Risky Business #603 -- YOU get sanctions, and YOU get sanctions
https://chtbl.com/track/383384/media3.risky.biz/RB603.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8349737601
https://risky.biz/RB603
On this week’s show Patrick and Adam discuss the week’s security news, including:
- “Proud Boys” email campaign attributed to Iran in record time
- Sanctions for everyone!
- US doxes more adversary TTPs
- Katie Nickels and Chris Krebs join the show
This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- CISA, FBI roll the dice on transparency - Risky Business
- Exclusive: 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources | Reuters
- FBI News Conference on Election Security | C-SPAN.org
- Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong
- Why the US was so fast to blame Iran for voter intimidation emails in Florida
- US Treasury sanctions 5 Iranian organizations for alleged election influence operations
- 'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
- The US Sanctions Russians for Potentially ‘Fatal’ Triton Malware | WIRED
- EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack
- DOD, FBI, DHS warn of active North Korean government-linked hacking operation
- FBI, CISA: Russian hackers breached US government networks, exfiltrated data | ZDNet
- The Hunter Biden laptop could be fake. Or it could be real. We may never know. - The Washington Post
- Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election | Reuters
- Phishing groups are collecting user data, email and banking passwords via fake voter registration forms | ZDNet
- (1) John Hultquist on Twitter: "If the hackers claim to be criminal and there’s no way to pay them, that raises doubt. Likewise, if they claim to be ideological and ask for money..." / Twitter
- Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals
- Dr. Reddy's shuts 'key' plants worldwide after potential cyberattack hits COVID work | FiercePharma
- Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts
- A Hacker Is Threatening to Leak Patients' Therapy Notes | WIRED
- Tech giants among those affected by breach at PDF signature software maker Nitro | The Daily Swig
- Massive Nitro data breach impacts Microsoft, Google, Apple, more
- 404 Error | Nitro
- Hacker steals $24 million from cryptocurrency service 'Harvest Finance' | ZDNet
- MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states | ZDNet
- (3) Patrick Gray on Twitter: "Wooo... about time" / Twitter
- Apple notarizes six malicious apps posing as Flash installers | ZDNet
- The Now-Defunct Firms Behind 8chan, QAnon — Krebs on Security
- CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant
- Over 100 irrigation systems left exposed online without a password | ZDNet
- Microsoft launches machine learning cyber-attack threat matrix | The Daily Swig
- WordPress deploys forced security update for dangerous bug in popular plugin | ZDNet
- NSA whistleblower Edward Snowden granted permanent residency in Russia | ZDNet
- Process Herpaderping | herpaderping
|
Oct 28, 2020 |
Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform
https://chtbl.com/track/383384/media3.risky.biz/snakeoilers12pt2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8174333205
https://risky.biz/snakeoilers12pt2
In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:
- Gravwell pitches its “structure on read” approach to SIEM
- Plextrac describes its red team/pentest reporting platform
- ITProTV’s Don Pezet talks about trends in online training
|
Oct 22, 2020 |
Risky Business #602 -- US DoJ hooks Sandworm
https://chtbl.com/track/383384/media3.risky.biz/RB602.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8152999581
https://risky.biz/RB602
On this week’s show Patrick and Adam discuss the week’s security news, including:
- US DoJ unseals indictments against Sandworm operators
- Twitter backtracks on “hacked materials” policy
- No consensus on Trickbot c2 status
- NSA publishes “most exploited” listicle that’s actually interesting
- Much, much more
Cmd Security is this week’s sponsor. Its CEO Jake King and CTO Mike Sample join the show this week to talk though a new remote access tech release from Hashicorp called Boundary and what it might mean for Linux system observability in your environment.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 21, 2020 |
Risky Business #601 -- Everyone's messing with TrickBot
https://chtbl.com/track/383384/media3.risky.biz/RB601.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7950874309
https://risky.biz/RB601
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Yep, it was Cyber Command
- Also Microsoft, Symantec, Lumen and others
- Norwegian parliament hack pinned on Russia
- We finally talk about “ethics in OST”
- More
Netflix senior security engineer Scott Behrens also joins the show this week. This week’s episode if brought to you by Signal Sciences – which is now a part of Fastly – and they suggested we talk to Scott for their sponsor slot this week. So, Scott joins the show to talk through how Netflix handles appsec.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 14, 2020 |
Snake Oilers 12 Part 1: An incident management platform for the SOC and auditing for your SaaS accounts
https://chtbl.com/track/383384/media3.risky.biz/snakeoilers12pt1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7897475568
https://risky.biz/snakeoilers12pt1
In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:
- Vaughan Shanks pitches the Cydarm SOC incident management platform
- Adrian Kitto introduces Detexian, a platform that audits SaaS accounts
- Eric Skinner from Trend Micro talks about XDR
|
Oct 12, 2020 |
Risky Business #600 -- Who's messing with TrickBot?
https://chtbl.com/track/383384/media3.risky.biz/RB600.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7767448300
https://risky.biz/RB600
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The UHS ransomware attack
- Someone is messing with TrickBot: Did the USA release the hounds?
- US Treasury issues final warning on sanctioned ransomware crews
- Azerbaijan and Armenia going at it
- Fancy Bear owns US government department
Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 07, 2020 |
Risky Biz special guest: Former Australian Prime Minister Malcolm Turnbull
https://chtbl.com/track/383384/media3.risky.biz/HF8.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7571867204
https://risky.biz/HF8
This edition of the show is brought to you with the assistance the Hewlett Foundation, which awarded us a grant so we could do these policy-focussed podcasts.
Malcolm Bligh Turnbull served as a member of Parliament from 2004 until 2018, and as Prime Minister from September 2015 until August 2018. But he has been a public figure in Australia for decades. He’s an Oxford-educated lawyer who studied there under a Rhodes scholarship, he’s worked as a journalist, as the personal lawyer to Australian media baron Kerry Packer and was a leader of the ultimately unsuccessful campaign to make Australia a republic in the 1990s.
He can also list a number of achievements in the business world. In 1994 he invested half a million dollars into Australian ISP Ozemail, selling his stake to Worldcom in 1999 for $57m.
As you’ll hear, now he’s returned to private life Turnbull is investing in technology again. He joined the show to talk about cybersecurity in government, Huawei, the 2016 hack-and-leak operation against the DNC – which took place while he was PM – and more.
|
Sep 30, 2020 |
Risky Biz Soap Box: Identity as the new perimeter
https://chtbl.com/track/383384/media3.risky.biz/soapbox45.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7387466211
https://risky.biz/soapbox45
As regular listeners know, these Soap Box podcasts are wholly sponsored. That means everyone you hear in a Soap Box podcast, paid to be here. But that’s ok, because we manage to book very interesting guests into these things, like today’s guest, Sami Laine.
Officially he’s Okta’s director of technology strategy – but informally he describes his role as being more like a principal security architect.
He joins us to talk about identity as the new perimeter and the massive leap we’ve towards a zero trust future through 2020.
|
Sep 23, 2020 |
Risky Business #599 -- You get domain admin! And YOU get domain admin!
https://chtbl.com/track/383384/media3.risky.biz/RB599.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7189180218
https://risky.biz/RB599
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Russia, China, Iran having a red hot go at US political orgs
- Crowdstrike drops report, telcos having a bad time
- MSS owning US government with dumb bugs
- DoJ indicts Iranian script kiddie because reasons
- Proposed TikTok-Oracle deal barely makes sense
- The mother of all Microsoft auth bugs, wow
- Much, much more…
This week’s show is brought to you by Senetas. And we’ve got two sponsor guests for you this week: Senetas CTO Julian Fay will join us, as will Peter Farrely of AUCloud. Senetas uses AUCloud as a partner for its Suredrop file sharing and collaboration platform here in Oz, and Pete is joining us this week to talk through the new Cloud Assessment and Authorisation Framework published by the ACSC. If you work in Australian government IT and security, this one’s for you!
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 16, 2020 |
Risky Business #598 -- China closing the "cyber gap" with USA
https://chtbl.com/track/383384/media3.risky.biz/RB598.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6975223002
https://risky.biz/RB598
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Why integrity and availability are key to developing a COVID vaccine
- China closing the “cyber gap” with USA
- ASPI publishes research on TikTok, WeChat censorship
- Belarusian “news app” was tracking activists
- Julian Assange back in court to fight extradition
- Much, much more
This week’s show is brought to you by Proofpoint, and this week’s sponsor guest is Proofpoint’s senior director of threat research Sherrod DeGrippo. She’ll be telling us about the emergence of some new mid-tier ransomware crews that are targeting people who speak Russian, which is kind of unusual.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 09, 2020 |
Risky Biz Soap Box: Canary's Royal origin story
https://chtbl.com/track/383384/media3.risky.biz/soapbox44.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6793755121
https://risky.biz/soapbox44
This is a sponsored podcast.
Today we’re chatting with a very special guest, Haroon Meer.
Haroon is the founder of Thinkst Canary. Some call it a deception company, but he doesn’t, as you’ll hear. He says Canary is a detection company and the distinction is important.
In this interview we talk about where Canary came from and recap the last 20 years of Haroon’s security career. We go all the way back to his Sensepost days in 2001, right through to him working for actual royalty in Doha, with a brief detour through him creating an anonymous whistleblower platform for a major broadcaster. You may have heard of Haroon and not known why.
This podcast explains why.
|
Sep 03, 2020 |
Risky Business #597 -- Alex Stamos talks news, Pompeo's "clean networks" initiative
https://chtbl.com/track/383384/media3.risky.biz/RB597.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6767356886
https://risky.biz/RB597
On this week’s show Patrick and Alex discuss the week’s security news, including:
- NZ stock exchange felled by DDoS attack
- DNI cancels in-person election security briefings for Democats
- Russians didn’t hack Michigan voter data
- Sendgrid having a bad time of its own making
- US to doxes historical DPRK crypto laundering infrastructure, processes
This week’s sponsor interview is with VMRay co-founder and sandbox guru Carsten Willems.
Carsten is joining us to talk product this week – VMRay has brought out a stack of new integrations for its sandbox product, you can now connect it to a lot of your existing enterprise kit. He’ll pop in to tell us more.
Links to everything that we discussed are below and you can follow Patrickor Alex on Twitter if that’s your thing.
|
Sep 02, 2020 |
Risky Business #596 -- DoJ gives Uber breach response one star
https://chtbl.com/track/383384/media3.risky.biz/RB596a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6613795424
https://risky.biz/RB596
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Former Uber CSO Joe Sullivan charged with obstruction of justice
- Whitehouse to concede WeChat carveouts for US operations in China
- A bunch of news that sounds like it’s from 1997
This week’s sponsor interview is with Bugcrowd’s CTO Casey Ellis. He’s joining us to talk about some US election-related vulnerability disclosure programs that have kicked off in the USA. Voting machine maker ES&S has launched one as has the state of Ohio.
Links to everything that we discussed are below and you can follow Patrickor Adam on Twitter if that’s your thing.
