Risky Business Podcast

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:

• Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
• All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
• A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
• Why automotive security research will actually be interesting this year
• PLUS: A bunch of random news!

This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Apple to introduce user-encrypted backups, FBI is sad
• Twitter ices e2ee plans for DMs
• RackSpace is getting sued over its hosted Exchange ransomware incident
• Dodgy driving: Microsoft signs some shady stuff
• Japan to change laws, release the Shibas
• A look at the US NDAA
• Much, much more

This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

In this sponsored podcast Patrick Gray and Ryan Kalember talk about Proofpoint’s acquisition of Illusive, a company that started off in the “deception” space and then moved towards doing attack path analysis and management.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Samsung, LG Android signing keys pinched
• LastPass gets owned again
• APT41 steal covid relief money
• Amnesty International hacked in Canada
• Much, much more

This week’s show is brought to you by Airlock Digital. Its CEO and CTO join host Patrick Gray this week to talk about admin to kernel as a security boundary, and the limitations of kernel driver blocklists.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• UK, USA ban Chinese security cameras
• What is the Boa webserver and why is it everywhere?
• Vanuatu, Guadeloupe smashed by ransomware
• REvil back with more dumps despite ASD attention
• Much, much more

This week’s sponsor guest is Jake King from Elastic Security, who joins us to talk through the company’s most recent threat report. There’s a link to the report in our show notes.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Half of all UK COBRA meetings are ransomware related
• Ransomware biggest risk to US port security
• White House to move on spyware industry
• EU to launch its own Starlink equivalent
• Much, much more

AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one)
• Twitter’s wheels haven’t fallen off yet but they sure are wobbling
• Hundreds of millions stolen from FTX mid implosion
• Security researchers start looking at Mastodon and… yeah
• Much, much more!

This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• DoJ seizes 50k bitcoin stolen from Silk Road, charges thief
• Australian health insurer Medibank refuses to pay ransom, data leaked
• Inside Qatar’s $386m world cup espionage operation
• EU Parliament report into spyware lands
• SolarWinds settles shareholder lawsuit, faces SEC enforcement action
• Much, much more

This week’s sponsor guest is Andrew Morris from Greynoise Intelligence.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Twitter bluechecks face phishing barrage
• Australian government goes berserk on Medibank hack response
• Former WSJ journalist sues law firm over email hack and info op that got him fired
• OpenSSL bug lands with a whimper
• Apple macOS Ventura update breaks security tools
• Much, much more

This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka.