Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news in front of a live audience at AISA’s CyberCon in Canberra.

They cover:

• Yevgeny Prigozhin’s entire enterprise got majorly owned
• Kremlin bans iPhones among President’s staff
• A look at those Android handset baseband bugs (woof)
• A discussion of the acropalypse issue
• Why you need to sort out your egress filtering in light of the latest Outlook bug
• Shanna Daly joins us on stage to talk about why the infosec industry sucks
• Plus much much more

This week’s show is sponsored by Stairwell. Mike Wiacek, Stairwell’s founder, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Threat actors are really enjoying home networks and BYOD these days…

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why our LastPass/DPRK hunch weakened
• CISA launches ransomware warning program
• Is the Ring data extortion real?
• White House flags cloud service security regulation
• Pig Butchering overtakes BEC as top cybercrime earner
• Much more!

Today’s soap box is an absolute cracker. We’re talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound.

If you don’t know what Bloodhound is, it’s a tool that grabs Active Directory information and turns it into a navigable graph. So if you’re an attacker you land on a network, enumerate directory information, and then map out a path to domain admin.

Bloodhound has been extremely popular with red teamers for years – to the point that it’s just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why the White House’s cybersecurity strategy is actually quite good
• The LastPass breach was probably DPRK
• UEFI bootkits are going downmarket, and this is bad
• GitHub will scan repos for secrets
• A look at some interesting DJI drone research
• Much, much more

This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• A look at LastPass’s intrusion post mortem
• A very stable genius decided to ransomware the US Marshals Service
• Why Signal’s complaints about UK’s Online Safety Act are bad faith
• Much, much more…

This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about:

• What CCI actually does
• The CIA’s role in cyber intel and operations
• What lessons have been learned from Russia’s cyber campaigns targeting Ukraine
• Why a cyber conflict with China will be very, very different
• His views on the ransomware threat
• Much, much more

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why Twitter had to kill SMS 2FA
• A look at Meta’s new verification service
• How a ransomware attack disrupted the semiconductor supply chain
• Why Anonymous Sudan is probably a Russian info op
• Microsoft mixes up public and private keys in Azure B2C (for real)
• Much, much more

This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris.

Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you.

And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more.

Enjoy!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• North Korea is ransomwaring hospitals with homegrown and Russian strains
• Russia proposes law greenlighting “patriotic hacks”
• It’s 702 renewal time… again
• CISA releases ESXiArgs recovery script (yay!)
• UK mulls crimephone ban
• Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Unpatched ESXi boxes are getting rinsed
• GoAnywhere MFT file transfer boxes are too
• Royal Mail data being ransomed by Lockbit
• Advanced materials manufacturer and finance company among latest rware victims
• Guilty plea in Ubiquiti case
• Much, much more

This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.