Show notes
- Former Uber CSO charged for 2016 hack cover-up | ZDNet
- Trump Team Reassures Apple, Others on Using WeChat in China - Bloomberg
- TikTok Sues U.S. Government Over Trump Ban - The New York Times
- TikTok Complaint
- (1) Bobby Chesney on Twitter: "Looking forward to seeing the details of the complaint. But that said, the most TikTok possibly can get here is a delay, and thus possibly a better deal when they are sold. Courts will *not* second-guess the ultimate *merits* determination under IEEPA or CFIUS, full stop. 1/4" / Twitter
- Google fixes major Gmail bug seven hours after exploit details go public | ZDNet
- Security researcher discloses Safari bug after Apple delays patch | ZDNet
- CISA warns of BLINDINGCAN, a new strain of North Korean malware | ZDNet
- Taiwan accuses Chinese hackers of aggressive attacks on government agencies
- “DeathStalker” hackers are (likely) older and more prolific than we thought | Ars Technica
- Hackers Leak Alleged Internal Files of Chinese Social Media Monitoring Firms
- FBI, CISA Echo Warnings on ‘Vishing’ Threat — Krebs on Security
- Voice Phishers Targeting Corporate VPNs — Krebs on Security
- Feds warn election officials of potentially malicious ‘typosquatting’ websites
- Cyber Command deploys abroad to fend off foreign hacking ahead of the 2020 election
- Report claims a popular iOS SDK is stealing click revenue from other ad networks | ZDNet
- Tens of suspects arrested for cashing-out Santander ATMs using software glitch | ZDNet
- ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks | ZDNet
- University of Utah pays $457,000 to ransomware gang | ZDNet
- Conti (Ryuk) joins the ranks of ransomware gangs operating data leak sites | ZDNet
- Weeks after malware disruption, New York hospital is getting back online
- WannaRen ransomware author contacts security firm to share decryption key | ZDNet
- Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme | ZDNet
- Russian National Arrested for Conspiracy to Introduce Malware into a Nevada Company's Computer Network | OPA | Department of Justice
- New P2P botnet infects SSH servers all over the world | Ars Technica
- Browser fingerprinting ‘more prevalent on the web now than ever before’ – research | The Daily Swig
- Bcrypt hashing library bug leaves Node.js applications open to brute-force attacks | The Daily Swig
- Google Firebase messaging vulnerability allowed attackers to send push notifications to app users | The Daily Swig
- US government built secret iPod with Apple’s help, former engineer says | Ars Technica
- Former Uber CSO charged with obstruction of justice - Risky Business
|
Aug 26, 2020 |
Risky Business #595 -- NSA and FBI document GRU's Linux malware for them
https://chtbl.com/track/383384/media3.risky.biz/RB595.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6613795425
https://risky.biz/RB595
On this week’s show Patrick, Adam and Sherrod DeGrippo discuss the week’s security news, including:
- NSA and FBI doxx GRU malware. Lol.
- Malicious Azure app snags SANS staffer
- Oracle to acquire TikTok?
- Trump weighs Snowden pardon
- Much, much more
This week’s show is brought to you by Airlock Digital. They make allowlist/safelist software that is actually manageable at scale! David Cottingham, an Airlock co-founder, joins the show this week to talk through a few product updates.
Links to everything that we discussed are below and you can follow Patrick, Sherrod or Adam on Twitter if that’s your thing.
|
Aug 19, 2020 |
Risky Business #594 -- How ESNIs will change censorship and NDR
https://media3.risky.biz/RB594.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6265770577
https://risky.biz/RB594
On this week’s show Patrick and Adam discuss the week’s security news, including:
- WeChat joins TikTok in the naughty corner
- TLS 1.3 with ESNI will have a massive impact on censorship AND security
- Belarus goes dark after dodgy election
- Capital One fined $80m
- Much, much more
We’ll be hearing from Dan Guido of Trail of Bits in this week’s sponsor interview. They’ve developed a generic macOS EDR package that you, dear vendor, should absolutely license from them. Dan joins us to explain why.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Aug 12, 2020 |
Risky Business #593 -- China promises "mortal combat in the tech realm"
https://media3.risky.biz/RB593.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6075856749
https://risky.biz/RB593
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Trump’s war on TikTok (featuring guest Alex Stamos)
- Twitter hackers caught. Pretty embarrassing stuff, really.
- NSO implants target Easter Bunny
- Garmin may need a good OFAC lawyer (featuring comment from Dmitri Alperovitch)
- Blackberry cracked after five years leads to multiple arrests in Australia
- Much, much more
Matt Cauthorn of ExtraHop Networks is this week’s news guest. He’ll join us to talk about how the pivot to work from home has changed incident response workflows. The tl;dr is the north-south traffic might look a bit different these days but the east-west shenanigans are still the same.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- TikTok review reduced to meaningless farce - Risky Business
- China will not accept U.S. 'theft' of TikTok: China Daily - Reuters
- Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users | Ars Technica
- Three Individuals Charged For Alleged Roles In Twitter Hack | USAO-NDCA | Department of Justice
- How the Alleged Twitter Hackers Got Caught | WIRED
- US files superseding indictment against former Twitter employees accused of spying for Saudi Arabia
- Twitter prepares to pay up to $250 million for using security data for advertising
- Exclusive: Papers leaked before UK election in suspected Russian operation were hacked from ex-trade minister - sources - Reuters
- Religious, political leaders in Togo allegedly targeted with NSO Group spyware
- 'Payment sent' - travel giant CWT pays $4.5 million ransom to cyber criminals - Reuters
- Garmin 'paid multi-million dollar ransom to criminals using Arete IR', say sources | Science & Tech News | Sky News
- Ransomware gang publishes tens of GBs of internal data from LG and Xerox | ZDNet
- Blackberry cracked five years after seizure sparks mass arrests for drug importation
- For North Korea, phishing with fake job-recruitment emails never gets old
- Suspected Chinese hackers targeting Vatican in advance of Beijing negotiations
- CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor | ZDNet
- Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) | ZDNet
- EU sanctions China, Russia, and North Korea for past hacks | ZDNet
- Hackers Broke Into Real News Sites to Plant Fake Stories | WIRED
- Here's how Army Cyber Command plans to take on information warfare
- Exclusive: China-backed hackers 'targeted COVID-19 vaccine firm Moderna' - Reuters
- Kaspersky: New hacker-for-hire mercenary group is targeting European law firms | ZDNet
- BootHole fixes causing boot problems across multiple Linux distros | ZDNet
- Theoretical technique to abuse EMV cards detected used in the real world | ZDNet
- Is Your Chip Card Secure? Much Depends on Where You Bank — Krebs on Security
- New tool detects shadow admin accounts in AWS and Azure environments | ZDNet
- Cloud Native Security: Network Detection and Response | ExtraHop
|
Aug 05, 2020 |
Risky Biz Soap Box: Yubico Chief Solutions Officer Jerrod Chong
https://media3.risky.biz/soapbox43.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5928663964
https://risky.biz/soapbox43
Soap Box is the wholly sponsored podcast series we do here at Risky.Biz. That means everyone you hear on this podcast paid to be here. In this podcast you’re going to hear my latest interview with Jerrod Chong, Yubico’s Chief Solutions Officer.
Hardware security keys like Yubikeys have come a long way, even over the last couple of years. The biggest change is that the support for hardware keys is borderline ubiquitous now. FIDO2 support is in all the major browsers. You can even use Yubikeys with Google apps on an iPhone. The plumbing is here, it’s arrived.
But there are still some hurdles to overcome before the full potential of hardware security keys will be unlocked. One issue is that if you’re operating an at-scale service, you’re still stuck with the same old problems around account recovery. The process problems.
So in this interview I talk with Jerrod about how far things have come and where they might go next.
|
Jul 30, 2020 |
Risky Business #592 -- We're back. Did we miss anything?
https://media3.risky.biz/RB592.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5906340470
https://risky.biz/RB592
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Two Chinese nationals charged with freelancing for MSS
- Russia, China hacking COVID-19 research
- The world dodged a bullet on the Windows DNS bug
- Twitter blue tick pwnapalooza
- Much, much more.
This week’s show is brought to you by Corelight. The company’s Chief Product Officer, Brian Dye, will be along for a chat a bit later on. We look at how adopting a zero trust model, sadly, doesn’t mean you can just ignore your network completely, as much as that would be nice.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jul 29, 2020 |
Risky Biz Soap Box: Facebook, under the hood
https://media3.risky.biz/soapbox42.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5559060033
https://risky.biz/soapbox42
Normally these Soap Box podcasts – which are wholly sponsored – feature vendors trying to sell you stuff. But this time we’re doing something different: This podcast is an interview with two senior Facebook staffers:
- Pedro Canahuati, VP of Engineering
- Chris Bream, Security Engineering Director.
Why is facebook’s security engineering group sponsoring a Soap Box episode of Risky Biz? They figure lifting the veil a bit on how things are done over there will be good for them. They’re always hiring, right?
Enjoy!
(A reminder – there will be no weekly show this week or next. The weekly Risky Biz news podcast returns on July 29.)
|
Jul 09, 2020 |
Risky Business #591 -- EncroChat user experience includes getting owned, going to prison
https://media3.risky.biz/RB591.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5346525575
https://risky.biz/RB591
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The latest on the EncroChat hack-related arrests
- Details about the fresh F5 and Citrix bugs
- Natanz go boom
- Paying Wastedlocker ransoms violates Treasury sanctions
- North Korea embraces Magecart (lol)
- Much, much more…
This week’s show is brought to you by Cmd Security. They make a very useful Linux security agent. Essentially they add an additional layer of control to your Linux systems: you can restrict user actions, even for root.
Instead of having one of their own staff on to the show this week they’ve nominated a customer. HPE is a Cmd user, they actually heard about it on the podcast and wound up buying it. So HPE ITOC engineering lead Adam Cardillo and his colleague Curtis Simpson – the ITOC CISO – will both join us in this week’s sponsor interview to talk about how they’re using the software.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jul 08, 2020 |
Risky Biz Soap Box: No magic wand for business email compromise (BEC)
https://media3.risky.biz/soapbox41.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5170199847
https://risky.biz/soapbox41
This edition of the Soap Box podcast is brought to you by Proofpoint.
Today’s guest is Proofpoint’s EVP of Cybersecurity Strategy, Ryan Kalember, and the topic is business email compromise, or BEC.
BEC is a big deal, generating billions of dollars in losses every year across basically all industry verticals and levels of government. Until recently, there haven’t been many technical controls that help to mitigate it.
Trying to get on top of this issue is very much in Ryan Kalember’s job description. BEC is a diabolical problem, and as a company with a specialty in email security, Proofpoint is really expected to help clients get on top of it. In this conversation you’ll hear us talk a bunch about the problem and Proofpoint’s approach to trying to minimise BEC.
|
Jul 02, 2020 |
Risky Business #590 -- REPOST: It turns out we're not SAML experts
https://media3.risky.biz/RB590a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5161855666
https://risky.biz/RB590a
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Inside the new American “e2ee busting” bill
- Julian Assange hit with (another) superseding indictment
- Trustwave uncovers sneaky Chinese accounting software backdoor
- Much, much more…
This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jul 01, 2020 |
Risky Business #590 -- Cyber Command sounds alarm on PAN's yolo checkbox of doom
https://media3.risky.biz/RB590.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
5144302196
https://risky.biz/RB590
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Inside the new American “e2ee busting” bill
- Julian Assange hit with (another) superseding indictment
- Trustwave uncovers sneaky Chinese accounting software backdoor
- OMFG Palo Alto WTF
- Much, much more…
This week’s show is brought to you by Okta. They are, of course, the identity and auth giant and one of the few sponsors we actually approached last year for 2020 because, well, they are very good at what they do. This week Marc will be joining us to talk about a privacy-related topic. The discussion is nuanced, but it’s basically about how the public perception of privacy risks has diverged from the reality/ Further, that the COVID-19 crisis and the advent of digital contact tracing apps have actually brought general concerns around digital privacy to the fore.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jul 01, 2020 |
Risky Business #589 -- Why Microsoft's steep E5 license pricing is a national security risk
https://media3.risky.biz/RB589.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4960999875
https://risky.biz/RB589
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Australia “under attack” - a wrap
- Microsoft releases more security protections for E5 customers
- US to introduce “anti encryption” bill
- Shady encrypted phone company owned by the cops
- NSA to offer filtered DNS services to defence industry
- MORE
This week’s sponsor is Kasada. They offer a service that eliminates synthetic/bot traffic from the web. Former Australian Prime Minister Malcolm Turnbull is an investor and has joined Kasada’s board. Kasada’s CEO Pascal Podvin is this week’s sponsor guest.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jun 24, 2020 |
Feature podcast: Inside BellTrox's hacker-for-hire operation
https://media3.risky.biz/HF7.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4831904795
https://risky.biz/HF7
This podcast is brought to you by the Cyber Initiative at the Hewlett Foundation. They gave us a grant so we can do these podcast interviews that have relevance to cyber policy, so big thanks to the Cyber Initiative at the Hewlett Foundation for funding this work.
