Videos

On this week’s Risky Business cybersecurity podcast, Patrick Gray and Adam Boileau discuss the weeks security news, including:

Hezbollah’s attempts to avoid SIGINT with pagers ends in explosions The US shines many bright lights on RT’s disinfo role Australia counters Chinese bullying in the Pacific Valid accounts are the most prevalent entry point, says CISA’s data Ivanti and Fortinet vie for worst vendor of the week Krebs writes up the shift towards charging The Com with terrorism And much, much more…

This week’s episode is sponsored by Push Security, who bring security visibility to where it needs to be these days – the browser. Luke Jennings joins this week’s show to discuss how phish-kit crews are driving the arms race forward, and how detection has to adapt and go where the users are. …

In this podcast Tom Uren and Patrick Gray talk about the structure of the spyware ecosystem. It’s concentrated, with lots of vendors in India, Israel and Italy. And its a small pool of talent, with many companies being founded by just a few individuals.

They also talk about the US government’s actions against Russia’s disinformation ecosystem. The US very clearly linked different ‘layers’ of that ecosystem directly to the Russian government. Employing influencers via cutouts also shows how Russian disinformation has responded as social media platforms have countered interference efforts.

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Russia’s disinformation peddlers face multifaceted sternness from the DoJ
• Telegram is now law enforcement’s bestest new pal, all of a sudden
• Iran’s banking industry arranges a payment plan for a ransom
• Columbia investigates how it sent private jets full of cash to pay for Pegasus
• Microsoft innovates with Un-Patch Tuesday
• And much, much more.

This week’s sponsor is Kroll Cyber, and one of their incident responders Paul Wells joins to discuss that one weird trick that actually helps - preparing for an incident before hand, rather than learning all those hard lessons in the middle of a crisis….

In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies:

• Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs
• Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst
• SlashID, an identity security company that can crunch your logs to find attackers

Subscribe to the Risky Business podcst at https://risky.biz/subscribe

NOTE: We had a bit of an audio/video sync glitch in this episode.. we’re trying to sort it out for the next one. Sorry!

In this podcast Tom Uren and Patrick Gray discuss Russia’s use of exploits from commercial spyware vendors. Bought through a front, or stolen with other bugs?

The also discuss Iran’s counter-intelligence innovations - if you apply for a job thats very clearly an Israeli front, then perhaps you’re not that trustworthy after all?

On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including:

• Brazil’s supreme court bans X-formerly-Twitter,
• Iranian cyber teams cooperate with ransomware crews
• While North Koreans wield chrome-windows 0-day
• Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet
• The White House is coming for your unsigned BGP announcements
• And much, much more.

This week’s episode is sponsored by Okta, and specifically their Identity Security Posture Management product. Okta recently acquired Spera Security, and co-founder Ariel Kadyshevitch joins to talk through the messy reality of modern identity. Pat even gets the giggles at how terrible everything is!…

Travis McPeak demonstrates how to set up controls so that deploying cloud infrastructure is secure and repeatable from the get go.

In this podcast Tom Uren and Patrick Gray talk about Telegram’s founder and CEO Pavel Durov being released on bail. They dive into the backstory behind the charges he’s facing and what it all might mean for other messaging platforms.

They also discuss a very handy list of straightforward ways to detect North Korean’s trying to sneak into remote work jobs.

Patrick Gray and Adam Boileau talk through all the week’s security news in this weekly episode of the Risky Business cybersecurity podcast. Links to items discussed in the pod:

Pavel Durov: Telegram CEO’s arrest part of larger investigation https://www.nbcnews.com/tech/tech-news/pavel-durov-telegram-ceo-macron-france-arrest-musk-snowden-rcna168212

Keep Pavel Durov LOCKED UP https://blog.thc.org/keep-pavel-durov-locked-up

Internet mogul Kim Dotcom to be extradited to the US, NZ justice minister says - ABC News…

In this podcast Tom Uren and Patrick Gray discuss an Australian government effort to bridge the gap between online and real identity across the whole economy. It addresses a real need, but Tom doesn’t think it will go smoothly.

They also discuss ongoing Chinese cyber espionage focussed on Russian targets. They may have a ‘no limits’ friendship, but spying between allies is remarkably common.