In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Palo Alto’s firewalls have a ../ bad day
• Sisense’s bucket full of creds gets kicked over
• United Healthcare draws the ire of congress
• FISA 702 reauthorisation finally moves forward
• Apple warns about “mercenary exploitation” but what’s the India link?
• And much, much, more

This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

• Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability
• CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect
• Rapid7 Technical Analysis
• Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security
• Congress rails against UnitedHealth Group after ransomware attack | CyberScoop
• The US Government Has a Microsoft Problem | WIRED
• House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post
• Top officials again push back on ransom payment ban | Cybersecurity Dive
• Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop
• Over 500 people targeted by Pegasus spyware in Poland, officials say
• Apple drops term 'state-sponsored' attacks from its threat notification policy
• “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
• PuTTY vulnerability vuln-p521-bias
• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
• Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica
• Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security