Today we’re chatting with Citizen Lab Senior Researcher John Scott-Railton about the work they did investigating the Indian hacker-for-hire firm BellTrox.
For those of you who didn’t catch the news, The Citizen Lab, which operates out of the Munk School of Global Affairs at the University of Toronto, dropped a huge report a couple of weeks back that lays Belltrox’s operations bare. As you’ll hear this company attempted to hack tens of thousands of email accounts belonging to everyone from government officials to hedge fund managers and activists.
|
Jun 19, 2020 |
Risky Business #588 -- Catastrophic bugs to plague ICS for years
https://media3.risky.biz/RB588.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4784539297
https://risky.biz/RB588
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Facebook commissioned custom 0day to de-cloak child sex predator
- IP stack bugs to plague IoT, ICS for years
- Sandworm was doxxed by the NSA and hardly anyone noticed
- Congress demands answers on 2015 Juniper NetScreen back door investigation
- Amazon, Microsoft join moratorium on sale of facial recognition to police
- Much, much more
This week’s show is brought to you by Signal Sciences. And instead of having one of their staff on the show, they nominated one of their customers to appear instead. So in this week’s sponsored segment we’re going to hear from Keith Hoodlet. Keith is currently the Senior Manager of Application Experience at Thermo Fisher Scientific, a $137 billion company. He built their appsec program and he’ll be along later on to talk through all of that. It’s a rapid-fire interview about how he was able to get started and make a dent quickly. Keith used to co-host the Application Security Weekly podcast and he’s worked for Bugcrowd and Veracode. He’s a cool guy, it’s a great interview, make sure you stick around for that one.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jun 17, 2020 |
Risky Business #587 -- Full scale of Indian hacking-for-hire revealed
https://media3.risky.biz/RB587.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4632464083
https://risky.biz/RB587
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Full scale of Indian hacker-for-hire firm revealed
- IBM exits facial recognition
- Contact tracing apps flop
- Much, much more
This week’s show is brought to you by AttackIQ.
AttackIQ’s Chris Kennedy will be along in this week’s sponsor interview to talk about how for some organisations threat intelligence has moved from a nice-to-have to being central to blue team efforts. As you’ll hear he says MITRE ATT&CK makes threat intel actionable, and some orgs playing on hard mode are really kicking some goals that way.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide - Reuters
- Dark Basin: Uncovering a Massive Hack-For-Hire Operation - The Citizen Lab
- Huge Cyberattacks Attempt To Silence Black Rights Movement With DDoS Attacks
- Petition · Take down the racist "Chimpmania" website. It attacks our children · Change.org
- Cyberattacks since the murder of George Floyd
- IBM will no longer offer, develop, or research facial recognition technology - The Verge
- Contact tracing bug bounty: France’s StopCovid project launches public program | The Daily Swig
- Another online voting system teardown, Big game hunters net Honda and Lion, and more... - Risky Business
- Qatar: Contact tracing app exposes personal details of more than one million - Amnesty International Australia
- Hackers target senior executives at German company procuring PPE
- Why spies are targeting vaccine research - Risky Business
- Shoddy US government review of Chinese telcos endangered national security, Senate panel finds
- Election security: Democracy Live’s online voting system ‘open to manipulation’ | The Daily Swig
- Facebook sues to stop domain scammers from impersonating Instagram, WhatsApp sites
- Hackers hijack one of Coincheck's domains for spear-phishing attacks | ZDNet
- New CrossTalk attack impacts Intel's mobile, desktop, and server CPUs | ZDNet
- Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again | Ars Technica
- DARPA invites hackers to break hardware to make it more secure
- ST Engineering conducting ‘rigorous review’ of systems after US subsidiary hit by ransomware attack | The Daily Swig
- Ransomware gang says it breached one of NASA's IT contractors | ZDNet
- Ransomware crooks attack Conduent, another large IT provider
- QNAP NAS devices targeted in another wave of ransomware attacks | ZDNet
- Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity — Krebs on Security
- Honda puts some manufacturing on hold over computer 'disruption'
- Lion hit by cyber attack as hackers target corporate Australia
- South African healthcare provider hit by cyber-attack | The Daily Swig
- IT-bedrijf moet schade na ransomware-uitbraak vergoeden | Executive People
- There’s a new Java ransomware family on the block
- Exploit code for wormable flaw on unpatched Windows devices published online | Ars Technica
- CallStranger vulnerability lets attacks bypass security systems and scan LANs | ZDNet
- Commonwealth Bank to suspend users over abuse in online transaction descriptions
- Zoom defenders cite legit reasons to not end-to-end encrypt free calls | Ars Technica
- Zoom has partially fixed two new flaws, with other security hurdles ahead
- Nintendo now says 300,000 accounts breached by hackers | TechCrunch
- Google apps and websites get support for more security keys on iOS devices | ZDNet
- Romanian Skimmer Gang in Mexico Outed by KrebsOnSecurity Stole $1.2 Billion — Krebs on Security
- RMIScout: New hacking tool brute-forces Java RMI servers for vulnerabilities | The Daily Swig
- Spy secret revealed: SIS and MI6 raided Czechoslovakian embassy in Wellington | RNZ News
- CVE-2020-13777: TLS 1.3 session resumption works without master key, allowing MITM (#1011) · Issues · gnutls / GnuTLS · GitLab
|
Jun 10, 2020 |
Risky Biz Soap Box: A better way to provision access to production environments
https://media3.risky.biz/soapbox40.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4500055012
https://risky.biz/soapbox40
The Soap Box podcasts we run here at Risky.Biz are wholly sponsored affairs – everyone you hear in a soap box podcast, paid to be here.
The idea is vendors get to come on to the show and chat about their products, what their stuff does, the thinking behind it, so on and so on.
Today we’re hearing from Justin McCarthy of StrongDM.
StrongDM is a bit of a niche player – essentially what they do is make a product that provisions secure access to engineers who need to access various back end services.
You can think of them as an identity aware proxy of sorts, but for engineers. So instead of provisioning regular users with access to web applications like a typical identity aware proxy, a StrongDM user will use the product to get access to the production database, or to kubernetes, or other services like SSH.
And since the COVID crisis kicked off, business has gone pretty berserk.
|
Jun 04, 2020 |
Risky Business #586 -- Google TAGs Indian mercenaries
https://media3.risky.biz/RB586.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4486393149
https://risky.biz/RB586
On this week’s show Patrick and Adam discuss the week’s security news, including:
- NSA warns of Sandworm Exim exploitation
- Huawei CFO extradition process to continue
- Google TAG implicates Indian hacker-for-hire outfits in espionage
- Black lives matter
- F–k police brutality
This week’s sponsor interview is with Marco Slaviero of Thinkst Canary. He’ll be talking through a few of the partnerships Thinkst has entered into over the years. He’ll also talk a bit about some new Canary integrations, such as a new one with HD Moore’s Rumble.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jun 03, 2020 |
Feature Podcast: Releasing the hounds with Bobby Chesney
https://media3.risky.biz/HF6a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4397038983
https://risky.biz/HF6
This feature podcast series is produced with the assistance of the Hewlett Foundation’s Cyber Initiative. They gave us a grant so we could spend more time focussing on issues around cyber policy, and today we’re really going to hook in to a topic that’s near and dear to my heart: alternative approaches to dealing with ransomware.
Regular listeners to the podcast would know that for the last year or so, my cohost Adam Boileau and I have been talking a lot about how governments might involve non law enforcement agencies in a response to the big game ransomware epidemic. To discuss that, we’re joined by Bobby Chesney, the co-founder of the Lawfare blog and a very highly respected figure in US national security circles.
After we hear from Bobby we’re chatting with Mieke Eoyang about more traditional cyber law enforcement concepts. Mieke is the Vice President of Third Way’s national security program and she’ll be joining us to tell us how traditional cybercrime enforcement might be improved.
|
May 28, 2020 |
Risky Business #585 -- UK mulls Huawei ban, NGOs urge COVID-19 hack de-escalation
https://media3.risky.biz/RB585.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4378246836
https://risky.biz/RB585
On this week’s show Patrick and Adam discuss the week’s security news, including:
- German intelligence warns of widespread Russian infrastructure hacks
- NGOs urge COVID-19 hack de-escalation
- UK mulls total Huawei ban… we think it’s a done deal
- DHS warning on 5G “moronavirus”
- Wen jailbreak? NOW JAILBREAK!!
- iOS 14 leaks
- Much, much more…
This week’s sponsor interview is with Casey Ellis, the CTO of Bugcrowd. As you’ll hear, Bugcrowd did a survey of managers in security to see if their attitudes around work from home had changed since the COVID-19 crisis, and yes, they have. Casey also tells us about Bugcrowd’s latest LevelUp virtual conference. That conversation led to him sharing some interesting insights about trends amongst the crowd of registered testers on Bugcrowd’s platform.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
May 27, 2020 |
Risky Business #584 -- Nation-backed attackers own easyJet, jump airgaps, hack ports
https://media3.risky.biz/RB584.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4315382733
https://risky.biz/RB584
On this week’s show Patrick and Adam discuss the week’s security news, including:
- easyJet breach linked to Chinese APT
- Israel claims credit for attack against Iranian port
- Chinese-linked crew behind Taiwan energy hax
- Crypto-wars reignite over Pensacola shooter’s phone
- Much, much more
This week’s show is brought to you by Gigamon Threat Insight. Will Peteroy is our sponsor guest in this week’s show and he drops by with a pretty sobering message: large companies are provisioning VPN access to all and sundry right now because of the COVID-19 crisis and ransomware crews are sailing right on in on the back of that access.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
May 20, 2020 |
Risky Biz Soap Box: ExtraHop CTO Jesse Rothstein talks network monitoring
https://media3.risky.biz/soapbox39.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4315382734
https://risky.biz/soapbox39
This isn’t the normal, weekly Risky Business podcast, Soap Box is the wholly sponsored podcast series we do here at Risky.Biz where vendors pay us money to come on to the show and talk about topics that interest them.
Today we’re speaking with Jesse Rothstein, the co-founder and CTO of ExtraHop Networks. ExtraHop is a network security play, but they started off more in the application monitoring and performance space before gradually moving into security over time.
In this interview Jesse talks about network security monitoring, ExtraHop’s history, and what people are using the ExtraHop tech to do during the COVID-19 crisis.
|
May 14, 2020 |
Risky Business #583 -- COVID-19 collection intensifies, tensions mount
https://media3.risky.biz/RB583a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4315382735
https://risky.biz/RB583
On this week’s show Patrick and Adam discuss the week’s security news, including:
- US takes aim at China over vaccine hax
- ??? takes aim at Iranian port infrastructure over ???
- Iran attacks Gilead pharma
- Zoom acquires Keybase
- Thunderbolt research discussed
- US to drop more DPRK malware
- Ransomware targets European hospital group
- Australian flu vaccine distribution disrupted by ransomware
- More!
CMD’s co-founder and CEO Jake King joins us in this week’s sponsor interview to talk about what happened when he came on to the show a couple of months ago to spruik their new freemium offering. There was a stampede! It’s a hit! So he’ll be along to tell us what shook out of that whole process, and also about what he’s seeing people use the CMD product for since the COVID-19 crisis began.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
May 13, 2020 |
Risky Business #582 -- Germans indict APT28 operator
https://media3.risky.biz/RB582.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4267309545
https://risky.biz/RB582
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Salt framework 1Day wreaks havoc
- Toll Group hit with ransomware attack. Again.
- Germans indict APT28 operator
- Ransomware a key word in SEC filings
- Much, much more!
This week’s show is brought to you by Remediant. They offer software that lets you get privileged accounts under control very quickly. In this week’s sponsor interview we’re chatting with Remediant’s COO Paul Lanzi and Julie Smith, the executive director of the Identity Defined Security Alliance (IDSA). We’ll be talking about what the IDSA actually is and what its goals are.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
May 06, 2020 |
Snake Oilers 11 part 2: Go passwordless with Okta, why Crowdstrike customers need Airlock
https://media3.risky.biz/snakeoilers11pt2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4171257653
https://risky.biz/snakeoilers11pt2
Snake Oilers isn’t the regular Risky Business podcast, if you’re looking for that just scroll back to one of the numbered episodes in our podcast feed. Snake Oilers is the wholly sponsored podcast series we do here at Risky.Biz where vendors give us money so they can come on to the show and pitch you their sweet, sweet Snake Oil.
