Risky Business Podcast

Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.

VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:

• ORIGINAL: Ransomware insurance payouts are looking pretty unsustainable
• Trump lawyer calls for Chris Krebs’ execution
• Hunger relief charity loses $1m to BEC
• Supreme court weighs CFAA
• Much, much more!

On this week’s show Patrick and Mark Piper discuss the week’s security news, including:

• UK unveils Cyber Force
• US passes surprisingly sane IoT security law
• Symantec drops some APT10 research
• MobileIron bugs getting a decent workout courtesy of state-backed attackers
• Much, much more…

This is not an edition of the weekly news show, scroll back one episode in your podcast feed if you’re looking for that. Rhis is a wholly sponsored podcast brought to you by Bugcrowd.

Bugcrowd’s CEO Ashish Gupta joins us in this edition of the Soap Box. He’s been the CEO over there for about three years, taking the reins from our friend Casey Ellis who moved into the CTO position.

As you’re about to hear, the bug bounty companies have moved on from the days when they just provided the simple service of running bug bounty competitions for their clients. What’s emerging is a much more nuanced product mix designed to extract as much usefulness as possible out of the testers registered on their platforms.

On this week’s show Patrick and Adam discuss the week’s security news, including:

• CISA director Chris Krebs fired
• Trump ramps up his disinformation campaign
• TikTok ban stalls
• BlackBerry discovers new hacker-for-hire crew
• DNS cache poisoning is back. But do we really care?
• Much, much more

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Zoom settles with FTC over misleading E2EE claim
• Some poor sod had to give up $1bn in Bitcoin
• Solaris SSH 0day? Let’s party like it’s 1999
• Samy Kamkar’s latest trick: NAT Slipstreaming
• Australia’s hardcore critical infrastructure protection bill
• Much, much more

On this week’s show Patrick and Adam discuss the week’s security news, including:

• “Proud Boys” email campaign attributed to Iran in record time
• Sanctions for everyone!
• US doxes more adversary TTPs
• Katie Nickels and Chris Krebs join the show

This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

• Gravwell pitches its “structure on read” approach to SIEM
• Plextrac describes its red team/pentest reporting platform
• ITProTV’s Don Pezet talks about trends in online training

On this week’s show Patrick and Adam discuss the week’s security news, including:

• US DoJ unseals indictments against Sandworm operators
• Twitter backtracks on “hacked materials” policy
• No consensus on Trickbot c2 status
• NSA publishes “most exploited” listicle that’s actually interesting
• Much, much more

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Yep, it was Cyber Command
• Also Microsoft, Symantec, Lumen and others
• Norwegian parliament hack pinned on Russia
• We finally talk about “ethics in OST”
• More