Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The FBI takes down Qakbot, steals operators’ bitcoins ha ha
• Danish hosting provider completely destroyed in ransomware attack
• Sophisticated Russian cyber attack on Polish trains. Well. Not really.
• Microsoft revokes cert then revokes its revocation
• Much, much more!

This week’s show is brought to you by Proofpoint. Ryan Kalember, Proofpoint’s EVP of cybersecurity strategy Ryan Kalember is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

(NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!)

• US Government warnings to private space sector on cyber risk
• Ukrainian hackers dump the inbox of Russian Duma deputy chair
• Absentee voting in Ecuador’s election disrupted by DDoS attack
• South Korea warns of Chinese “spy chips”
• Much, much more!

This week’s show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week’s show to talk about Powershell Constrained Language mode.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch talk to Illia Vitiuk, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about the cyber dimension to Russia’s invasion.

From turning off Ukraine’s power grid with a cyber attack in 2015 to the Viasat hack in 2022, Russia’s intelligence services are world renowned for executing creative destructive cyber campaigns. Despite this, after a year and a half of Russia waging war on Ukraine its power grid is up, its telcos are functioning and its banks are still processing transactions.

How has Ukraine been able to withstand Russia’s onslaught in the cyber domain? Vitiuk joins us to reveal insights into how Russian intelligence services are operating in Ukraine, and how the SBU is countering them.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• More victims identified in Chinese breach of Microsoft email accounts
• Cyber Safety Review Board to investigate Microsoft
• We got some stuff wrong last week
• More details on Viasat hack revealed
• Special guest Heather Adkins talks about the CSRB’s Lapsus$ report
• Much, much more

This week’s show is brought to you by RunZero. Its co-founder HD Moore is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Tenable gives Microsoft a spray over Azure bug fix delay, quality
• Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization
• Ransomware targets hospitals, special needs schools
• Japan’s cybersecurity has some catching up to do
• Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Ron Wyden’s “please explain” letter to Microsoft
• Chinese APT crews prepositioning to disrupt US military logistics
• China claims US hacked its seismology sensors
• Ivanti/MobileIron exploitation going vertical
• Much, much more

This week’s show is brought to you by Stairwell. Mike Wiacek, Stairwell’s founder and CEO, is this week’s sponsor guest. He’s joined by Eric Foster, Stairwell’s VP of Business Development.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this interview Patrick Gray speaks to Australia’s Home Affairs and Cyber Security Minister Clare O’Neil and NCSC founding director Ciaran Martin about the government’s upcoming cybersecurity strategy, releasing the hounds and more.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The dust-up between Microsoft and Wiz
• MobileIron/Ivanti 0day hoses Norwegian government agencies
• That’ll do TETRA, that’ll do…
• Microsoft finally agrees to offer decent logging without price gouging
• Much, much more

This week’s show is brought to you by Resoucely. Travis McPeak, Resourcely’s co-founder and CEO, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

This Soap Box edition of the podcast is sponsored by Proofpoint.

Proofpoint offers email security and DLP products and services, and they’re probably best known for being the biggest email security company on the planet.

That means they process a LOT of emails in the hopes of throttling the number of malicious emails that organisations have to deal with, whether that’s malware, phishing or BEC.

So, with that in mind, what role could large language models play in email security?

Now that the initial ChatGPT hype has died off a little, we spoke with Proofpoint’s VP of cybersecurity strategy Ryan Kalember about large language models and how they’re going to help defenders and attackers alike.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Microsoft’s weasel-word response to the State Department email hack
• JumpCloud got owned, maybe by DPRK
• Citrix 0day is getting stuff rekt
• Two more spyware firms sanctioned by USA
• Scammers list fake phone numbers for major airlines on Google Maps
• Much, much more

This week’s show is brought to you by security focussed enterprise browser maker Island. Dan Amiga, Island’s CTO and co-founder, is this week’s sponsor guest. He talks about why widespread enterprise browser deployment is inevitable.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.