In this edition of snake oilers we’ll hear from:
- David Cottingham of Airlock Digital pitches the Crowdstrike/Airlock two piece combo meal deal
- Marc Rogers of Okta talks passwordless authentication and pitches modern SSO generally
- John Emmitt of Kaseya pops in to pitch the VSA endpoint management agent
Links to the vendors are in the show notes. Enjoy!
|
Apr 30, 2020 |
Risky Business #581 -- Chinese telcos under fire in USA, spy firms pitch COVID-19 surveillance
https://media3.risky.biz/RB581.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4155634487
https://risky.biz/RB581
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Spy companies pitch ridiculously invasive approaches to contact tracing
- NSO Group busted running c2 boxes in USA according to WhatsApp lawsuit
- Australian government releases contact tracing app, no idea if it works
- Chinese telcos to get boot from USA
- Much, much more
This week’s show is brought to you by Senetas. This week’s sponsor interview is with listener favourite, Senetas CTO Julian Fay. He’ll be along in this week’s show to talk about an open source project Senetas has put together – oqs-engine.
It’s an OpenSSL engine plugin you can go grab right now if you want to play around with Open Quantum Safe encryption algorithms. Senetas didn’t write the algorithms, but they have squeezed them into this handy OpenSSL engine plugin package. Julian drops in to tell us all about that.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Apr 29, 2020 |
Risky Business #580 -- Czech spear phishing spurs fightin' words from Pompeo
https://media3.risky.biz/RB580.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4052425647
https://risky.biz/RB580
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Czechs claim state-backed healthcare sector attack preparation
- Pompeo goes full cyber berserker
- New iOS exploit chain targets Uyghur diaspora
- Zoom 0day for $500k? Tell him he’s dreamin’.
This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he’s talking about the future of secure, app-based voting.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Apr 22, 2020 |
Snake Oilers 11 part 1: MongoDB's new encryption plus AlphaSOC and SecureStack
https://media3.risky.biz/snakeoilers11pt1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3942043872
https://risky.biz/snakeoilers11pt1
Snake Oilers is a wholly sponsored podcast series we do here at Risky.Biz where vendors come on to the show to pitch their wonderful, wonderful, magical snake oil to you, the listeners.
In today’s podcast you’ll hear from:
- Kenn White from MongoDB talking about client-side field level encryption
- AlphaSOC’s Chris McNab talking about their latest – they’re not just doing DNS analytics anymore
- SecureStack are making developer-friendly cloud security, provisioning and visibility tooling
Enjoy!
|
Apr 16, 2020 |
Risky Business #579 -- Apple and Google go all in on contact tracing
https://media3.risky.biz/RB579.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3926581801
https://risky.biz/RB579
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Details about Apple and Google’s contact tracing API and OS changes
- Alex Stamos joins Zoom as outside consultant
- More Zoom news
- US government weighs China Telecom ban following BGP hijacking
- Travelex paid $2.3m to decrypt files in ransomware attack.
This week’s show is brought to you by AttackIQ. They make a breach and attack simulation platform that you can use to figure out which of your security controls are actually working. Carl Wright of AttackIQ will join the show to talk about the new, free online training they’re offering.
If you’re stuck at home like half the planet right now and you’re interested in operationalising MITRE ATT&CK then you can check out AttackIQ academy.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Apr 15, 2020 |
Risky Business #578 -- ASD launches offensive campaign against criminals
https://media3.risky.biz/RB578.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3823110806
https://risky.biz/RB578
On this week’s show Patrick and Adam discuss the week’s security news, including:
- ASD launches offensive action against criminals
- Bio-tech firms working on COVID-19 targeted by ransomware
- Iran targets WHO
- Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it
- Much, much more
This week’s show is brought to you by Yubico, makers of the Yubikey devices.
Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it!
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Australian government says it is hacking criminals who are exploiting the pandemic
- Hackers ‘Without Conscience’ Target Health-Care Providers - Bloomberg
- Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources - Reuters
- Iran’s ban on Telegram that was intended to facilitate domestic spying backfired
- DarkHotel hackers use VPN zero-day to breach Chinese government agencies | ZDNet
- NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica
- So Wait, How Encrypted Are Zoom Meetings Really? | WIRED
- Zoom admits some calls were routed through China by mistake | TechCrunch
- Zoom founder promises to remedy security, privacy concerns during a 'feature freeze' - CyberScoop
- New York City bans Zoom in schools, citing security concerns | TechCrunch
- DOJ says Zoom-bombing is a crime | ZDNet
- Video service Zoom taking security seriously: U.S. government memo - Reuters
- The Zoom Privacy Backlash Is Only Getting Started | WIRED
- The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet
- Why Zoom Really Needs Better Privacy: $1.4 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
- ‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security
- Microsoft Buys Corp.com So Bad Guys Can’t — Krebs on Security
- Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business
- Schiff wants ODNI to scrub out politics from election security briefs
- PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE
- Google backs Apple's SMS OTP standard proposal | ZDNet
- Microsoft announces IPE, a new code integrity feature for Linux | ZDNet
- Chrome 81 released with initial support for the Web NFC standard | ZDNet
- A Hacker Found a Way to Take Over Any Apple Webcam | WIRED
- Hardware microphone disconnect in Mac and iPad - Apple Support
- Hacking forum gets hacked for the second time in a year | ZDNet
- A hacker has wiped, defaced more than 15,000 Elasticsearch servers | ZDNet
- Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ZDNet
- Remote working security: Thousands of misconfigured Atlassian instances ripe for unauthorized access | The Daily Swig
- Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network • The Register
- Twisted programming framework stung by brace of request smuggling vulnerabilities | The Daily Swig
- How we abused Slack's TURN servers to gain access to internal services | Communication Breakdown
- Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others — Krebs on Security
- XSS vulnerability found in Mozilla’s XSS-prevention library | The Daily Swig
- On signing the Joint Statement of the Russian Federation and the Republic of Burundi on the non-deployment of weapons in space by the first - News - Ministry of Foreign Affairs of the Russian Federation
- Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters
- Seriously Risky Business
|
Apr 08, 2020 |
Feature Podcast: Voting in 2020 will likely be by mail
https://media3.risky.biz/HF5a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3741013252
https://risky.biz/HF5
This podcast is brought to you by the Hewlett Foundation. They provided us with a grant to support us doing some podcasts about cybersecurity issues that touch on policy. Regular listeners would have heard some of these special podcasts already.
Today’s guest is Jennifer Morrell. She’s a partner with Elections Group and is a recognised expert on election audits.
We were originally scheduled to record this interview just a few short weeks ago, but the COVID-19 crisis really hit and we had to postpone. And it’s a good thing we did, too, because the issues facing elections today are substantially different to the issues facing elections even a few weeks ago. The whole world has just shifted.
So, instead of having the usual conversation about risk limiting audits, voting machine and tally/counting infrastructure security, we had this conversation instead. How on earth do you run an election during a pandemic? There’s a tl;dr here – e-voting is still a pipe dream but internet supported vote-by-mail is where things will land.
I hope you enjoy this podcast.
|
Apr 03, 2020 |
Risky Business #577 -- Stir crazy lockdown edition (reposted)
https://media3.risky.biz/RB577a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3741013253
https://risky.biz/RB577a
On this week’s show Patrick and Adam discuss the week’s security news, including:
- KSA uses SS7 to track its citizens in USA
- Governments begin virus tracking through personal devices
- FBI warns of Iran-linked crew in yer supply chains
- Voatz gets booted from HackerOne
- All the cloud and Zoom drama
(PLEASE NOTE: This is a re-post. Looks like our CDN mangled the initial mp3 for some regions. Should work ok now. - Pat)
This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.
Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Apr 01, 2020 |
Risky Business #577 -- Stir crazy lockdown edition (reposted)
https://media3.risky.biz/RB577a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3708312073
https://risky.biz/RB577
On this week’s show Patrick and Adam discuss the week’s security news, including:
- KSA uses SS7 to track its citizens in USA
- Governments begin virus tracking through personal devices
- FBI warns of Iran-linked crew in yer supply chains
- Voatz gets booted from HackerOne
- All the cloud and Zoom drama
This week’s show is brought to you by Signal Sciences. Instead of interviewing one of their people, they suggested we interview Andrew Becherer in this week’s sponsor interview.
Andrew runs security for Iterable, but before that he ran the security program at DataDog. He’ll be along after this week’s news to talk about how much easier it is to stand up a security program in 2020 as opposed to the last time he did it five or so years ago
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Apr 01, 2020 |
Risky Biz Soap Box: VPNs are out, identity-aware proxies are in
https://media3.risky.biz/soapbox38.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3675834808
https://risky.biz/soapbox38
In this (sponsored) podcast Akamai’s CTO of Security Strategy Patrick Sullivan talks us through the basics of identity-aware proxies. With more and more internal applications being served to newly external users, identity-aware proxies are the new hotness.
Akamai isn’t the only company that offers an identity-aware proxy product, but it was a relatively early mover in the space offering the service since 2016.
Obviously there are some massive shifts happening right now with so many people stuck working at home right now. That means Akamai’s identity-aware proxy service – and its network more broadly – is getting a pretty serious workout right now. What are the quick wins with a technology like this? Where are the wins harder?
Patrick Sullivan joined me to talk about identity-aware proxies and what’s been happening on Akamai’s tubes over the last couple of weeks.
|
Mar 29, 2020 |
Risky Business #576 -- Are cloud computing resources the new toilet paper?
https://media3.risky.biz/RB576.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3615051482
https://risky.biz/RB576
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Azure resource constraints hit Europe
- Should we unleash surveillance on COVID-19, privacy be damned?
- Browser maintainers cease new releases
- South Korea-linked APT crew attacks World Health Organization
- Much, much more
This week’s show is brought to you by Thinks Canary.
Thinkst’s Haroon Meer joins the show this week to talk about what he tells customers when they ask him if Thinkst could go rogue and own all their customers.
You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here.
You can subscribe to our new YouTube channel here.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Mar 25, 2020 |
Volunteers and vigilantes back hospital InfoSec
https://risky.biz/hospital_covid
https://images.podcastrepublic.net/podcast/216478078hd.jpg
4486393161
https://risky.biz/hospital_covid
Around 50 hospitals around the world are less likely to get popped in ransomware attacks this week, thanks largely to a loose band of InfoSec pros that banded together to help healthcare providers during the COVID-19 crisis.
While they aren’t yet going after ransomware gangs in vigilante-style retribution, the group’s pro bono work has already helped pinpoint over 50 healthcare organizations running vulnerable versions of Citrix NetScalers or Pulse Secure VPN gateways.
Vulnerable VPN endpoints have been targeted by several ransomware gangs in recent months, and despite promises from some groups not to target healthcare organizations, hospital networks and the medical supply chain continue to fall victim.
The voluntary threat intel and hunting effort has been welcome help for Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center (H-ISAC), which has taken on the role of aggregating and disclosing vulnerability information collected by the group to affected healthcare providers.
The group of independent researchers - which now numbers around 200 - has no name. Most of its members prefer anonymity and volunteer outside of work hours. So far they have provided H-ISAC data from honeypots set up to detect opportunistic scanning activity. They also scanned the internet for IP addresses hosting vulnerable VPN endpoints, from which H-ISAC extracted a list of 50 healthcare providers. H-ISAC has sent those organisations slinks to technical write-ups on the vulnerabilities in question, as well as generic mitigation advice, irrespective of whether they are H-ISAC members.
Weiss is optimistic the advisories will be acted on. “Based on our prior experience, most [hospitals] will pay attention and do something,” he said. The hospitals will be prompted with further information if their systems continue to show up in scans, he said.
