Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Russia’s FSB uncovers “NSA malware” on iPhones
• Cl0p mass harvests data from MOVEit file transfer servers
• ASD discloses a bunch of operations against ISIS, criminals
• Why China’s prepositioning is probably… prepositioning
• Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero is this week’s sponsor guest and he joins us to talk about indirect LLM prompt injection and the latest Canary release.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• China’s lolbin-powered intrusions into critical infrastructure
• Trend Micro backs BlackBerry’s Cuba call
• Anonymous Sudan shakes down Scandanavian Airlines
• Iranian opposition party MEK publishes gargantuan leak
• Much, much more

This week’s show is brought to you by Kubernetes security company KSOC. Jimmy Mesta is this week’s sponsor guest and he joins us to talk about the big security challenges in Kubernetes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this Soap Box podcast Patrick Gray talks to George Glass, the threat intelligence operations leader in the Cyber Risk practice at Kroll.

They talk about all sorts of things, like:

• How the ransomware ecosystem is evolving into “ma and pa” operations
• Some killer detections they’ve figured out
• What separates the good networks from the bad ones
• Why EDR is of limited value if you’re not actually monitoring it
• Why not letting MDRs do the R part of their job is really, really, really dumb

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Germans charge FinFisher executives
• The got FBI busted misusing 702 data
• Special guest Chris Krebs talks China
• New research breaks Android fingerprint auth
• Much, much more

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Wazawaka charged, sanctioned
• PlugwalkJoe extradited, pleads guilty
• BlackBerry thinks Cuba ransomware is a front for Russian intelligence
• Anonymous Sudan pops up in Israel
• Microsoft’s Outlook patch fail
• Much, much more

This week’s show is brought to you by Bloodhound Enterprise. Andy Robbins is this week’s sponsor guest. He talks about how graph theory could help us to uncover more lolbins.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Joe Sullivan’s sentencing
• MSI key material leak
• Merck to be paid in NotPetya claim
• The FBI takes down Turla’s Snake malware operation
• Much, much more

This week’s show is brought to you by Gigamon. Chaim Mazal, Gigamon’s CSO, is this week’s sponsor guest. He’s talking about how the company’s gear is acting as a data source for network security products.

In this edition of Snake Oilers:

• Travis McPeak pitches Resourcely’s automagic Terraform cloud-provisioning technology
• Ken Westin pitches Panther – a cloud-native SIEM developed by former practitioners
• Brian Kenyon from Island talks about the company’s enterprise browser

Enjoy!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Rob Joyce weighs in on AI and offsec
• Mysterious hacker doxes Russian intelligence agency bitcoin wallets
• Wired deep dives on SolarWinds
• AmeriCold food logistics giant suffers incident
• Iranian authorities roll low-tech spyware
• Much, much more

This week’s show is brought to you by Greynoise. Its founder and CEO Andrew Morris is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• The supply chain attack in the supply chain attack
• Russia has a China dependency problem
• Recent research into TLS resumption flaws
• Google and Intel team up on hardware hacking
• DHS will hack enterprise kit
• Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest. He’s talking about the (actually sensible) ChatGPT-driven features Corelight has built into its NDR platform.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here.

We’ll hear from three vendors in this edition of Snake Oilers:

• Socket.dev, a software supply chain product that currently deploys as a GitHub addon
• Teleport, a company that makes a secure access gateway/single sign on product for engineers to securely access infrastructure
• Mandiant joins us to pitch its Purple Team engagement product

Enjoy!