Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response
  • Predator spyware maker getting a stern sanctioning
  • A German military WebEx meeting gets snooped
  • Mem-corrpution is still king
  • And much, much more

In this week’s sponsor interview Patrick Gray speaks to Karl McGuinness, Okta’s chief architect, about some new security improvements they’ve built into their IDP.

Risky Business #739 -- ALPHV exit scams while Change Healthcare burns
0:00 / 59:25

Risky Business #738 -- LockBit is down but not out. Yet.

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • LockBit gets back up after takedown
  • Russia arrests Medibank hacker… for something else
  • ConnectWise gives out free updates, but customers aren’t happy
  • Microsoft gives in to demands for more logs
  • Sandvine gets entity-listed
  • And much much more.

Dmitri Alperovitch also joins the show to discuss Starlink, Starshield and a row with Congress about its availability in Taiwan.

In this week’s sponsor interview, Airlock Digital’s Daniel Schell talks about his adventures with WDAC, and Dave Cottingham predicts Windows 12 will go all in on signed code.

Risky Business #738 -- LockBit is down but not out. Yet.
0:00 / 55:28

Risky Business #737 -- LockBit gets absolutely rekt

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • LockBit has been taken down by law enforcement
  • Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON
  • GRU gets its Moobot network shutdown
  • Signal adding usernames is… complicated
  • Much, much more

In this week’s sponsor interview Devicie’s Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There’s an expectation out there that Windows policies are set and forget, but sadly, this is not so.

Risky Business #737 -- LockBit gets absolutely rekt
0:00 / 58:27

Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia’s SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you’re an o365 customer you’re using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

Soap Box: A deep dive on how Russia's SVR is hacking Microsoft 365 tenants
0:00 / 39:48

Risky Business #736 -- Azure misconfigurations are 2024's looming threat

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Somehow there are still more Ivanti and Fortinet exploits
  • Volt Typhoon have been at it for years
  • Starlink in Ukraine gets complicated
  • Canadians hate poor Flipper
  • Much, much more…

In this week’s sponsor interview Feross Aboukhadijeh from Socket joins the show to talk about the sheer volume of malicious packages being committed to code repositories and why older SCA tools aren’t well equipped to deal with them.

Risky Business #736 -- Azure misconfigurations are 2024's looming threat
0:00 / 53:18

Soap Box: How to dismantle Volt Typhoon-style relay networks

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this Soap Box interview Greynoise founder and absolute legend Andrew Morris joins the show to talk about:

  • Why Greynoise hasn’t seen a substantial drop off in Volt Typhoon’s network of compromised routers after the US Government’s takedown action
  • How vendors are using Greynoise as an early warning system to identify exploitation of their products
  • How he’s using large language models to reverse exploitation attempts into actual exploits

It truly is a great conversation, we hope you enjoy it!

Soap Box: How to dismantle Volt Typhoon-style relay networks
0:00 / 37:35

Risky Business #735 -- AnyDesk fails the transparency test

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • Thought eels were slippery? Check out AnyDesk’s PR!
  • Why Microsoft’s 365 is a nightmare to secure
  • Cloudflare’s needlessly hostile blog post
  • US Government introduces “Disneyland ban” for spyware peddlers
  • Much, much more…

This week’s feature guest is Eric Goldstein, the executive assistant director for cybersecurity at CISA. He’s joining the show to talk about CISA’s demand that US government agencies unplug their Ivanti appliances. He also chimes in on why the US government is so rattled by Volt Typhoon and addresses a recent report from Politico that claims CISA’s Joint Cyber Defense Collaborative is a bit of a shambles.

This week’s sponsor guest is Dan Guido from Trail of Bits. He joins us to talk about their new Testing Handbook. Trail of Bits does a bunch of audit work and they’ve committed to trying to make bug discovery a one time thing – if you find that bug once, you shouldn’t have to manually find it on another client engagement. Semgrep for the win!

Risky Business #735 -- AnyDesk fails the transparency test
0:00 / 62:27

Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They talk about:

  • More details on sanctioned Medibank hacker Aleksandr Ermakov
  • More details on alleged Scattered Spider hacker Noah Michael Urban
  • RUMINT that the number of Microsoft customers impacted by the SVR oauth/365 campaign is huge
  • Ron Wyden did something useful…
  • …then did something stupid
  • Ivanti’s clown car collides with dumpster fire
  • Much, much more

This week’s feature guest is Australia’s assistant foreign minister (and cybersecurity tragic) Tim Watts. He joins us to talk about why the Australian government sanctioned Aleksandr Ermakob.

Sublime Security founder and CEO Josh Kamdjou is this week’s sponsor guest. He joins us to talk about combating QR-code phishing.

Risky Business #734 -- The number of hacked Microsoft 365 customers is skyrocketing
0:00 / 62:29

Risky Business #733 -- Say cheese, motherf---er

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

In this week’s show Patrick Gray and Adam Boileau discuss the week’s security news.

  • Microsoft honks its clown car horn
  • Australia’s hounds, released, catch their man
  • The beginning of the end for Scattered Spider
  • SEC was SIM swapped but had MFA off any way
  • Ivanti learns a lesson…
  • … while Progress does not
  • and much more

DHS undersecretary for policy and Cyber Safety Review Board head Rob Silvers is this week’s feature guest. He joins the show to talk about how the CSRB handles possible conflicts of interests from board members with industry day jobs.

In this week’s sponsor interview Resourcely’s founder Travis McPeak talks about why we need to help developers with “paved roads” instead of relying on dashboard products to tell us when things have gone wrong.

Risky Business #733 -- Say cheese, motherf---er
0:00 / 62:58

Risky Business #732 — We are CRUSHED

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s SURPRISE edition, Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Their disappointment over last week’s SEC Twitter hack
  • China rainbow-tables Airdrop
  • Enterprise bugs galore…
  • … and why patching fast is hard when there isn’t even a patch yet
  • UEFI flaws get trad-BIOS-era vendor response
  • and much, much more…

This week’s show is unsponsored, we’re just here for the fun of it.

Risky Business #732 — We are CRUSHED
0:00 / 41:10