Ohad Zaidenberg, one of the few public figures working to corral volunteers, told Risky Business the group has only “just started.”
“From tomorrow, we will start to work actively,” he said, but was coy as to what the next phase of their program involves.
Healthcare CSOs we spoke to this week were grateful for the camaraderie and generosity of their industry peers. But they also cautioned to not expect too much of hospitals under strain.
“The offers of intel-sharing and threat hunting is only useful to the extent that hospitals have the capacity and capability to consume it,” said Christopher Neal, CSO of Ramsay Health Care, which operates a global network of 480 medical facilities in 11 countries. In most hospital networks, Neal said, there are insufficient resources available to act on the information - even prior to the coronavirus outbreak.
Neal wants to see “clearer public policy arguments to increase funding for security programs” in healthcare.
Weiss said that he is keen to receive more Indicators of Compromise (both atomic indicators and TTPs) about ransomware attacks, as well as decryption methods for various strains of the malware. But he recognizes the difficulties that might emerge as the initiative scales. Automation may be required to filter and sort through the volume of data coming in and to prepare actionable reports.
Still, he said, “I’d rather have that problem than the reverse.”
|
Mar 23, 2020 |
Risky Business #575 -- World drowns in Coronavirus phishing lures as crisis escalates
https://media3.risky.biz/RB575a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3510106983
https://risky.biz/RB575
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Coronavirus phishing lures are everywhere
- Czech hospital ransomwared during crisis
- Voatz mobile voting app destroyed by Trail of Bits audit
- We recap yesterday’s livestream
- Windows SMBv3 bug probably not such a big deal
- ALL the week’s news
This week’s sponsor interview is with Sam Crowther, founder of Kasada. They do bot detection and mitigation and apparently they’re quite good at it. Sam joins the show to talk through the new greyhatter of anti-anti-bot. It’s actually a really fun conversation, that one, so stick around for it.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Mar 18, 2020 |
Risky Biz Soap Box: Trend Micro's Jon Clay talks ransomware and being a portfolio company
https://media3.risky.biz/soapbox37.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3476850898
https://risky.biz/soapbox37
If you don’t know already, all guests who appear on the Risky Business Soap Box podcast paid to be here. These podcasts are promotional, but as regular listeners know, they’re not just mindless recitations of marketing talking points.
This edition of Soap Box is brought to you by Trend Micro, which is a company that’s in a really interesting position at the moment.
With Symantec acquired by Broadcom, which only really cares about the biggest 500 companies in the world, Sophos absorbed, Borg-style, by Thoma Bravo and McAfee sitting in the corner eating its paste, there’s an opportunity for a new “portfolio” security software firm to emerge, and Trend wants to be it.
Jon Clay is Trend’s director of global threat communications and he joined me for this conversation about ransomware, how EDR is becoming “just another feature,” and what the role for a “portfolio” company in infosec is going to be in the future.
|
Mar 16, 2020 |
Risky Business #574 -- EARN IT Act targets crypto, Joshua Schulte to be retried on most serious charges
https://media3.risky.biz/RB574a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3400847237
https://risky.biz/RB574
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Two Exabeam engineers sick with Coronavirus following RSA attendance
- Hung jury in Joshua Schulte Vault7 trial
- Qihoo 360 tries to “pull an APT1” but it was just weird and awkward instead
- Corellium releases Android for iPhone hardware toolkit
- Much, much more.
This week’s sponsor interview is with Scott Kuffer of Nucleus Security. They have built a web application that pulls together feeds from all your vulnscanners and vulnerability-related software (Snyk, Burp, whatever), normalises it then lets you slice it, dice it, and send it through to the most relevant project owner/dev team. It’s insanely popular stuff, and Scott pops along this week to talk about vulnerability management and what his last year has looked like as Nucleus’s business has boomed.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Two People Who Attended Cyber Event Contract Coronavirus
- The EARN IT Act Is a Sneak Attack on Encryption | WIRED
- Vault 7 court case ends in mistrial on most serious charges
- Energy Organizations Continue to be Compromised Globally | Dragos
- Chinese security firm says CIA hacked Chinese targets for the past 11 years | ZDNet
- Exclusive: This Hack Turns Apple’s iPhone Into An Android
- Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use iPhone Hacking Tech
- NSO Group works to explain no-show in court for WhatsApp suit, plots defense
- Facebook sues Namecheap to unmask hackers who registered malicious domains | ZDNet
- Clearview AI Reports Breach of Customer List - VICE
- Clearview AI, Facial Recognition Company That Works With Law Enforcement, Says Entire Client List Was Stolen
- Apple has blocked Clearview AI’s iPhone app for violating its rules | TechCrunch
- London Police Just Turned On Facial Recognition In One Of The World’s Busiest Shopping Districts
- This Small Company Is Turning Utah Into a Surveillance Panopticon - VICE
- Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media - VICE
- Defense contractor CPI knocked offline by ransomware attack | TechCrunch
- Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach | TechCrunch
- Ryuk ransomware hits Fortune 500 company EMCOR | ZDNet
- One of Roman Abramovich's companies got hit by ransomware | ZDNet
- Legal services giant Epiq Global offline after ransomware attack | TechCrunch
- Big health care analytics firm infected with ransomware
- Croatia's largest petrol station chain impacted by cyber-attack | ZDNet
- US Railroad Contractor Reports Data Breach After Ransomware Attack
- DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw
- Zyxel 0day Affects its Firewall Products, Too — Krebs on Security
- The strange, unexplained journey of ToTok in Google Play fuels user suspicions | Ars Technica
- Message to our ToTok community
- Indictment names Group-IB executive in scheme to sell hacked data
- Chrome 80 update cripples top cybercrime marketplace | ZDNet
- Brave to generate random browser fingerprints to preserve user privacy | ZDNet
- Firefox to enable DNS-over-HTTPS by default to US users | TechCrunch
- Let’s Encrypt deploys new domain validation technology to mitigate BGP hijacking risks | The Daily Swig
- Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’ | The Daily Swig
- Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet
- Zoho zero-day published on Twitter | ZDNet
- (12) Thijs Alkemade on Twitter: "Last week, I was thinking back about this discussion from @riskybusiness. I decided to have a look at how it works. While doing that, I found a vulnerability that could have been used to gain unauthorized access to an iCloud account. https://t.co/szfFBNWZmy" / Twitter
- 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable | Ars Technica
- Positive Technologies - learn and secure : Intel x86 Root of Trust: loss of trust
- AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet
- Intel CPUs vulnerable to new LVI attacks | ZDNet
- A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data | WIRED
- Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys | WIRED
- GadgetProbe: New tool simplifies the exploitation of Java deserialization vulnerabilities | The Daily Swig
- FBI Warned Of Fraudster’s Paradise: Up To 130,000 Hacked Asus Routers On Sale For A Few Dollars
- Porn, gore, and gambling habits aired in Virgin Media breach | Ars Technica
- Hackers Were Inside Citrix for Five Months — Krebs on Security
- The Case for Limiting Your Browser Extensions — Krebs on Security
- Hackers are targeting other hackers by infecting their tools with malware | TechCrunch
- Who's Hacking the Hackers: No Honor Among Thieves
- Google could have fixed 2FA code-stealing flaw in Authenticator app years ago | ZDNet
- New action to disrupt world’s largest online criminal network - Microsoft on the Issues
- This Chinese Whale Lost $45 Million in Bitcoin and BCH Overnight: How it Happened
|
Mar 11, 2020 |
Risky Biz Soap Box: Chris Kennedy on the latest MITRE ATT&CK developments
https://media3.risky.biz/soapbox36.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3099403489
https://risky.biz/soapbox36
These Soap Box podcasts are wholly sponsored. That means everyone you hear on one of these editions of the show, paid to be here. But that’s ok, because we have interesting sponsors!
Today’s sponsor is AttackIQ. They make an attack and breach simulation platform. They started sponsoring risky biz when they were a little baby startup, but these days, as you’ll hear, attack sim is actually emerging as a budget line item, particularly for larger companies.
They use the platform to test their existing controls, figure out where they have gaps or bad products, then kick on to planning from there… then retest, evaluate, plan, implement, etc etc etc.
For a lot of organisations, something like this is going to be really helpful. Another super helpful thing is that AttackIQ is all in on MITRE ATT&CK.
AttackIQ is, in fact, one of the first vendors I know of that jumped on the MITRE ATT&CK bandwagon. They got in early, and this podcast is mostly going to be focussed on ATT&CK. Chris Kennedy is AttackIQ’s CISO and VP of customer success! He did one of these soap boxes last year and it was really popular with the CISOs who tune in to risky biz.
He joined me for this discussion about MITTRE ATT&CK; where it’s at, where it’s going, how people are using it and how AttackIQ is using it to make its products more useful.
|
Feb 20, 2020 |
Risky Business #573 -- Gas plant ransomware attack, Huawei mega-indictment and more
https://media3.risky.biz/RB573.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3099403490
https://risky.biz/RB573
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Ransomware shutters US natural gas plants
- Huawei hit with huge indictment
- Voatz mobile voting app shredded by MIT, dust-up ensues
- The latest from the Vault7 trial
- Reality Winner seeking clemency
- Ring to force all users on to 2FA
- Israeli court rules Facebook must reinstate NSO staff profiles
- USG drops more North Korean samples
- OpenSSH gets Fido/U2F support
This week’s sponsor interview is with Dave Cottingham from Airlock Digital.
They make whitelisting software that’s actually useable. And until I did this interview I didn’t know that their agent actually does host hardening as well, which is pretty cool. Since we last spoke they’ve also popped up in CrowdStrike’s app store thingy, which means a bunch of you Crowdstrike customers will be able to dabble in some whitelisting if you want to.
Dave joins the show to talk about a bunch of stuff, including their experience having Silvio Cesare do a code audit on their agent.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Feb 19, 2020 |
Risky Biz Soap Box: Cmd's Jake King talks Linux security
https://media3.risky.biz/soapbox35.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
3001524753
https://risky.biz/soapbox35
Soap Box podcasts are fully sponsored which means everyone you hear on these editions of the show paid to be here. If you’re looking for the regular, weekly Risky Business podcast, just scroll one back in your podcast feed.
But you know what? I wouldn’t recommend it, because this edition of Soap Box is top notch. In it we’re joined by Jake King, a co-founder of CMD Security.
CMD makes Linux security software, and I love their approach mostly because, well, it’s simple. It has two main functions – visibility and control – but both of these functions focus on execution. The visibility piece is “which user executed what?” and the control piece is “only let user X execute Y”. The idea here is you can apply an additional layer of control over user actions, but obviously the visibility aspect to this is pretty useful at driving decisions around what sort of limits to put on various accounts.
Jake has fronted this edition of the show with an exclusive offer to Risky Business listeners, which is free use of their software. Obviously you won’t get access to absolutely all its features, but certainly enough of them to be very, very useful. They’re getting to the point where they can do this – throw out most of the functionality and just sell the icing on the cake to companies who want it. You can register for early access to the free trial at cmd.com/risky.
|
Feb 13, 2020 |
Risky Business #572 -- Equifax indictments land, some big Huawei news
https://media3.risky.biz/RB572.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2986692815
https://risky.biz/RB572
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Chinese operators indicted over Equifax breach, more indictments coming
- Alleged backdoor in Huawei lawful intercept features
- Data on 6.4m Israelis exposed by political party app
- Iowa caucus app was a pile of crap, 4chan clogged up caucus night phones
- Corp.com is up for sale. That’s a lotta hashes.
- Much, much more.
This week’s show is brought to you by Corelight.
Corelight’s Richard Bejtlich joins the show this week in the sponsor slot to talk about what the company is doing to try to build the open source community behind Zeek, the tool its products are based on.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Feb 12, 2020 |
Risky Business #571 -- Is Joshua Schulte The Shadow Brokers?
https://media3.risky.biz/RB571.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2890256732
https://risky.biz/RB571
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Iowa app falls over, social and mainstream media chaos ensues
- Twitter acknowledges state-backed API abuse
- CDA 230 under review. Uh oh.
