Videos

This week’s feature guest is former FBI agent Chris Tarbell, who arrested Silk Road operator Ross Ulbricht way back in 2013. As suggestions swirl that an incoming Trump administration might release Ulbricht, Chris talks about the reality of the Dread Pirate Roberts.

Patrick Gray and Adam Boileau also discuss the week’s cybersecurity news, including:

• Apple frustrates law enforcement with iOS auto-reboot
• CISA says most KEV vulnerabilities in 2023 were first used as zero days
• Russians roll incident response on some sweet Linux spookware
• Regular users can create mailboxes in M365?
• Tor tracks down the source of its joe-job abuse complaints…

In this edition of the Risky Business Soap Box we’re talking all about email security with Sublime Security co-founder Josh Kamdjou.

Email security is one of the oldest product categories in security, but as you’ll hear, Josh thinks the incumbents are just doing it wrong. He joins Risky Business host Patrick Gray for this interview about Sublime’s origin story and its new approach to email security.

https://sublime.security/

In this podcast Tom Uren and Patrick Gray talk about the Snowflake hack after the person allegedly responsible was arrested in Canada. Telegram is involved at all sorts of levels and Tom wonders if this crime would have occurred if Telegram didn’t exist.

They also discuss the impact of the Chinese hack of US telcos and Sophos’ five-year cyber knife fight with Chinese APT crews.

On this week’s weekly Risky Business cybersecurity podcast Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• Sophos drops implants on Chinese firewall exploit devs
• Microsoft workshops better just-in-time Windows admin privileges
• Snowflake hacker arrested in Canada
• Okta has a fun, but not very impactful auth-bypass bug
• Russians bring dumb-but-smart RDP client attacks
• And much, much more.

Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is available on Youtube (https://www.youtube.com/watch?v=QDh5-ZL3nis)) for those who want to really live vicariously through Sophos doing what every vendor probably wants to do. …

In this special bonus interview Patrick Gray interviews Sophos CISO Ross McKerchar about the company’s operations against Chinese exploit developers.

You can get the full Sophos report here: https://www.sophos.com/en-us/content/pacific-rim

NOTE: This is the news segment from this week’s podcast but the sponsor interview will only appear in the audio version due to a technical problem with that interview’s video recording. This is the same news segment though!

In this edition of the weekly Risky Business cybersecurity podcast Patrick Gray and Adam Boileau talk through:

• A Chinese APT wiretaps the Trump and Harris campaigns
• Operation Magnus snares infostealer operators and customers
• Crypto thieves return stolen funds to US government wallets
• Did Israel hack Iranian air defence?
• Delta finally sues CrowdStrike
• Much, much more…

In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including:

• A history of Thinkst Canary including a recap of what they actually do
• A look at why they’re still really the only major player in the deception game
• A look at what companies like Microsoft are doing with deception
• Why security startups should have conference booths

Find them at https://canary.tools/

In this podcast Tom Uren, Patrick Gray and Adam Boileau talk about an EU directive that will make vendors liable for software defects. The directive sets a very high bar but is also limited in scope. It only applies to individuals and doesn’t cover professional use so it is a very practical way to start changing expectations about liability.

They also talk about Session Messenger app which has decamped from Australia and set up a foundation in Switzerland. The encrypted and metadata-resistant app is catnip for criminals, so we expect that it is on a collision course with state power.

In this product demo, Material Security’s co-founder and CEO Abhishek Agrawal shows how the company’s platform works with M365 and Google Workspace. It can be used to find and automatically fix existing vulnerabilities, find new threats, and protect data even after a compromise has occurred.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

• The SEC fines tech firms for downplaying the Solarwinds hacks
• Anonymous Sudan still looks and quacks like a Russian duck
• Apple proposes max 10 day TLS certificate life
• Oopsie! Microsoft loses a bunch of cloud logs
• Veeam and Fortinet are bad and should feel bad
• North Koreans are good (at hacking)
• And much, much more.

This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember joins to talk about their work keeping up with prolific threat actor SocGholish. …