Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Germans charge FinFisher executives
• The got FBI busted misusing 702 data
• Special guest Chris Krebs talks China
• New research breaks Android fingerprint auth
• Much, much more

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Wazawaka charged, sanctioned
• PlugwalkJoe extradited, pleads guilty
• BlackBerry thinks Cuba ransomware is a front for Russian intelligence
• Anonymous Sudan pops up in Israel
• Microsoft’s Outlook patch fail
• Much, much more

This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Joe Sullivan’s sentencing
• MSI key material leak
• Merck to be paid in NotPetya claim
• The FBI takes down Turla’s Snake malware operation
• Much, much more

This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products.

In this edition of Snake Oilers:

• Travis McPeak pitches Resourcely’s automagic Terraform cloud-provisioning technology
• Ken Westin pitches Panther – a cloud-native SIEM developed by former practitioners
• Brian Kenyon from Island talks about the company’s enterprise browser

Enjoy!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Rob Joyce weighs in on AI and offsec
• Mysterious hacker doxes Russian intelligence agency bitcoin wallets
• Wired deep dives on SolarWinds
• AmeriCold food logistics giant suffers incident
• Iranian authorities roll low-tech spyware
• Much, much more

This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The supply chain attack in the supply chain attack
• Russia has a China dependency problem
• Recent research into TLS resumption flaws
• Google and Intel team up on hardware hacking
• DHS will hack enterprise kit
• Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

• Socket.dev, a software supply chain product that currently deploys as a GitHub addon
• Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure
• Mandiant joins us to pitch its Purple Team engagement product

Enjoy!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Why 3CX was the dumbest supply chain attack we’ve seen
• Why Wiz’s AzureAD research was a showstopper that didn’t get the attention it deserved
• How attackers are burning down cloud infrastructure
• The latest from the world of spyware
• Much, much more

This week’s show is brought to you by Nucleus Security. Chris Hughes from Aquia is this week’s sponsor guest. He appeared at Nucleus Security’s invitation.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this Soap Box edition of the show, Thinkst Canary founder Haroon Meer joins us to talk about why the sudden pullback in venture funding in infosec is actually a good thing.

He thinks this will give founders licence to slow down and actually focus on making good products, instead of trying to build a company around vapourware or a minimum viable product.

NOTE: Patrick’s audio is a bit degraded in a few parts of this episode. It’s still clear enough, but if you hear some degradation in parts then yes, it’s us, not you.

On this week’s show Patrick Gray, Adam Boileau and Tom Uren discuss the week’s security news. They cover:

• The Biden White House’s executive order on spyware
• Why the infosec community writ large is wrong on TikTok
• Clop campaign: it’s time to ditch your file transfer gateways
• Major Android app booted from store because it was full of 0day privesc exploits lol
• More detail on the BreachForums admin arrest
• Much, much more

This week’s show is brought to you by runZero. HD Moore, co-founder of runZero, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick, Adam and Tom on Mastodon if that’s your thing.