- Toll Group ransomware
- ICS-compatible ransomware spotted in wild
- UN got owned pretty hard
- Is Joshua Schulte The Shadow Brokers? A theory
- Much, much more.
This week’s show is brought to you by Okta.
Okta’s Simon Thorpe will be along this week to talk about a new trend they’re seeing and obviously encouraging – enterprises ditching Microsoft’s Active Directory. It’s a cloud, cloud, cloud, cloud, world these days. and in the year 2020, you might want to actually ask yourself – do you still need to be using AD?
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- The Iowa Caucus Tech Meltdown Is a Warning | WIRED
- Democrats’ Iowa Caucus Voting App Stirs Security Concerns - WSJ
- Twitter says an attacker used its API to match usernames to phone numbers | ZDNet
- Google Guilty Of ‘Big Screw Up’ That May Have Leaked Your Videos To A Random Stranger
- Department of Justice to Hold Workshop on Section 230 of the Communications Decency Act | OPA | Department of Justice
- The EARN IT Act: How to Ban End-to-End Encryption Without Actually Banning It | Center for Internet and Society
- Encryption laws not used to fight terrorism - InnovationAus
- Toll Group confirms "targeted" ransomware attack - Security - iTnews
- Toll IT Systems Update | Toll Group
- (24) Bad Packets Report on Twitter: "@riskybusiness @rycrozier Their Citrix server, https://t.co/66XQWpiFyF, was vulnerable to CVE-2019-19781 on 2020-01-11T06:30:06Z." / Twitter
- (24) MalwareTech on Twitter: "A day prior to the Travelex hack, its parent company was worth $2.1 Billion. A month later it is now worth $764 Million. The CEO owns 63% of the shares, which puts his personal loss around $850 Million." / Twitter
- Dozens of companies have data dumped online by ransomware ring seeking leverage | Ars Technica
- Mysterious New Ransomware Targets Industrial Control Systems | WIRED
- The New Humanitarian | EXCLUSIVE: The hack the UN tried to keep under wraps
- UN didn't patch SharePoint, got mega-hacked, covered it up, kept most staff in the dark, finally forced to admit it • The Register
- Iranian hackers target US government workers in new campaign | ZDNet
- As Vault 7 trial begins, Joshua Schulte's attorneys will argue he's a whistleblower
- Trial of Accused 'Vault 7' Leaker Opens in New York
- Senior Adviser To The Operator Of The “Silk Road” Website Pleads Guilty In Manhattan Federal Court | USAO-SDNY | Department of Justice
- Three suspects arrested in Maltese bank cyber-heist | ZDNet
- Raytheon engineer arrested for taking US missile defense data to China | ZDNet
- DOD contractor suffers ransomware infection | ZDNet
- Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet
- Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security — Krebs on Security
- FCC Confirms 'One or More' Carriers Broke the Law Selling Location Data - VICE
- Anti-virus firm Avast shuts down its data-selling subsidiary
- Department of Interior grounding drone fleet over cybersecurity concerns
- Google open-sources the firmware needed to build hardware security keys | ZDNet
- Apple wants to standardize the format of SMS OTPs (one-time passcodes) | ZDNet
- Why direct-memory attacks on laptops just won't go away
- Facebook settles facial recognition lawsuit for $550 million
- Remember FindFace? The Russian Facial Recognition Company Just Turned On A Massive, Multimillion-Dollar Moscow Surveillance System
- London to deploy live facial recognition to find wanted faces in a crowd | Ars Technica
- (15) DC3 VDP on Twitter: "Happy Friday hackers! Nitesh @ideaengine007 found a critical RCE vulnerability in Jenkins that led us to discover a Bitcoin mining service running on a DoD website 😲. Head over to the disclosed report to see all the details! Thanks for being 🔥 Nitesh https://t.co/YywrVZu2Uc" / Twitter
- (15) HD Moore on Twitter: "Flamingo is a new open source tool from @Atredis for capturing credentials sprayed by IT and security products: https://t.co/NDmCfA0qvA (h/t to @4lex for HTTP NTLM support!) https://t.co/V2jKi3Enpg" / Twitter
- Spotlight shone on Microsoft Azure vulnerability | The Daily Swig
- Magento fixes trio of critical security flaws | The Daily Swig
- Serious flaw that lurked in sudo for 9 years hands over root privileges | Ars Technica
- An Artist Used 99 Phones to Fake a Google Maps Traffic Jam | WIRED
- Google cuts Chrome 'patch gap' in half, from 33 to 15 days | ZDNet
- Researcher: Backdoor mechanism still active in devices using HiSilicon chips | ZDNet
|
Feb 05, 2020 |
Risky Biz Soap Box: Zane Lackey on the rush to Azure and securing Web apps against logic flaws
https://media3.risky.biz/soapbox34.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2811583715
https://risky.biz/soapbox34
In this edition of the Soap Box podcast we’re joined by Zane Lackey, a co-founder of Signal Sciences.
Signal Sciences makes, in essence, a “next generation” Web Application Firewall, or WAF. Signal Sciences is a pretty well-established startup these days with a zillion customers, so he has some real insight into what’s happening out there in webapp land.
In this conversation he has some really interesting things to say: First, there’s a rush to Azure happening right now. It has become the platform of choice for all sorts of organisations.
He also has some really interesting things to say about how to protect web applications from logic flaws. Some simple ideas that should really help lock things down.
Enjoy!
|
Jan 30, 2020 |
Risky Business #570 -- FTI report lands like a lead balloon
https://media3.risky.biz/RB570.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2788040454
https://risky.biz/RB570
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The FTI report on the Bezos incident is a massive let down
- UK lets Huawei into 5G build
- SeaTurtle campaign pinned on Turkey
- Mitsubishi owned through its AV solution
- Ransomware crews owning unpatched Citrix boxes
- Much, much more.
This week’s sponsor guest is Sherrod DeGrippo of Proofpoint. She’s a senior director of threat research there and she’ll be along to talk about the Emotet malware. Despite being spray and pray malware, it’s pretty successful because it operates at such ridiculous scale. Sherrod joins us with details.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jan 29, 2020 |
Feature podcast: Alexa O'Brien on Wikileaks, intelligence and influence
https://media3.risky.biz/HF4.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2696217913
https://risky.biz/HF4
This podcast is brought to you by the William and Flora Hewlett Foundation. The Foundation funds a lot of interesting people and work in the cybersecurity space and they’re supporting this special podcast series examining topics of interest to cyber policy makers.
In this podcast we’re going to hear from Alexa O’Brien. She’s currently studying a Masters in Applied Intelligence at Georgetown University. She’s also working on an ethical framework for the applied intelligence discipline – collection, analysis and the like – for media practitioners.
Alexa is also a journalist. Her most recent major work is a July 2019 analysis of the US media’s coverage of civilian harm in the war against ISIS, I’ve linked through to that in the show notes below.
Before she worked as an established journalist, Alexa covered Chelsea Manning’s trial at Fort Meade on her blog. Her transcript of the proceedings were a tremendous help to the wider media, and it was this work that briefly pulled her into the Wikileaks “scene”.
It wasn’t a good fit.
Alexa joined me for this freewheeling discussion about intelligence, ethics, moral authority and signs that not everything is as it seems in the Wikileaks universe.
|
Jan 23, 2020 |
Risky Business #569 -- Bezos' Saudi hack claims, Glenn Greenwald facing cybercrime charges
https://media3.risky.biz/RB569a.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2684019073
https://risky.biz/RB569
On this week’s show Patrick and Adam discuss the week’s security news, including:
- MBS fingered in Bezos dick pic breach
- Glenn Greenwald facing cybercrime charges over Vaza Jato Telegram leaks
- Citrix finally patches 90s-style ADC bugs
- IE 0day doing the rounds, no patch available
- PoCs for 0601 drop
- Much, much more…
This week’s show is sponsored by VMRay, a sandbox-based malware analyser. You throw a sample into it and it spits out all sorts of useful information. Rather than having one of its own staff in this week’s sponsor slot, VMRay has put forward one of its customers instead. Expel is a managed security provider, and it is making heavy use of VMRay to do malware analysis. Tyler Fornes is a Senior Detection and Response Analyst at Expel and he joined me to talk about how they’re using VMRay to actually make life easier.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Jan 22, 2020 |
Risky Business #568 -- Let's Decrypt
https://media3.risky.biz/RB568.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2589217524
https://risky.biz/RB568
On this week’s show Patrick and Adam discuss the week’s security news, including:
- NSA drops a sweet Microsoft crypto bug
- Burisma targeted by GRU. 2016 all over again?
- Citrix users having a bad time
- Intrusion Truth targets APT40
- No more BYOD for US soldiers in Middle East
- Much, much more
We have a new sponsor in this week’s show – ExtraHop Networks. Network monitoring is dead! Long live network monitoring!
Matt Cauthorn is ExtraHop’s VP of cybersecurity engineering and he’ll join us this week to talk about recent moves by cloud providers to offer full virtual network mirror ports out of their infrastructure.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
*Credit for this week’s headline goes to @appsecbloke.
|
Jan 16, 2020 |
Risky Business #567 -- ToTok, Iran and big-game ransomware galore
http://media2.risky.biz/RB567.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2468939557
https://risky.biz/RB567
In this week’s show Patrick Gray and Alex Stamos discuss all the week’s news, including:
- Will Iran cyber all the cybers?
- ToTok chat app alleged to be UAE spy tool
- China makes moves on own OS
- Big game ransomware hits crisis levels
- WSJ carries water for NSO Group
- Much, much more
This week’s show is brought to you Bugcrowd. We’ll be hearing from Bugcrowd’s Casey Ellis in this week’s sponsor interview. He’ll be talking about the US federal government’s decision to force all departments into accepting bug reports – he thinks this is a move that will have a big impact on the wider security ecosystem.
Links to everything are below!
|
Jan 08, 2020 |
Risky Business #566 -- Balkanisation, ransomware, comedy bugs close out the decade
http://media2.risky.biz/RB566.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
2075406394
https://risky.biz/RB566
On this week’s show Patrick and Adam discuss the week’s security news, including:
- China to ditch foreign hardware, software, from government use
- Huawei sues FCC
- More background on Project Raven
- Senate hearings into encryption
- Reddit fingers alleged RU disinfo campaign
- “Evil Corp” hackers have lots of money, terrible taste
- Ransomware attacks galore
- Much, much more
This week’s sponsor interview is with Haroon Meer of Thinkst Canary. And we’re going to do the typical thing and have a look forward to what we can expect to see in security next year. But we’re going less for the big, dumb predictions and more picking the trends we expect to strengthen over the next year.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Dec 11, 2019 |
Risky Biz Soap Box: Some Zero Trust facts of life
http://media2.risky.biz/soapbox33.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1996856710
https://risky.biz/soapbox33
Our guest in this edition is Will Peteroy. He’s currently the CTO of security at Gigamon after his company, ICEBRG, was acquired by Gigamon last year. Will has a long and interesting background in security.
As you’ll hear, he worked on the security team at Microsoft once upon a time. He even co-wrote Microsoft’s gigantic paper on mitigating “pass the hash” attacks some years ago. He also did some time with the “Department of Defense” some time ago. He’s a knowledgable fella.
And he’s been spending considerable time lately focussing on the issue of Zero Trust Networks.
Zero Trust is one of those things that’s super simple in theory, but absolutely, awfully complicated when you actually try to do it. So Will joined me for this chat about Zero Trust networks, how to define them, how to transition to them, what some of the steps are and thinking is. It’s a great conversation for any CSOs who are working through some of the issues that pop up when they’re transitioning to ZT architectures.
|
Dec 05, 2019 |
Risky Business #565 -- Crypto bro takes Jong turn
http://media2.risky.biz/RB565.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1977312777
https://risky.biz/RB565
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Ethereum developer Virgil Griffith charged for allegedly teaching DPRK about cryptocurrency
- DHS/CISA government vulnerability disclosure program takes shape, looks good
- Adobe discloses Magento Marketplace data breach
- Fully patched Android devices targeted
- IM-RAT takedown
- Much, much more
This week’s sponsor interview is with Brian Robison of BlackBerry Cylance. He pops along to talk about some interesting research they’ve done on mobile malware.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Dec 04, 2019 |
Risky Business #564 -- PRC suffers leak, alleged defection
http://media2.risky.biz/RB564.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1877789393
https://risky.biz/RB564
On this week’s show Patrick and Adam discuss the week’s security news, including:
- RIPE has officially run out of v4 addresses
- NSO workers sue Facebook to get their accounts back
- Mike Pompeo, Republican lawmakers keep Crowdstrike conspiracy theory alive
- Bugs, hacks, ransomware disasters and more.
