

This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit.

This episode is also available on Youtube.

In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls.

Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers??

You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure.

Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group
• The Github actions hack is smaller than we thought, but was targeting crypto
• Remote code exec in Kubernetes, ouch
• Oracle denies its cloud got owned, but that sure does look like customer keymat
• Taiwanese hardware maker Clevo packs its private keys into bios update zip
• US Treasury un-sanctions Tornado Cash, party time in Pyongyang?

This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Github Actions supply chain attack loots keys and secrets from 23k projects
• Why a VC fund now owns a minority stake in Risky Business Media (!?!?)
• China doxes Taiwanese military hackers
• Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it
• CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave
• …and Google acquires Wiz for $32bn

This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA.

They talk through:

• A realistic bluetooth-proximity phishing attack against Passkeys
• A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor
• The ESP32 backdoor that is neither a door nor at the back
• The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists
• Years later, LastPass hackers are still emptying crypto-wallets
• …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice!

Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline.

This week’s episode is sponsored by SpecterOps, makers of the BloodHound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using BloodHound’s insight.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• Did the US decide to stop caring about Russian cyber, or not?
• Adam stans hard for North Korea’s massive ByBit crypto-theft
• Cellebrite firing Serbia is an example of the system working
• Starlink keeps scam compounds in Myanmar running
• Biggest DDoS botnet yet pushes over 6Tbps

This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through where eyes on your network can spot attackers like Salt and Volt Typhoon.

This episode is also available on Youtube.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

• North Korea pulls off a 1.5 billion dollar crypto heist
• Apple pulls Advanced Data Protection from the UK
• Black Basta ransomware gang’s internal chats leak
• Russians snoop on Signal with QR codes
• And Myanmar ships thousands of freed scam compound workers to Thailand

Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she outed the NSA?

This week’s episode is sponsored by Airlock Digital, and allow-listing tragics Daniel Schell and David Cottingham are along with an amusing tale of using Windows’ own allow-listing software to block EDR from loading.

This episode is also available on Youtube.

In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation.

From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be?

Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the future of LLMs.

This episode is also available on [Youtube](

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Australian spooks scrubbed Medibank data off Zservers bulletproof hosting
• Why device code phishing is the latest trick in confusing poor users about cloud authentication
• Cloudflare gets blocked in Spain, but only on weekends and because of… football?
• Palo Alto has yet another dumb bug
• Adam gushes about Qualys’ latest OpenSSH vulns

Enterprise browser maker Island is this week’s sponsor and Chief Customer Officer Bradon Rogers joins the show to talk about how the adoption of AI everywhere is causing headaches.