Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The dust-up between Microsoft and Wiz
• MobileIron/Ivanti 0day hoses Norwegian government agencies
• That’ll do TETRA, that’ll do…
• Microsoft finally agrees to offer decent logging without price gouging
• Much, much more

This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

This Soap Box edition of the podcast is sponsored by Proofpoint.

Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet.

That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC.

So, with that in mind, what role could large language models play in email security?

Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Microsoft’s weasel-word response to the State Department email hack
• JumpCloud got owned, maybe by DPRK
• Citrix 0day is getting stuff rekt
• Two more spyware firms sanctioned by USA
• Scammers list fake phone numbers for major airlines on Google Maps
• Much, much more

This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The SEC is targeting SolarWinds executives
• UK to make banks liable for fraud
• NSA issues advice on UEFI trojan
• Microsoft blocks 100+ dodgy drivers
• The US IC knew what Prihozhin was up to. But what FSB doing?
• Much, much more

This week’s show is brought to you by Netwrix. Martin Cannard, Netwrix’s VP of Product Strategy, is this week’s sponsor guest. He talks about why zero standing privilege is a worthy goal.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this edition of the Soap Box podcast we’re going to be talking about a great topic – living off the land.

The recent Volt Typhoon report out of Microsoft chronicled the adventures of a Chinese APT crew in US critical infrastructure. But one of the most fascinating aspects of the Volt Typhoon campaign was that the attackers almost exclusively used so-called living off the land techniques.

So the question becomes – what can you do about an attacker in your environment who has privilege and isn’t using malware?

Guests David Cottingham and Daniel Schell, the CEO and CTO of Airlock Digital, join the show to talk it through.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Albanian authorities raid MEK over Iran hacks
• Microsoft admits “Anonymous Sudan” took down its services
• US Government puts $10m bounty on CL0P
• A deeper look at the Barracuda hack campaign
• Much, much more

This week’s show is brought to you by Material Security. We’ll be hearing from one of Material’s friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week’s sponsor interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Fortinet 0day Groundhog Day
• CISA’s new binding directive on exposed management interfaces
• Confirmed: US intelligence buying commercially available data
• MOVEit drama rolls on
• Much, much more

This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Russia’s FSB uncovers “NSA malware” on iPhones
• Cl0p mass harvests data from MOVEit file transfer servers
• ASD discloses a bunch of operations against ISIS, criminals
• Why China’s prepositioning is probably… prepositioning
• Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• China’s lolbin-powered intrusions into critical infrastructure
• Trend Micro backs BlackBerry’s Cuba call
• Anonymous Sudan shakes down Scandanavian Airlines
• Iranian opposition party MEK publishes gargantuan leak
• Much, much more

This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll.

They talk about all sorts of things, like:

• How the ransomware ecosystem is evolving into “ma and pa” operations
• Some killer detections they’ve figured out
• What separates the good networks from the bad ones
• Why EDR is of limited value if you’re not actually monitoring it
• Why not letting MDRs do the R part of their job is really, really, really dumb