In this podcast SentinelOne’s Chief Trust officer Alex Stamos and its Chief Intelligence and Public Policy Officer Chris Krebs join Patrick Gray to talk all about AI.

It’s been a year and a half since ChatGPT landed and freaked everyone out. Since then, AI has really entrenched itself as the next big thing. It’s popping up everywhere, and the use cases for cybersecurity are starting to come into focus.

Threat actors and defenders are using this stuff already, but it’s early days and as you’ll hear, things are really going to change, and fast.

This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week’s news, including:

• The ongoing Ascension healthcare disruption, and
• Whether its reasonable for healthcare orgs to be pushing back
• Platforming cybercriminals for interviews
• Own the libs by… not using E2EE messaging?
• CISA’s secure by design, we want to believe!
• The $64billion scale of indusrialised fraud
• And much, much more.

This week’s sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report.

• Federal agencies assisting Catholic health network amid cyberattack
• After Ascension ransomware attack, feds issue alert on Black Basta group
• As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted
• Stolen children’s health records posted online in extortion bid
• Guidance for organisations considering payment in... - NCSC.GOV.UK
• How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security
• In interview, LockbitSupp says authorities outed the wrong guy
• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED
• UK 'increasingly concerned' about Russian intelligence links to hacktivists
• Civil society under increasing threats from ‘malicious’ state cyber actors, US
• Elon Musk Weighs in on the Encryption Wars Between Telegram and Signal
• Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch
• Christie's Website Offline For A Fifth Day And The Company Is Still Silent On The Extent Of Last Week's Security Breach
• 68 tech, security vendors commit to secure-by-design practices | Cybersecurity Dive
• UK government urges caution over blaming China for Ministry of Defence breach
• Black Basta group spam-bombs victims and then calls to help
• Southeast Asian scam syndicates stealing $64 billion annually, researchers find
• The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy | WIRED
• ADVANCED APT EMULATION LABS
• Download the runZero Research Report

Patrick dials in from RSA in San Francisco to discuss the week’s security news with Adam, including:

• The west doxxes LockbitSupp, who must now hide his hundred million dollars
• Revil hacker behind Kasaya breach gets 14 years
• Microsoft makes some positive sounding* noises on security
• A fun flaw in nearly all VPN clients
• Gitlab admins continue their never-ending incident response
• And much, much more.

This week’s sponsor is Stairwell. Long time infosec researcher Silas Cutler joins us to talk through his adventures in attacker C2 systems, and how this feeds into Stairwell’s data.

* we’re still sceptical they’ll get it right, but they do at least seem to realise how deep the doo-doo they’re in is… Pat speculates they have … tentacles, and a regulatory-threat-gland.

• 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks | WIRED
• Andy Greenberg: "@metlstorm @riskybusiness no w…" - Infosec Exchange
• U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security
• Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware
• Microsoft ties security goals to exec compensation
• China suspected of hacking British military payment system, reports say
• Germany recalls ambassador to Russia over cyberattacks
• Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’
• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica
• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED
• Dropbox says hacker accessed passwords, authentication info during breach
• Maximum-severity GitLab flaw allowing account hijacking under active exploitation | Ars Technica
• Our new research: Enhancing blockchain analytics through AI
• Reconstructing the Mind’s Eye: fMRI-to-Image with Contrastive Learning and Diffusion Priors
• Kevin Collier on X: "Oh my God. @riskybusiness is already the name of what is by a longshot the most established cyber podcast. There are a million possible names out there and Mr Decision Making over here went with one that's been in use for more than 15 years."

In this edition of Snake Oilers we’ll be hearing from:

• Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.)
• Knocknoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.)
• iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)

In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

On this week’s show Patrick and Adam discuss the week’s security news, including:

• Palo Alto’s firewalls have a ../ bad day
• Sisense’s bucket full of creds gets kicked over
• United Healthcare draws the ire of congress
• FISA 702 reauthorisation finally moves forward
• Apple warns about “mercenary exploitation” but what’s the India link?
• And much, much, more

This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

• Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability
• CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect
• Rapid7 Technical Analysis
• Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security
• Congress rails against UnitedHealth Group after ransomware attack | CyberScoop
• The US Government Has a Microsoft Problem | WIRED
• House GOP bridges divide to reauthorize FISA surveillance bill - The Washington Post
• Top officials again push back on ransom payment ban | Cybersecurity Dive
• Ex-White House cyber official says ransomware payment ban is a ways off | CyberScoop
• Over 500 people targeted by Pegasus spyware in Poland, officials say
• Apple drops term 'state-sponsored' attacks from its threat notification policy
• “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
• PuTTY vulnerability vuln-p521-bias
• Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
• Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M | Ars Technica
• Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers – Krebs on Security