This week’s sponsor interview is with Sally Carson of Duo Security. Sally has been a designer for over 20 years, joining Duo in 2015 to build the company’s Product Design and User Research practice from the ground up. Duo now employs one designer for every five users, which is an extremely generous ratio.
As you’ll hear, Sally thinks empathy is the key to designing usable technology.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- The RIPE NCC has run out of IPv4 Addresses — RIPE Network Coordination Centre
- Workers at Israeli surveillance firm NSO sue Facebook for blocking private accounts - Reuters
- In just three months, Google sent 12k warnings about government-backed attacks | ZDNet
- Pompeo says Trump’s debunked Ukraine conspiracy theory is worth looking into - The Washington Post
- (1) Kevin Collier on Twitter: "A fun fact about Republicans embracing the idiotic Crowdstrike conspiracy theory is that the RNSC and RNCC both use Crowdstrike. Have paid more than $175,000 since 2017, per FEC filings. https://t.co/LSvCEbYccP" / Twitter
- Five Years Later, Who Really Hacked Sony? | Hollywood Reporter
- Commerce Department proposes rules for implementing Trump’s supply-chain security order
- Data leak reveals how China 'brainwashes' Uighurs in prison camps - BBC News
- China used Nick Zhao to try infiltrate federal Parliament, ASIO believes
- Chinese spy Wang Liqiang's revelations spark Taiwan detention of couple at Taoyuan Airport
- Iranian Americans Struggle to Reach Family Amid Internet Blackout | WIRED
- Iran letter raises prospect of 'white list' internet clampdown - BBC News
- Kevin Rudd says Julian Assange faces 'unacceptable' and 'disproportionate' punishment
- How the NYPD's fingerprint database got shut down by a computer virus
- 110 Nursing Homes Cut Off from Health Records in Ransomware Attack — Krebs on Security
- Over 480 million mobile VPN apps have been downloaded in the past year | ZDNet
- A hacking group is hijacking Docker systems with exposed API endpoints | ZDNet
- Cheap kids smartwatch exposes the location of 5,000+ children | ZDNet
- The California DMV Is Making $50M a Year Selling Drivers’ Personal Information - VICE
- The Debate Over How to Encrypt the Internet of Things | WIRED
- 1.2 Billion Records Found Exposed Online in a Single Server | WIRED
- CISA and VotingWorks release open source post-election auditing tool | ZDNet
- Extensive hacking operation discovered in Kazakhstan | ZDNet
- DOD joins fight against 5G spectrum proposal, citing risks to GPS | Ars Technica
- Scammers try a new way to steal online shoppers’ payment-card data | Ars Technica
- Suspect can’t be compelled to reveal “64-character” password, court rules | Ars Technica
- Aleksei Burkov, Russian accused of operating 'elite' hacking forum, pleads not guilty
- Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey - VICE
- Lights That Warn Planes of Obstacles Were Exposed to Open Internet - VICE
- Russia's ‘Sandworm’ Hackers Also Targeted Android Phones | WIRED
- Google will pay bug hunters up to $1.5m if they can hack its Titan M chip | ZDNet
- Twitter will finally let users disable SMS as default 2FA method | ZDNet
- New bypass disclosed in Microsoft PatchGuard (KPP) | ZDNet
- Exploit code published for dangerous Apache Solr remote code execution flaw | ZDNet
- Bugtraq: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products
|
Nov 27, 2019 |
Risky Biz Soap Box: Trend Micro VP of Cloud Research Mark Nunnikhoven
http://media2.risky.biz/soapbox32.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1858484169
https://risky.biz/soapbox32
This is a Soap Box edition of the show. Soap Box isn’t our regular weekly news program. If you’re looking for that one, scroll one show back in your podcast feed.
Soap Box is a wholly sponsored series of podcasts we do here at Risky Business where vendors give us money to appear. And while these are sponsored episodes they’ve actually become almost as popular as the weekly show. They started off about half as popular, and then I guess people gradually realised they don’t actually suck, so here we are.
Trend’s head of cloud research, Mark Nunnikhoven, is our guest in this edition and we have a pretty wide ranging conversation. A big part of this conversation is us talking about the differences between locking down a corporate network vs locking down a modern application production stack… and there’s a very funny part of this interview where Mark points out that AV scanning for Docker images actually makes sense. Seriously.
|
Nov 26, 2019 |
Risky Business #563 -- Phineas Phisher returns
http://media2.risky.biz/RB563.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1787937292
https://risky.biz/RB563
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Phineas Phisher returns, claims credit for Cayman bank hack and offers bounties for activist hijinks
- Microsoft cautiously backs DoH
- Huawei granted another 90-day stay of execution in US market
- Iranian APT crew targeting ICS supply chain
- Alexei Burkov extradition complete, appears in US court
- Some very funny stuff is happening to GPS in the Shanghai area
- Louisiana government ransomwared, emerges relatively unscathed
- Official Monero binaries trojaned. Lol.
- Much, much more!
This week’s show is brought to you by Senetas. Rob Linton from Senetas joins the show this week to talk about its O365 integration for its SureDrop product, a new feature that will be of interest to many Risky Business listeners.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - VICE
- Offshore Bank Targeted By Phineas Fisher Confirms it Was Hacked - VICE
- Microsoft says yes to future encrypted DNS requests in Windows | Ars Technica
- Exclusive: U.S. manufacturing group hacked by China as trade talks intensified - sources - Reuters
- US grants Huawei new 90-day license extension
- Iran’s APT33 Hackers Are Targeting Industrial Control Systems | WIRED
- How Iran's Government Shut Off the Internet | WIRED
- Why Were the Russians So Set Against This Hacker Being Extradited? — Krebs on Security
- Russia Fails to Stop Alleged Hacker From Facing US Charges | WIRED
- Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai - MIT Technology Review
- Ransomware hits Louisiana state government systems | ZDNet
- Ransomware Bites 400 Veterinary Hospitals — Krebs on Security
- Antivirus vendors and non-profits join to form 'Coalition Against Stalkerware' | ZDNet
- Official Monero website compromised with malware that steals funds | ZDNet
- Anonymous hacker gets a whopping six years in prison for some lame DDoS attacks | ZDNet
- DDoS-for-Hire Boss Gets 13 Months Jail Time — Krebs on Security
- US student was allegedly building a custom Gentoo Linux distro for ISIS | ZDNet
- 20-year-old Chicago man charged with writing code to spread ISIS propaganda
- The Dark Overlord hacking suspect who's fighting extradition to the U.S. is running out of options
- Citing security concerns, senators call on White House to appoint coordinator for 5G issues
- Burglars Really Do Use Bluetooth Scanners to Find Laptops and Phones | WIRED
- LA warns of ‘juice-jacking’ malware, but admits it has no cases | TechCrunch
- Someone is using the 'Cozy Bear' moniker to scare DDoS victims into bitcoin payments
- 146 New Vulnerabilities All Come Preinstalled on Android Phones | WIRED
- As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones
- GitHub launches 'Security Lab' to help secure open source ecosystem | ZDNet
- Google Chrome experiment crashes browser tabs, impacts companies worldwide | ZDNet
- Chrome, Edge, Safari hacked at elite Chinese hacking contest | ZDNet
- Company discovered it was hacked after a server ran out of free space | ZDNet
- TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers | ZDNet
- How a turf war and a botched contract landed 2 pentesters in Iowa jail | Ars Technica
- What Happens When You Remove a Police-Installed GPS Tracker | WIRED
- Password
- SUREDROP
|
Nov 21, 2019 |
Risky Business #562 -- Two former Twitter staff charged over Saudi spying
http://media2.risky.biz/RB562.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1698589939
https://risky.biz/RB562
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Two ex Twitter employees charged with spying for KSA
- US border device searches now require suspicion after ACLU win
- Unredacted Corellium lawsuit response drops
- Ransomware attacks on hospitals increase mortality
- Much, much more!
This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Nov 13, 2019 |
Risky Biz Soap Box: Capsule8 chief scientist Brandon Edwards
http://media2.risky.biz/soapbox31.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1624417568
https://risky.biz/soapbox31
The Soap Box podcast is a wholly sponsored podcast series we do here at Risky.biz, which means everyone you hear on it paid to appear.
This edition of the Soap Box is brought to you by Capsule8.
It’s taken a long time, but over the last couple of years we’ve seen a meaningful Linux security software market emerge. It makes sense, I guess, considering the modern production environment is all glued together from various Linux systems. So, we’re seeing some interesting approaches to the Linux security challenge pop up.
Capsule8 makes detection and visibility software for Linux. You can use it to spot various types of funny behaviour on your Linux systems. Brandon Edwards is Capsule8’s chief scientist and he is our guest today.
We speak about a few things, but primarily this conversation centres on the fact that modern production environments have become so complex it’s almost impossible to comprehend how they work. We’ve lost insight, and we’ve even lost the ability to understand how individual security flaws can impact our wider production environments.
So we’re going to talk about complexity in modern production environments, and then we’ll talk a bit about Capsule8’s approach to the Linux security challenge. Enjoy!
|
Nov 07, 2019 |
Risky Business #561 -- Report: NSO exploits used against politicians, senior military targets
http://media2.risky.biz/RB561.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1616627995
https://risky.biz/RB561
On this week’s show Patrick Gray and Mark Piper discuss all the week’s security news, including:
- NSO Group malware turning up in some unexpected places
- Bluekeep mass exploitation finally begins
- Owning smart home devices with friggin’ lasers
- Two plead guilty to hacks on Lynda.com, Uber
- Imperva CEO departs following breach
- TLS Delegated Credentials sound like A VERY GOOD IDEA
- Cybercommand heads to Montenegro
- Much, much more
This week’s show is brought to you by Thinkst Canary. Haroon Meer and Adrian Sanabria from Thinkst recently did a keynote talk at the Virus Bulletin conference in London. Titled “The Security Products We Deserve,” it’s a stinging critique of the security product lifecycle. VC firms keeping stupid ideas alive, analyst firms being parasites, vendors not doing security testing on their equipment and so much more. We’ll be talking to Haroon Meer about that keynote in this week’s sponsor interview, which will run after this week’s news segment.
Links to everything are below.
|
Nov 06, 2019 |
Feature Podcast: Critical infrastructure security with Eric Rosenbach and Robert M Lee
http://media2.risky.biz/HF3.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1550807447
https://risky.biz/HF3
This podcast is brought to you by the William and Flora Hewlett Foundation, and it’s the second in a series of podcasts we’re doing that are all about cyber policy.
The Foundation funds a lot of interesting people and work in the cybersecurity space. So the idea behind this podcast series is pretty simple: we talk to Hewlett’s grant recipients, or experts in Hewlett’s network, about pressing policy issues and turn those conversations into podcasts. The whole idea is to get some policy perspectives out there among the Risky Business audience, which, funnily enough, includes a lot of policymakers.
This podcast features both Eric Rosenbach and Robert M Lee talking about ICS security.
Eric is the co-director of the Belfer Center for Science and International Affairs at the Harvard Kennedy School. He also heads the Defending Digital Democracy project there. Eric has a very long and somewhat fascinating resume. As United States Assistant Secretary of Defense he led the US Defense Department’s efforts to counter cyberattacks by Iran and North Korea on US critical infrastructure. He’s also worked as a Chief Security Officer in the private sector and served as Pentagon chief of staff from 2015-2017.
