Videos

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news and recap the best research presented at Black Hat and DEF CON in Las Vegas last week. They cover:

• Iran tries an election hack’n’leak like its still 2016
• Crowdstrike takes home the Pwnie for Epic Fail at Defcon
• UK healthcare SaaS faces six million pound fine for lack of MFA
• US circuit courts disagree on geofence warrants
• Our roundup of juicy Blackhat/Defcon research
• And much, much more.

This week’s episode is sponsored by Trail of Bits. CEO Dan Guido is fresh back from the DARPA AI Cyber Challenge at DEF CON, where the Trail of Bits team moved through to the finals. Dan talks through the challenge of finding, reporting and fixing bugs with AI systems….

In this sponsored product demo Okta’s Harish Chakravarthy and Brett Winterford walk through four new features Okta introduced in the wake of the emergence of modern attacker techniques targeting identity providers. These features will help you to prevent or limit the damage to your environment if an attacker manages to compromise a session token.

If you’re an Okta shop you should absolutely watch this video.

Patrick Gray and Risky Business Media’s policy and intelligence editor Tom Uren talk about the new counterintelligence strategy released by the US Director of National Intelligence.

The DNI seems somewhat alarmed by America’s data broking ecosystem and the cybersecurity risks it presents, but isn’t really in a position to ask Congress to write new laws to fix things.

You can read Tom’s analysis of the DNI report here:

https://news.risky.biz/americas-leaky-data-rattles-the-us-intelligence-community

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news, including:

• Crowdstrike talks loud in its postmortem, but says very little
• Digicert fears the CA-Browser Forum, gets lawsuit from a customer
• Dmitri Alperovitch joins the show to talk about the Russian prisoner swap
• Cloudflare continues to harbour scum and villainy
• Professional ransomware crew … is an improvement?
• And much, much more.

This week’s episode is sponsored by Thinkst Canary. Links to everything discussed are below:

Silverado Policy Accelerator chair Dmitri Alperovitch joined Risky Business host Patrick Gray to talk about Russia exchanging its “hostages” for criminals detained in the West. An excerpt of this interview was used in episode 759 of the Risky Business cybersecurity podcast. https://risky.biz/RB758

In this edition of the Seriously Risky Business podcast Patrick Gray talks to Tom Uren about government interference in Meta’s NSO Group lawsuit, why it’s good news that foreign adversaries are using commercial services to engage in election disinformation, and how the Pentagon issued a (half) apology to the Philippines over its vaccine disinformation.

Subscribe to the Seriously Risky Business newsletter at https://news.risky.biz/

In this podcast Patrick Gray and Adam Boileau from Risky Business Media talk through the week’s cybersecurity news. Links to everything discussed are below:

Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption | Cybersecurity Dive https://www.cybersecuritydive.com/news/business-interruption-claims-will-drive-insurance-losses-linked-to-crowdstr/722775/

Delta hires David Boies to seek damages from CrowdStrike, Microsoft https://www.cnbc.com/2024/07/29/delta-hires-david-boies-to-seek-damages-from-crowdstrike-microsoft-.html…

Risky Business host Patrick Gray talks to SentinelOne’s Chris Krebs and Alex Stamos about CrowdStrike’s baffling failure and what it means for the wider security industry, government regulation and more. SentinelOne is a direct CrowdStrike competitor but this is a wide ranging chat about the can of worms the BSOD incident has opened.

James Pope, Corelight’s Director of Technical Marketing Engineering, demonstrates the company’s Open NDR Platform (https://corelight.com/products/open-ndr/)) and how it combines network detections with a whole host of other data sources.

Justin Kohler, VP of Product at SpecterOps, shows how BloodHound Enterprise can be used to find and fix Active Directory (mis)configurations that could let attackers easily own your entire enterprise.