Risky Business Podcast

Analysis and news podcasts published weekly

Risky Business #766 – China hacks America's lawful intercept systems

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including:

  • Chinese spooks all up in western telco lawful intercept
  • Jerks ruin the Internet Archive’s day
  • Microsoft drops a great report with a bad chart
  • The feds make their own crypto currency and get it pumped
  • Forti-, Palo- and Ivanti-fail
  • And much, much more.

This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn’t worked out, and what smart teams do to handle their logs.

This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE)

Risky Business #766 – China hacks America's lawful intercept systems
0:00 / 53:57

Snake Oilers: Sandfly Security, Permiso and Wiz

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this edition of Snake Oilers we hear pitches from three security vendors:

  • Sandfly Security: An agentless Linux security platform that actually sounds very cool
  • Permiso: An identity security platform founded by ex FireEye folks
  • Wiz: The cloud security giant is getting in on code security scanning

You can watch this edition of Snake Oilers on YouTube here.

Snake Oilers: Sandfly Security, Permiso and Wiz
0:00 / 40:22

Risky Business #765 -- The Kaspersky switcheroo

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

Patrick Gray and Adam Boileau discuss the week’s infosec news with everyone’s favourite ex-NSA big-brain, Rob Joyce. They talk through:

  • Musk and Durov bow to government pressure
  • Tiktok rushes to ban authoritarian propagandists
  • The US doesn’t want Chinese software in its cars
  • Kaspersky replaces itself with an AV no one has ever heard of
  • Aussie police chalk up another crimephone takedown
  • Press Win-R Ctrl-V to prove you’re human
  • And much, much more.

This week’s show is brought to you by Stairwell, and Stairwell’s founder Mike Wiacek will be along to talk about how people are using their platform to hunt down detection resistant malware.

A video version of this episode is also available on Youtube.

Risky Business #765 -- The Kaspersky switcheroo
0:00 / 65:41

Risky Business #764 -- Mossad expands into telecommunications services

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

  • Hezbollah’s attempts to avoid SIGINT with pagers ends in explosions
  • The US shines many bright lights on RT’s disinfo role
  • Australia counters Chinese bullying in the Pacific
  • Valid accounts are the most prevalent entry point, says CISA’s data
  • Ivanti and Fortinet vie for worst vendor of the week
  • Krebs writes up the shift towards charging The Com with terrorism
  • And much, much more…

This week’s episode is sponsored by Push Security, who bring security visibility to where it needs to be these days – the browser. Luke Jennings joins this week’s show to discuss how phish-kit crews are driving the arms race forward, and how detection has to adapt and go where the users are.

This episode is also available on Youtube.

Risky Business #764 -- Mossad expands into telecommunications services
0:00 / 62:56

Risky Business #763 – Microsoft un-patches critical bug

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

  • Russia’s disinformation peddlers face multifaceted sternness from the DoJ
  • Telegram is now law enforcement’s bestest new pal, all of a sudden
  • Iran’s banking industry arranges a payment plan for a ransom
  • Columbia investigates how it sent private jets full of cash to pay for Pegasus
  • Microsoft innovates with Un-Patch Tuesday
  • And much, much more.

This week’s sponsor is Kroll Cyber, and one of their incident responders Paul Wells joins to discuss that one weird trick that actually helps - preparing for an incident before hand, rather than learning all those hard lessons in the middle of a crisis.

This week’s episode is also available on Youtube.

Risky Business #763 – Microsoft un-patches critical bug
0:00 / 51:49

Snake Oilers: Authentik, Dropzone and SlashID

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies:

  • Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs
  • Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst
  • SlashID, an identity security company that can crunch your logs to find attackers

You can watch this edition of Snake Oilers on YouTube here.

Snake Oilers: Authentik, Dropzone and SlashID
0:00 / 38:03

Risky Business #762 -- Brazil nukes X, Iranian APTs deploy ransomware

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

  • Brazil’s supreme court bans X-formerly-Twitter,
  • Iranian cyber teams cooperate with ransomware crews
  • While North Koreans wield chrome-windows 0-day
  • Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
  • The White House is coming for your unsigned BGP announcements
  • And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!

You can also watch this episode on Youtube.

Risky Business #762 -- Brazil nukes X, Iranian APTs deploy ransomware
0:00 / 64:46

Risky Business #761 – Telegram v frogs. Fight!

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show, Patrick Gray and Adam Boileau discusses the week’s security news, including:

  • Telegram founder’s arrest in France
  • Volt Typhoon 0days some SD-WAN gear
  • Russia frets about Ukraine all up in Kursk’s webcams
  • Cybercriminals social engineer payment card NFC relay attacks in the wild
  • The slow burn of Active Directory name collisions
  • And much, much more.

This week’s episode is sponsored by Nucleus Security. Aaron Unterberger joins to discuss how vulnerability management starts out easy, but gets serious very quickly.

You can also watch this week’s show on Youtube.

Risky Business #761 – Telegram v frogs. Fight!
0:00 / 64:32

Feature interview: ASIO Director General Mike Burgess on encryption and access

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Mike Burgess is the director general of ASIO. But the thing about Mike is he’s actually a cybersecurity guy. He joined ASD, Australia’s NSA, back in 1995 when it was still the Defence Signals Directorate. He was there for 18 years before he bounced out to the private sector for a while to work as the CISO for Australia’s largest telco, Telstra. In 2017 he returned to ASD to run it, and in 2019 he was appointed director general of ASIO.

Back in April, Burgess made a series of comments on the topic of encrypted messaging during a Press Club speech in Canberra. Our right to privacy, he said, is not absolute, and he implied that if certain providers didn’t start helping Australian authorities out a little more, he’d use some of the provisions in Australia’s Assistance and Access bill to force them to provide access to certain content.

So I reached out to organise this interview to get some more detail from him about exactly what sort of cooperation he’s seeking and why.

Feature interview: ASIO Director General Mike Burgess on encryption and access
0:00 / 29:49

Risky Business #760 – Microsoft to make MFA mandatory

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:

  • Microsoft did a good thing! Soon all Azure admins will require MFA
  • The three billion row National Public Data breach mess, courtesy Florida Man
  • US govt confirms that it was Iran that hacked the Trump campaign
  • Is TP-Link the next Huawei, or just not very good at computers?
  • Major Chinese RFID card maker has hardcoded backdoors
  • And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.

Risky Business #760 – Microsoft to make MFA mandatory
0:00 / 64:44