Page de couverture de Risky Business

Risky Business

Risky Business

Auteur(s): Patrick Gray
Écouter gratuitement

À propos de cet audio

 Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2026 Politique
Épisodes
  • Risky Business #822 -- France will ditch American tech over security risks

    Risky Business #822 -- France will ditch American tech over security risks
    Jan 28 2026
    In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity softwareChina’s Salt Typhoon was snooping on Downing StreetTrump wields the mighty DISCOMBOBULATORESET says the Polish power grid wiper was Russia’s GRU Sandworm crewUS cyber institutions CISA and NIST are strugglingVoice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime’s 2026 Email Threat Research report. He joins to talk through what they see of attackers’ use of AI, as well as the other trends of the year. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns | EuronewsSuite Numérique plan - Google SearchChina hacked Downing Street phones for yearsCyberattack Targeting Poland’s Energy Grid Used a WiperTrump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS NewsRisky Bulletin: Cyberattack cripples cars across Russia - Risky Business MediaLawmakers probe CISA leader over staffing decisions | CyberScoopTrump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICOActing CISA director failed a polygraph. Career staff are now under investigation. - POLITICONIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity DiveFederal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity DiveReal-Time phishing kits target Okta, Microsoft, GooglePhishing kits adapt to the script of callersOn the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's BlogGitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMsOverrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars TechnicaBypassing Windows Administrator Protection - Project ZeroTask Failed Successfully - Microsoft’s “Immediate” Retirement of MDT - SpecterOpsKubernetes Remote Code Execution Via Nodes/Proxy GET PermissionWhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp BlogMicrosoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunchHe Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIREDKey findings from the 2026 Sublime Email Threat Research Report
    Voir plus Voir moins
    1 h et 4 min
  • Risky Business #821 -- Wiz researchers could have owned every AWS customer

    Risky Business #821 -- Wiz researchers could have owned every AWS customer
    Jan 21 2026
    In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book. This week news includes: Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them madMS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting downWiz pulls off cloud stunt hack that ends with control of everyone’s AWS consoleMillions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any timeGNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad. This episode is also available on Youtube. Show notes Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York TimesWhy I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars TechnicaLayered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services InstituteFormer CISA Director Jen Easterly Will Lead RSAC Conference | WIREDTrump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCWFederal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future NewsWindows 11 shutdown bug forces Microsoft into damage control • The RegisterCodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz BlogCritical flaw in AWS Console risked compromise of build environment | Cybersecurity DiveNever-before-seen Linux malware is “far more advanced than typical” - Ars TechnicaVoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point ResearchHundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIREDCritical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity DiveCVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEMA single click mounted a covert, multistage attack against Copilot - Ars TechnicaPolice raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future NewsJordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future NewsSupreme Court hacker posted stolen government data on Instagram | TechCrunchoss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetdHow crypto criminals stole $700 million from people - often using age-old tricksCtrl + Alt + Chaos: How Teenage Hackers Hijack the Internet
    Voir plus Voir moins
    1 h et 5 min
  • Risky Business #820 -- Asian fraud kingpin will face Chinese justice (pew pew!)

    Risky Business #820 -- Asian fraud kingpin will face Chinese justice (pew pew!)
    Jan 14 2026
    Risky Business returns for 2026! Patrick Gray and Adam Boileau talk through the week’s cybersecurity news, including: Santa brings hackers MongoDB memory leaks for ChristmasVercel pays out a million bucks to improve its React2Shell WAF defences39C3 delivers; the pink Power Ranger deletes nazis, while a catgirl ruins GnuPGCambodian scam compound kingpin gets extradited to China, and we don’t think it’ll go well for himKrebs picks apart the Kimwolf botnet and residential proxy networksSo many healthcare data leaks that we have a roundup section This week’s episode is sponsored by Airlock Digital. The founders of the application allow-listing vendor, David Cottingham and Daniel Schell, discuss Microsoft’s ClickOnce .NET app packaging, and how attackers have been abusing it to load code. Airlock hates it when you load code! This episode is also available on Youtube. Show notes US, Australia say ‘MongoBleed’ bug being exploited | The Record from Recorded Future NewsMerry Christmas Day! Have a MongoDB security incident. | by Kevin Beaumont | Dec, 2025 | DoublePulsarInside Vercel’s sleep-deprived race to contain React2Shell | CyberScoopgpg.failHacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunchChinese attackers exploiting zero-day to target Cisco email security products | The Record from Recorded Future NewsNi8mare  -  Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) | Cyera Research LabsServiceNow patches critical AI platform flaw that could allow user impersonation | CyberScoopAlleged cyber scam kingpin arrested, extradited to China | The Record from Recorded Future NewsFCC IoT labeling program loses lead company after China probe | Cybersecurity DiveTrump picks Lt. Gen. Joshua Rudd to lead NSA spy agency - The Washington PostNSA cyber directorate gets new acting leadership | The Record from Recorded Future NewsDutch court sentences hacker who used port systems to smuggle cocaine to 7 years | The Record from Recorded Future NewsECLI:NL:GHAMS:2026:22, Amsterdam Court of Appeal, 23-003218-22The Kimwolf Botnet is Stalking Your Local Network – Krebs on SecurityWho Benefited from the Aisuru and Kimwolf Botnets? – Krebs on SecurityCoupang recovers smashed laptop that alleged data leaker threw into river | The Record from Recorded Future NewsRansomware responders plead guilty to using ALPHV in attacks on US organizations | The Record from Recorded Future NewsNearly 480,000 impacted by Covenant Health data breach | The Record from Recorded Future NewsIllinois health department exposed over 700,000 residents' personal data for years | TechCrunchTech provider for NHS England confirms data breach | TechCrunchHacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’ - NZ Herald
    Voir plus Voir moins
    59 min
Pas encore de commentaire