Episodes

  • Risky Business #746 – Microsoft takes your security seriously*

    Risky Business #746 – Microsoft takes your security seriously*
    May 1 2024
    On this week’s show Patrick and Adam discuss the week’s security news, including: Microsoft reassures* us that they take security very seriously*Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure howChange Healthcare was 1FA Citrix all alongThe FTC, FCC and other government sticks get waved at techLizard Squad Finn who hacked the Vastaamo therapy chain gets sentencedAnd much, much more. This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable. * You’ll forgive us for being… a tad sceptical. Show notes 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks | WIRED Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO | TechCrunch Microsoft CEO says security is its No. 1 priority | Cybersecurity Dive TrustedSec | Full Disclosure: A Look at a Recently Patched Microsoft… Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg | Cybersecurity Dive FTC commercial surveillance rules could arrive within months, sources say FCC takes $200 million bite out of wireless carriers for sharing location data | CyberScoop Know-your-customer executive order facing stiff opposition from cloud industry Tech companies must help the fight aganst extremists using encryption: ASIO boss Josh Taylor on X: "Yess, excellent question from @Paul_Karp on why AFP et al aren't using the powers they already have. They say one technical assistance or capability notice has recently been issued. https://t.co/pEXrvjK5Q4" / X (720) IN FULL: ASIO and AFP respond to X chairman Elon Musk, issues social media warnings | ABC News - YouTube China-linked PlugX malware infections found in more than 170 countries Belarus secret service website still down after hackers claim to breach it Man Who Mass-Extorted Psychotherapy Patients Gets Six Years – Krebs on Security Sweden's liquor shelves to run empty this week due to ransomware attack Congress picked a direct fight with ByteDance and TikTok. The privacy implications are less clear. Telegram blocks, then unblocks, chatbots used by Ukraine’s intelligence services Elon Musk’s X takeover crushed Twitter’s profit to just $4804 in Australia Australian court orders Elon Musk’s X to hide Sydney church stabbing posts from users globally | Australia news | The Guardian After the Christchurch attacks, Twitter made a deal with Jacinda Ardern over violent content. Elon Musk changed everything - ABC News World on the Brink: How America Can Beat China in the Race for the Twenty-First Century - Kindle edition by Alperovitch, Dmitri, Graff, Garrett M.. Politics & Social Sciences Kindle eBooks @ Amazon.com.
    Show more Show less
    1 hr and 3 mins
  • Snake Oilers: Push Security, Knocknoc and iVerify

    Snake Oilers: Push Security, Knocknoc and iVerify
    Apr 29 2024

    In this edition of Snake Oilers we’ll be hearing from:

    • Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.)
    • Knocknoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.)
    • iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)
    Show more Show less
    42 mins
  • Special Edition: Chris Krebs, Alex Stamos and Patrick Gray

    Special Edition: Chris Krebs, Alex Stamos and Patrick Gray
    Apr 24 2024

    In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

    China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

    Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?
    Show more Show less
    45 mins
  • Risky Business #745 – Tales from the PANageddon

    Risky Business #745 – Tales from the PANageddon
    Apr 17 2024

    On this week’s show Patrick and Adam discuss the week’s security news, including:

    • Palo Alto’s firewalls have a ../ bad day
    • Sisense’s bucket full of creds gets kicked over
    • United Healthcare draws the ire of congress
    • FISA 702 reauthorisation finally moves forward
    • Apple warns about “mercenary exploitation” but what’s the India link?
    • And much, much, more

    This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

    Show notes
    • Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability
    • CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect
    • Rapid7 Technical Analysis
    • Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security
    • Congress rails against UnitedHealth Group after ransomware attack | CyberScoop
    • The US Government Has a Microsoft Problem | WIRED
    • House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post
    • Top officials again push back on ransom payment ban | Cybersecurity Dive
    • Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop
    • Over 500 people targeted by Pegasus spyware in Poland, officials say
    • Apple drops term 'state-sponsored' attacks from its threat notification policy
    • “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
    • PuTTY vulnerability vuln-p521-bias
    • Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
    • Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica
    • Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security
    Show more Show less
    58 mins
  • Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence

    Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence
    Apr 10 2024
    On this week’s show Patrick and Adam discuss the week’s security news, including: Ransomware: down but not outZero day prices on the rise…… and what it means for enterprise softwareGeopolitical conflict comes to computers in PalauUkraine cyber chief Illia Vitiuk suspendedMore x86 microarchitectural bad timesAnd much much more Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”. Show notes CyberCX_Report_DFIR 2023 Year in Review_Online.pdfRansomlook StatsVlad Styran 🇺🇦 on X: ".@riskybusiness has noted recently that there is an “orthodox Easter”-like low season in the ransomware village. Although my sources do not support this assessment, if true, there might be a simple explanation https://t.co/kM8lu6KbyY" / XPrice of zero-day exploits rises as companies harden products against hackers | TechCrunchMandiant spots advanced exploit activity in Ivanti devices | Cybersecurity DivePricing - KnocknocALPHV steps up laundering of Change Healthcare ransom payments | CyberScoopExtortion group threatens to sell Change Healthcare data | CyberScoopAttempted hack on NYC continues wave of cyberattacks against municipal governmentsMissouri county declares state of emergency amid suspected ransomware attack | Ars TechnicaMedusa cybercrime gang takes credit for another attack on US municipalityOmni Hotels & Resorts hit by cyberattack | Cybersecurity DiveTargus says cyberattack is causing operational outage | TechCrunchGerman database company Genios confirms ransomware attackResearchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident'They’re lying': Palau denies claims by ransomware gang over recent cyberattackUkrainian security service’s cyber chief suspended following media investigationRussia seeks criminal charges against executives at flight booking service accused of failing to protect consumer dataHouse hurtles toward showdown over expiring surveillance tools | CyberScoopD-Link tells customers to sunset actively exploited storage devices | Cybersecurity DiveA Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIREDAhoi AttacksLinux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability - PhoronixRansomware gang’s new extortion trick? Calling the front desk | TechCrunchEvolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers | Proofpoint US
    Show more Show less
    Less than 1 minute
  • Snake Oilers: Kodex, ClearVector and Censys

    Snake Oilers: Kodex, ClearVector and Censys
    Apr 4 2024

    In this edition of Snake Oilers you’ll hear pitches from three companies:

    • Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.)
    • ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte
    • Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2
    Show more Show less
    42 mins
  • Risky Business #743 -- A chat about the xz backdoor with the guy who found it

    Risky Business #743 -- A chat about the xz backdoor with the guy who found it
    Apr 3 2024

    On this week’s show Patrick and Adam discuss the week’s security news, including:

    • The SSH backdoor that dreams (or nightmares) are made of
    • Microsoft gets a solid spanking from the CSRB
    • Ukraine uses an old Russian WinRAR bug to hack Russia
    • Push-notifications and social-engineering combined-arms vs Apple
    • And much, much more.

    We have a special guest in this week’s show, Andres Freund, the Postgres developer who discovered the backdoor in the xz Linux compression library.

    This week’s show is brought to you by Island, a company that makes a security-focussed enterprise browser. Island’s Bradon Rogers is this week’s sponsor guest and he’ll be joining us to talk about how people are swapping out their Virtual Desktop Infrastructure for enterprise-focussed browsers like theirs.

    Show notes
    • Risky Biz News: Supply chain attack in Linuxland
    • oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise
    • Andres Freund (Tech) on X: "@binitamshah FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (by the usual automated attempts trying random user/password combinations) using a substantial amount of CPU. Only after that I noticed the slower logins." / X
    • Andres Freund (Tech) on X: "@riskybusiness Absurdly enough, I was listening to the episode on a cooking break while writing the xz issue up. Couldn't make it up." / X
    • GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
    • research!rsc: The xz attack shell script
    • DHS report rips Microsoft for ‘cascade’ of errors in China hack - The Washington Post
    • Review of the Summer 2023 Microsoft Exchange Online Intrusion
    • Russian researchers say espionage operation using WinRAR bug is linked to Ukraine
    • Recent ‘MFA Bombing’ Attacks Targeting Apple Users – Krebs on Security
    • Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
    • Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
    Show more Show less
    58 mins
  • Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop

    Risky Business #742 -- China bans AMD and Intel, pivots to Linux on the desktop
    Mar 26 2024

    On this week’s show Patrick and Adam discuss the week’s security news, including:

    • FVEY protests China’s widespread hacking of western politicians
    • China bans western CPUs, Windows and databases
    • Apple’s leaky M-chip prefetcher
    • Nigeria holds ex-IRS investigator hostage in Binance stoush
    • Researchers bring Rowhammer to AMD Zen and DDR5
    • And much, much more.

    This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer joins this week’s show to make a passionate case that security vendors don’t all have to go for explosive growth. Slow and steady with a focus on excellent and relevant products will win the race, he says.

    Show notes
    • Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov
    • Parliament network breached in China-led cyberattack, Judith Collins reveals
    • China blocks use of Intel and AMD chips in government computers
    • Announcement of Safety and Reliability Evaluation Results (No. 1, 2023)
    • Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica
    • How Ukraine is using mobile phones on 6ft poles to stop drones
    • Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop
    • US penalizes Russian fintech firms that helped others evade sanctions
    • UN probing 58 alleged crypto heists by North Korea worth $3 billion
    • Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance
    • The DOJ Puts Apple's iMessage Encryption in the Antitrust Crosshairs | WIRED
    • Mark Zuckerberg told Facebook execs to 'figure out' how to track encrypted usage on rival apps like Snap and YouTube, unsealed documents show
    • ‘Far-reaching’ hack stole information from Python developers
    • ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms
    • One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem
    • Apex Legends hacker said he hacked tournament games ‘for fun’ | TechCrunch
    Show more Show less
    1 hr and 5 mins