Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why the White House’s cybersecurity strategy is actually quite good
• The LastPass breach was probably DPRK
• UEFI bootkits are going downmarket, and this is bad
• GitHub will scan repos for secrets
• A look at some interesting DJI drone research
• Much, much more

This week’s show is brought to you by Airlock Digital. Two of Airlock’s founders – Daniel Schell and David Cottingham – are this week’s sponsor guests.

* NOTE: We now think LastPass was likely not DPRK. It’s complicated and we’ll explain why we think we got this wrong in next week’s show

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• A look at LastPass’s intrusion post mortem
• A very stable genius decided to ransomware the US Marshals Service
• Why Signal’s complaints about UK’s Online Safety Act are bad faith
• Much, much more…

This week’s show is brought to you by Tines, the no-code automation platform. Its co-founder and CEO Eoin Hinchy joins the show in the sponsor slot, and you can check out a Tines demo we recorded with Eoin on YouTube.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this interview the director of the CIA’s Center for Cyber Intelligence (CCI) sits down with Risky Business podcast host Patrick Gray to talk about:

• What CCI actually does
• The CIA’s role in cyber intel and operations
• What lessons have been learned from Russia’s cyber campaigns targeting Ukraine
• Why a cyber conflict with China will be very, very different
• His views on the ransomware threat
• Much, much more

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Why Twitter had to kill SMS 2FA
• A look at Meta’s new verification service
• How a ransomware attack disrupted the semiconductor supply chain
• Why Anonymous Sudan is probably a Russian info op
• Microsoft mixes up public and private keys in Azure B2C (for real)
• Much, much more

This week’s show is brought to you by Proofpoint. Its Executive Vice President of Cybersecurity Strategy Ryan Kalember joins the show in the sponsor slot.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this interview we’re chatting with the founder of Greynoise Intelligence, Andrew Morris.

Greynoise operates a global network of sensors that collect data on things like mass scanning, exploitation and reconnaissance. The idea is if your SOC gets an alert from a particular IP you can see if it’s associated with mass scanning or exploitation, or if it’s something that’s just targeting you.

And as you’ll hear, there are other use cases also, but we’re talking about a few things with Andrew today. He talks about being able to selectively port forward attacks targeting his sensor network to a data centre running the services being targeted, about the ESXiArgs ransomware attack and more.

Enjoy!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• North Korea is ransomwaring hospitals with homegrown and Russian strains
• Russia proposes law greenlighting “patriotic hacks”
• It’s 702 renewal time… again
• CISA releases ESXiArgs recovery script (yay!)
• UK mulls crimephone ban
• Much, much more

This week’s show is brought to you by Thinkst Canary. Haroon Meer is this week’s sponsor guest and joins us to talk about Thinkst’s latest release: the credit card canary.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Unpatched ESXi boxes are getting rinsed
• GoAnywhere MFT file transfer boxes are too
• Royal Mail data being ransomed by Lockbit
• Advanced materials manufacturer and finance company among latest rware victims
• Guilty plea in Ubiquiti case
• Much, much more

This week’s show is brought to you by Red Canary. Red Canary’s Adam Mashinchi is this week’s sponsor guest. He joins us to talk about the impact layoffs are having on infosec teams.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• A look at the Hive takedown
• UK’s Royal Mail still struggling
• GitHub’s code signing certificates stolen
• TSA misses the point on no-fly list theft
• Much, much more

This week’s show is brought to you by Remediant, which is now a part of Netwrix.

Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing.

In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Google’s search results have become a malware-riddled sh*tshow
• Ransomware payment values dropped by 40% YoY in 2022
• Kraken takes over Solaris the old school way
• Grand Theft Auto RCE is wreaking havoc
• ManageEngine customers are all getting owned
• So you know, pretty much business as usual

This week’s show is brought to you by Kroll.

Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline.