Episodios

  • Risky Business #817 -- Less carnage than your usual Thanksgiving

    Risky Business #817 -- Less carnage than your usual Thanksgiving
    Dec 3 2025
    In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. It’s a quiet week with Thanksgiving in the US, but there’s always some cyber to talk about: Airbus rolls out software updates after a cosmic ray bitflips an A320 into a diveKrebs tracks down a Scattered Lapsus$ Hunters teen through the usual poor opsec…… as Wired publishes an opsec guide for teens.Microsoft decides its login portal is worth a Content Security PolicySouth Korean online retailer data breach covers 65% of the country This week’s episode is sponsored by Nebulock. Founder and CEO Damien Lewke joins to talk through their work bringing more SIgma threat detection rules to MacOS. This episode is also available on Youtube. Show notes Airlines race to fix their Airbus planes after warning solar radiation could cause pilots to lose control | CNNCongress calls on Anthropic CEO to testify on Chinese Claude espionage campaign | CyberScoopPost-mortem of Shai-Hulud attack on November 24th, 2025 - PostHogUpdate: Shai-Hulud and the npm Ecosystem: Why CTEM Must Extend Beyond Your Walls | ArmisGlassworm's resurgence | Secure Annex4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi BlogPost by @spuxx.bsky.social — BlueskyMeet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ – Krebs on SecurityThe WIRED Guide to Digital Opsec for Teens | WIREDPerth hacker Michael Clapsis jailed after setting up fake Qantas Wi-Fi, stealing sex videos - ABC NewsEd Conway on X: "The person who first downloaded the OBR's document at 11:35 on Budget day (I'm guessing someone at Reuters, given they first reported it) had already guessed the web address and tried and failed to download it 32 times so far that day(!) https://t.co/6iLm2uEUj2" / XReuters accused of hack attack | ZDNETThe Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIREDMicrosoft tightens cloud login process to prevent common attack | Cybersecurity DiveFortinet FortiWeb flaws found in unsupported versions of web application firewall | Cybersecurity DiveCryptomixer platform raided by European police; $29 million in bitcoin seized | The Record from Recorded Future NewsOfficials accuse North Korea’s Lazarus of $30 million theft from crypto exchange | The Record from Recorded Future NewsData breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population | The Record from Recorded Future NewsNSA Contractor Groomed Teenage Girls On Reddit, DOJ AllegesNebulock developed coreSigma for MacOScoreSigma repo:
    Más Menos
    1 h y 1 m
  • Risky Business #816 -- Copilot Actions for Windows is extremely dicey

    Risky Business #816 -- Copilot Actions for Windows is extremely dicey
    Nov 26 2025
    In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Salesforce partner Gainsight has customer data stolenCrowdstrike fires insider who gave hackers screenshots of internal systemsAustralian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigsShai-Hulud npm/Github worm is back, and rm -rf’ier than everSEC gives up on Solarwinds lawsuitDog eats cryptographer’s key material This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models. This episode is also available on Youtube. Show notes Google says hackers stole data from 200 companies following Gainsight breachGainsight StatusTrust StatusCrowdStrike fires 'suspicious insider' who passed information to hackersSalesforce cuts off access to third-party app after discovering ‘unusual activity’Атаки разящей панды: APT31 сегодняOffice of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament HouseSha1-Hulud: The Second Coming of the NPM Worm is Digging For SecretsFCC eliminates cybersecurity requirements for telecom companiesTrade Associations Cybersecurity Practices Ex ParteSEC voluntarily dismisses SolarWinds lawsuitRecord-breaking DDoS attack against Microsoft Azure mitigatedThe Cloudflare Outage May Be a Security Roadmap – Krebs on SecurityCritics scoff after Microsoft warns AI feature can infect machines and pilfer datavx-underground on X: "I've had a surprising amount of people ask me about Copilot"Researchers warn command injection flaw in Fortinet FortiWeb is under exploitationTwo suspected Scattered Spider hackers plead not guilty over Transport for London cyberattackRussia arrests young cybersecurity entrepreneur on treason chargesThis campaign aims to tackle persistent security myths in favor of better adviceOops. Cryptographers cancel election results after losing decryption key.Uncovering network attack paths with runZeroHoundModel Context Protocol
    Más Menos
    58 m
  • Risky Biz Soap Box: Greynoise knows when bad bugs are coming

    Risky Biz Soap Box: Greynoise knows when bad bugs are coming
    Nov 20 2025

    In this sponsored Soap Box edition of the podcast, Andrew Morris joins Patrick Gray to talk about how Greynoise can often get a 90 day heads up on serious vulnerabilities. Whether it’s malicious actors doing reconnaissance or the affected vendors trying to understand the scope of the problem, it seems that mass scanning activity lines up pretty nicely with typical 90-day disclosure timelines.

    A fascinating chat with Andrew, as always.

    This episode is also available on Youtube.

    Show notes
      Más Menos
      38 m
    • Risky Business #815 -- Anthropic's AI APT report is a big deal

      Risky Business #815 -- Anthropic's AI APT report is a big deal
      Nov 19 2025

      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

      • Anthropic says a Chinese APT orchestrated attacks using its AI
      • It’s a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild
      • Turns out slashing CISA was a bad idea, now it’s time for a hiring spree
      • Researchers brute force entire phone number space against Whatsapp contact discovery API
      • DOJ figures out how to make SpaceX turn off scam compounds’ Starlink service

      This week’s episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world.

      This episode is also available on Youtube.

      Show notes
      • Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign
      • Researchers question Anthropic claim that AI-assisted attack was 90% autonomous - Ars Technica
      • China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work | CyberScoop
      • Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog
      • CISA gives federal agencies one week to patch exploited Fortinet bug | The Record from Recorded Future News
      • PSIRT | FortiGuard Labs
      • CISA, eyeing China, plans hiring spree to rebuild its depleted ranks | Cybersecurity Dive
      • This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED
      • A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers | WIRED
      • DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound | WIRED
      • Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million | The Record from Recorded Future News
      • Cyberattack leaves Jaguar Land Rover short of £680 million | The Record from Recorded Future News
      • FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News
      • Operation Endgame: Police reveal takedowns of three key cybercrime tools | The Record from Recorded Future News
      • Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds | WIRED
      Más Menos
      51 m
    • Risky Business #814 -- It's a bad time to be a scam compound operator

      Risky Business #814 -- It's a bad time to be a scam compound operator
      Nov 12 2025

      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

      • The KK Park scam compound in Myanmar gets blasted with actual dynamite
      • China sentences more scammers TO DEATH
      • While Singapore is opting to lash them with the cane
      • Chinese security firm KnownSec leaks a bunch of documents
      • Necromancy continues on NSO Group, with a Trump associate in charge
      • OWASP freshens up the Top 10, you won’t believe what’s number three!

      This week’s episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you’re going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”?

      This episode is also available on Youtube.

      Show notes
      • Myanmar Junta Dynamites Scam Hub in PR Move as Global Pressure Grows
      • China sentences 5 Myanmar scam kingpins to death | The Record from Recorded Future News
      • Law passed for scammers, mules to be caned after victims in Singapore lose almost $4b since 2020 | The Straits Times
      • KnownSec breach: What we know so far. - NetAskari
      • Risky Bulletin: Another Chinese security firm has its data leaked
      • Inside Congress Live
      • The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED
      • Former Trump official named NSO Group executive chairman | The Record from Recorded Future News
      • Short-term renewal of cyber information sharing law appears in bill to end shutdown | The Record from Recorded Future News
      • Jaguar Land Rover hack hurt the U.K.'s GDP, Bank of England says
      • Monetary Policy Report - November 2025 | Bank of England
      • SonicWall says state-linked actor behind attacks against cloud backup service | Cybersecurity Dive
      • Japanese media giant Nikkei reports Slack breach exposing employee and partner records | The Record from Recorded Future News
      • "Intel sues former employee for allegedly stealing confidential data" Post by @campuscodi.risky.biz — Bluesky
      • Introduction - OWASP Top 10:2025 RC1
      Más Menos
      1 h y 3 m
    • Risky Business #813 -- FFmpeg has a point

      Risky Business #813 -- FFmpeg has a point
      Nov 5 2025
      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: We love some good vulnerability reporting drama, this time FFmpeg’s got beef with GoogleOpenAI announces its Aardvark bug-gobbling systemTwo US ransomware responders get arrested for… ransomwareMemento (nee HackingTeam) CEO says: Sì, those are totally our tools getting snapped in RussiaHackers help freight theft gangs steal shipments to resellA second Jabber Zeus mastermind gets his comeuppance 15 years on This week’s episode is sponsored by Nucleus Security, who make a vulnerability information management system. Co-founder Scott Kuffer says that approaches for triaging vulnerabilities have started to fall apart, given there are just. So. Many. And they’re all important! This episode is also available on Youtube. Show notes vx-underground on X: "Yeah, so pretty much this entire drama thing is FFmpeg are a bunch of nerds…"FFmpeg on X: "@DavidEGrayson It's someone's hobby project of an obscure 1990s decoder…"Halvar Flake on X: "Given the extremely big role ffmpeg has played historically..."thaddeus e. grugq on X: "Current drama: Plucky security researcher Google takes on volunteer open source behemoth FFmpeg."Robert Graham on X: "Current status: There's a conflict between Google…"Introducing Aardvark: OpenAI’s agentic security researcher | OpenAIBugcrowd acquires Mayhem Security to advance AI-powered security testing | CyberScoopProsecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks | CyberScoopFormer Trenchant Exec Sold Stolen Code to Russian Buyer Even After Learning that Other Code He Sold Was Being "Utilized" by Different Broker in South KoreaHow an ex-L3Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunchOperation Zero — A Zero-Day Vulnerability PlatformJohn Scott-Railton on X: "7/ There's a push to scale up America's offensive industry right now…"CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware | TechCrunchExploiting Microsoft Teams: Impersonation and Spoofing Vulnerabilities Exposed Microsoft Teams Vulnerabilities UncoveredCargo theft gets a boost from hackers using remote monitoring tools | The Record from Recorded Future NewsRemote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint USAlleged Conti ransomware gang affiliate appears in Tennessee court after Ireland extradition | The Record from Recorded Future NewsThree suspected developers of Meduza Stealer malware arrested in Russia | The Record from Recorded Future NewsAlleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody – Krebs on SecurityWindows Server Update Service exploitation ensnares at least 50 victims | Cybersecurity DivePost by @paulschnack.bsky.social — Bluesky
      Más Menos
      1 h y 5 m
    • Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD

      Risky Business #812 -- Alleged Trenchant exploit mole is ex-ASD
      Oct 29 2025

      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

      • L3Harris Trenchant boss accused of selling exploits to Russia once worked at the Australian Signals Directorate
      • Microsoft WSUS bug being exploited in the wild
      • Dan Kaminsky DNS cache poisoning comes back because of a bad PRNG
      • SpaceX finally starts disabling Starlink terminals used by scammers
      • Garbage HP update deletes certificates that authed Windows systems to Entra

      This week’s episode is sponsored by automation company Tines. Field CISO Matt Muller joins to discuss how Tines has embraced LLMs and the agentic-AI future into their workflow automation.

      This episode is also available on Youtube.

      Show notes
      • US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer | TechCrunch
      • Attackers bypass patch in deprecated Windows Server update tool | CyberScoop
      • CVE-2025-59287 WSUS Unauthenticated RCE | HawkTrace
      • CVE-2025-59287 WSUS Remote Code Execution | HawkTrace
      • Catching Credential Guard Off Guard - SpecterOps
      • Cache poisoning vulnerabilities found in 2 DNS resolving apps - Ars Technica
      • Uncovering Qilin attack methods exposed through multiple cases
      • Safety on X: "By November 10, we’re asking all accounts that use a security key as their two factor authentication (2FA) method to re-enroll their key to continue accessing X. You can re-enroll your existing security key, or enroll a new one. A reminder: if you enroll a new security key, any" / X
      • SpaceX disables more than 2,000 Starlink devices used in Myanmar scam compounds | The Record from Recorded Future News
      • SpaceX: Update Your Inactive Starlink Dishes Now or They'll Be Bricked
      • How we linked ForumTroll APT to Dante spyware by Memento Labs | Securelist
      • Former Polish official indicted over spyware purchase | The Record from Recorded Future News
      • HP OneAgent Update Broke Entra Trust on HP AI Devices
      • Windows' Built-in OpenSSH for Offensive Security
      • How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA | WIRED
      Más Menos
      1 h y 6 m
    • Risky Business #811 -- F5 is the tip of the crap software iceberg

      Risky Business #811 -- F5 is the tip of the crap software iceberg
      Oct 22 2025
      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: China has been rummaging in F5’s networks for a couple of yearsMeanwhile China tries to deflect by accusing the NSA of hacking its national timing systemSalesforce hackers use their stolen data trove to dox NSA, ICE employeesCrypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpahAdam gets humbled by new Linux-capabilities backdoor trickMicrosoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned. This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it. This episode is also available on Youtube. Show notes Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks | WIREDBreach at US-based cybersecurity provider F5 blamed on China, sources say | ReutersNetwork security devices endanger orgs with ’90s era flaws | CSO OnlineChina claims it caught US attempting cyberattack on national time center | The Record from Recorded Future NewsHackers Dox Hundreds of DHS, ICE, FBI, and DOJ OfficialsHackers Say They Have Personal Data of Thousands of NSA and Other Government OfficialsICE amps up its surveillance powers, targeting immigrants and antifa - The Washington PostJohn Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion AttemptUS court orders spyware company NSO to stop targeting WhatsApp, reduces damages | ReutersApple alerts exploit developer that his iPhone was targeted with government spyware | TechCrunchA New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones | WIREDGlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi BlogEuropean police bust network selling thousands of phone numbers to scammers | The Record from Recorded Future NewsStephan Berger on X: "We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we discovered that the attackers had been active in the network for months and had deployed multiple backdoors. One way they could regain root" / XLinux Capabilities Revisited | dfir.chCVE-2025-59287 WSUS Remote Code Execution | HawkTraceTARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera BlogBrowser threat detection & response | Push Security | Push SecurityHow Push stopped a high risk LinkedIn spear-phishing attack
      Más Menos
      52 m