Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Iran-linked attacks on US water infrastructure
• Why the ownCloud bug isn’t the end of the world
• The D-Link 0day that… never existed?
• In defence of Okta
• Much, much more

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of Cybersecurity Strategy, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The Citrixbleed ransomware crisis
• Why the FBI hasn’t arrested Scattered Spider members
• DPRK is in your supply chains
• Microsoft has a brainwave and buys a HSM
• When civil war meets pig butchering
• Much, much more

This week’s show is brought to you by Airlock Digital. David Cottingham and Daniel Schell are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this Soap Box podcast Patrick Gray talks to Material Security’s CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites.

Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files?

Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account.

Even if you’re not interested in buying a product to tackle this, we think this one is a great listen.

On this week’s show Patrick Gray talks through the news with Chris Krebs and Dmitri Alperovitch. They discuss:

• The SEC enforcement action against Solarwinds’ CISO
• The White House AI Executive Order
• CitrixBleed exploitation goes wide
• How Kaspersky captured some (likely) Five Eyes iOS 0day
• Elon Musk’s Gaza Strip adventures
• Much, much more

This week’s show is brought to you by Greynoise. Andrew Morris, Greynoise’s founder and CEO, is this week’s sponsor guest. He talks about how Greynoise is using large language models to help them analyse massive quantities of malicious internet traffic.

In this edition of the Soap Box we hear from Mike Wiacek and Eric Foster from Stairwell.

Stairwell makes a product that collects and analyses every executable file in your environment. You deploy file collectors to your systems and they forward all new files to Stairwell for manual and automated analysis. You can do a lot of really cool analysis once you have all that stuff in the same place.

But as you’ll hear, Stairwell is broadening out the use cases for its platform. You don’t want to forward files from every system? You don’t have to. It’s still very useful as an analysis platform. It’s sort of like VirusTotal, but private and with a bunch more bells and whistles. There’s also a bunch of sharing tools in the platform, which gives it a “social network for CTI nerds” flavour.

On this week’s show Patrick Gray talks through the news with Dmitri Alperovitch, NSA Cybersecurity director Rob Joyce and NSA CCC director Morgan Adamski. They discuss:

• The Okta breach
• 40-50k feral Ciscos
• Why the http/2 protocol flaw is a real headache
• The Ragnar Locker takedown
• What the NSA CCC has been thinking about

This week’s show is brought to you by Socket. Socket’s founder Feross Aboukhadijeh joins us this week to talk about their actually-not-crazy use of large language models in their product.

Patrick Gray speaks to Yubico’s Jerrod Chong about how organisations can better verify the identities of users when performing MFA resets. In other words, how to not get MGM’d.

He also talks about the chain-of-trust issues inherent to synchronisable passkey implementations.

On this week’s show Patrick Gray and Lina Lau discuss the week’s security news. They cover:

• Microsoft has killed VBScript
• Google to make passkeys the new default sign-in method
• MGM losses to exceed $100m
• Clorox has a bad quarter
• Why a bug in cURL could be really bad news
• Much, much more

This week’s show is brought to you by KSOC. Jimmy Mesta, KSOC’s co-founder and CTO, is this week’s sponsor guest. He talks to us about how we can start applying real, actual IAM to Kubernetes environments.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Ransomware crews target WS_FTP and Jetbrains servers
• Global energy supply shapes up as big target
• The Dossier Center drops another banger
• Indian nationalists DDoS Canadian targets
• A look at the Exim drama
• Much, much more

This week’s show is brought to you by Kroll Cyber. George Glass is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Dmitri Alperovitch discuss the week’s security news. They cover:

• How western youths are working with Russian ransomware crews
• Russia has changed its targeting in Ukraine
• A massive breach of historical Russian flight information is god’s gift to OSINT orgs
• Cisco buys Splunk for $28bn
• Much, much more

This week’s show is brought to you by Panther. Its field CISO Ken Westin is this week’s sponsor guest.

Links to everything that we discussed are below.