Robert M Lee is the founder of Dragos Inc, a very well known company in the ICS/OT security space. Rob started out in infosec with the US Air Force as a Cyber Warfare Operations Officer tasked to the NSA, but as you’ll hear, Rob is actually pretty optimistic about the ICT/OT security challenge.
|
Oct 31, 2019 |
Risky Business #560 -- Facebook sues NSO Group
http://media2.risky.biz/RB560.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1535977856
https://risky.biz/RB560
On this week’s show Patrick and gust co-host Alex Stamos discuss the week’s security news, including:
- Facebook files suit against NSO Group
- Corellium responds to Apple suit
- Indian nuclear power plant administrative network likely attacked by DPRK
- Mass defacement in Georgia. Old schooooool!
- Fancy Bear targets 2020 Olympics
- FCC proposes subsidies for telcos to rip and replace Huawei, ZTE equipment
- City of Johannesburg data held to ransom, but it’s not ransomware
- Much, much more
This week’s sponsor interview is with Jake King of CMD Security. The topic is applying the MITRE ATT&CK framework
Links to everything that we discussed are below and you can follow Patrick or Alex on Twitter if that’s your thing.
|
Oct 30, 2019 |
Risky Business #559 -- Maybe it was the Israelis hacking the Russians to masquerade as Iranians?
http://media2.risky.biz/RB559.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1439086867
https://risky.biz/RB559
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Fresh details on Turla’s hostile takeover of Oilrig
- Russians doing very interesting things with “tagged” TLS
- China wants an aerospace sector so a lot of people got a lot of owned
- Imperva releases breach details
- Zendesk cops to 2016 breach
- German manufacturer, US transport tech company sunk by ransomware
- NordVPN gets owned
- AVAST owned. Lots. Again.
- Welcome to Video takedown
- Much, much more
This week’s show is brought to you by Trail of Bits! We’ll be hearing from Trail of Bits practice lead for assurance Stefan Edwards all about their work on a recent security audit of Kubernetes. As it turns out, Kubernetes isn’t actually a horror show, but Stefan thinks you might want to run a hosted instance unless you’re a real expert.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 23, 2019 |
Snake Oilers 10 part 2: Do too many users have VPN access to your prod environment? There's another way!
http://media2.risky.biz/snakeoilers10pt2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1255874931
https://risky.biz/snakeoilers10pt2
In this edition of Snake Oilers Patrick speaks to:
- Justin McCarthy of StrongDM
StrongDM makes a protocol proxy that you can use to provision production services (like Kubernetes and SQL access) to users without them requiring full VPN access to prod. This is very cool stuff, if you manage a large prod environment that’s suffering from VPN sprawl you’ll want to check this one out.
Nicholas is the senior technical product manager for InsightIDR. InsightIDR is a SIEM/EDR play that integrates a bunch of stuff. These days Rapid7 is really emphasising the holistic nature of InsightIDR, rather than the endpoint part, and Nicholas joins the show to talk about that.
- Preston Hogue of F5 Networks
F5 Networks recently acquired NGINX as a part of a push to become cloud-relevant. Their strategy is to allow for F5 security smarts to be inserted basically anywhere and anyhow you want. Preston joins the show to talk about that!
Links to our Snake Oilers sponsors are below!
|
Oct 09, 2019 |
Risky Biz Soap Box: Yubico's Jerrod Chong talks series 5 Yubikeys and what's next
http://media2.risky.biz/soapbox30.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1165910635
https://risky.biz/soapbox30
These Soap Box podcasts are a wholly sponsored series of podcasts we do here at Risky.Biz, so everyone you hear on the Soap Box podcast paid to be here.
But that’s ok, because we’ve got some great sponsors. This podcast is brought to you by Yubico, makes of the Yubikey devices. These podcasts with Yubico have basically turned into an annual thing. Jerrod Chong is the Chief Solutions Officer at Yubico and he joined me for this conversation about what’s new in Yubico-land. They’ve launched some new stuff, including Yubikeys with lightning adapters for iOS devices, and Jerrod also talks about hardware 2FA moving increasingly to the mainstream.
If you’re reading this within 48 hours of this podcast going live, you can get yourself a $20 discount on any two of the new series 5 Yubikeys by visiting this link and using the code ‘Risky19’.
|
Oct 03, 2019 |
Risky Business #558 -- Trump targets Crowdstrike, Apple jailbreakers rejoice
http://media2.risky.biz/RB558.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1155962778
https://risky.biz/RB558
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Apple jailbreakers partying in the streets
- Donald Trump targets Crowdstrike over 4chan conspiracy nonsense
- Ransomware absolutely everywhere this week
- Horror-show VxWorks bugs are popping up in other stacks
- OnApp fixes mother of all misconfigurations
- More SIM card issues
- Much, much more
In this week’s sponsor interview we chat with Mr Sandbox himself, VMRay’s Carsten Willems. He’s along to talk about VMRay’s involvement in a machine-learning bypass competition that happened at DEFCON earlier this year.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval | WIRED
- No, it wasn’t a virus; it was Chrome that stopped Macs from booting | Ars Technica
- How Trump’s Ukraine Mess Entangled CrowdStrike | WIRED
- Trump Was Repeatedly Warned That Ukraine Conspiracy Theory Was ‘Completely Debunked’ - The New York Times
- Evan McMurry on Twitter: "NEW: Tom Bossert on Pres. Trump's Crowdstrike reference on Ukraine call: "It's not only a conspiracy theory, it is completely debunked... "I am deeply frustrated with what [Rudy Giuliani] and the legal team is doing in repeating that debunked theory to the president." https://t.co/o1lcVI31u8" / Twitter
- Trump Still Doesn't Believe Russia Hacked the 2016 Election | WIRED
- Trump told Russian officials in 2017 he wasn’t concerned about Moscow’s interference in U.S. election - The Washington Post
- Airbus hit by series of cyber attacks on suppliers
- U.S. Steps Up Scrutiny of Airplane Cybersecurity - WSJ
- Ransomware forces 3 hospitals to turn away all but the most critical patients | Ars Technica
- Surgeries delayed and patient security fears after cyber attack on Victorian hospitals
- Wood Ranch Medical Announces Permanent Closure Due to Ransomware Attack
- Malware infection disrupts production at defence contractor plants in three countries | ZDNet
- Over 500 US schools were hit by ransomware in 2019 | ZDNet
- Ransomware incident to cost Danish company a whopping $95 million | ZDNet
- Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED
- Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say - VICE
- California's new labor law is going to impact bug bounty companies. By how much is unknown.
- Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold - VICE
- New SIM card attack disclosed, similar to Simjacker | ZDNet
- German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting — Krebs on Security
- Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet
- Microsoft bans 38 file extensions in Outlook for the Web | ZDNet
- AT&T redirected pen-test payloads to the FBI's Tips portal | ZDNet
- Azure Sentinel, Microsoft's cloud-based SIEM, hits general availability | ZDNet
- Microsoft will now encrypt new SSDs with BitLocker | TechRadar
- High-severity vulnerability in vBulletin is being actively exploited | Ars Technica
- Cybersecurity giant Comodo can’t even keep its own website secure | TechCrunch
- Threesome Blowjob Scene on Giant Highway Billboard Could Have Caused an Accident, Police Say - VICE
- Porn on the big screen in central Auckland: Asics video monitor hacked - NZ Herald
- Yahoo Engineer Used Insider Access to Get Private Photos of Women - VICE
- Landmark White data beach: Sydney IT contractor arrested after high-profile cyber attack
- Home - MLSEC
- VMRay | Malware Analysis Tools | Malware Sandbox Solutions
|
Oct 02, 2019 |
Snake Oilers 10 part 1: Richard Bejtlich talks Zeek plus pitches from Respond Software and PATH Networks
http://media2.risky.biz/snakeoilers10pt1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1082701771
https://risky.biz/snakeoilers10pt1
In this edition of the Snake Oilers podcast host Patrick Gray speaks to:
- Richard Bejtlich of Corelight
Richard talks about Zeek, formerly Bro, and how enterprises can use it to capture useful network information for analysis, forensics and detection purposes. Richard is an industry luminary and it’s a great interview.
- Marshal Webb of PATH Networks
Marshal explains how new technology like eBPF and XDP mean it’s possible to build DDoS mitigation rigs out of commodity hardware. That means DDoS mitigation is about to get a whole lot cheaper, and PATH is in pole position in this soon-to-be disrupted market.
- Chris Tiolo from Respond Software
Respond Software makes a decision agent for the modern SOC. They are aiming to completely replace level 1 SOC analysts so those resources can be freed up to do higher-value work. They’re offering free live and retroactive trials of their software, and it definitely belongs in the “why not take it out for a spin” category.
Some links to the company websites and blogs are below!
|
Sep 26, 2019 |
Risky Business #557 -- 26 nations release cyber norms statement at UN
http://media2.risky.biz/RB557.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1072336456
https://risky.biz/RB557
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Tibetans targeted in mobile malware campaign
- Iran denies cyber-attack nobody was asking about
- More news from the Middle East
- 26 nations open UN General Assembly with statement on cyber norms
- Fedex sued over company’s NotPetya response, exec share sales
- Why “quantum supremacy” isn’t a big deal. Yet.
- Much, much more
In this week’s sponsor interview we talk to Cody Wood of Signal Sciences about http request smuggling. What it is and why it’s a nightmare to fix.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 25, 2019 |
Risky Business #556 -- US Treasury targets DPRK crews, more details on Ukraine power hack
http://media2.risky.biz/RB556.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
1001237172
https://risky.biz/RB556
On this week’s show Patrick and Adam discuss the week’s security news, including:
- US Treasury targets DPRK APT crews
- Russia owned FBI counter surveillance team radio comms
- New details on 2016 attack against Ukraine power grid
- US Government to sue Edward Snowden for memoir profits
- Did RCMP intelligence director tip Phantom Secure on investigation?
- Much, much more!
This week’s sponsor interview is with Casey Ellis of Bugcrowd. It’s an interesting chat with Casey this week. He was at the Billington cyber conference a couple of weeks ago and he had a bunch of interesting discussions there with people in the aerospace sector.
Between recent Black Hat presentations on 787 security and the trouble Boeing has had with it’s 737-MAX, software security and resiliency is all of a sudden on the agenda in aerospace. Casey drops by to talk about all of that.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 18, 2019 |
Risky Business #555 -- Bluekeep Metasploit module released, Paige Thompson pleads not guilty and more
http://media2.risky.biz/RB555.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
919886090
https://risky.biz/RB555
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Paige Thompson pleads not guilty to CapitalOne hack
- German government probes FinFisher
- Bluekeep Metasploit module dropped
- DPRK samples hit VT, courtesy of our friends in the USA
- Apple releases awful statement about mass exploitation of its devices
- Much more
This week’s show is brought to you by Blackberry Cylance. In this week’s sponsor interview we’ll be talking about US Cybercommand dropping some sweet, sweet APT28 samples on VirusTotal back in May. We’ll talk a little bit about that malware, and also have a more general discussion about CYBERCOM VT drops with Cylance research staffers Steve Barnes and Josh Lemos.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 11, 2019 |
Risky Biz Soap Box: MITRE ATT&CK framework is now officially everywhere
http://media2.risky.biz/soapbox29.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
853219081
https://risky.biz/soapbox29
The Soap Box podcast series is a fully sponsored podcast series we do here at Risky.Biz, and that means that everyone you hear in it paid to be featured.
This edition of the Soap Box podcast is brought to you by AttackIQ and in in it we talk to its CISO and VP of customer success Chris Kennedy. And we’ll be discussing a topic of that frankly should be talked about a bit more: the MITRE ATT&CK framework.
We also talk about attack simulation and which security controls are most commonly and catastrophically misconfigured. If you’re a CISO you’ll like this one.
|
Sep 05, 2019 |
Risky Business #554 -- Is there an iOS exploit glut?
http://media2.risky.biz/RB554.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
842810969
https://risky.biz/RB554
Alex Stamos is our news co-host this week. Patrick and Alex discuss all the week’s security news, including:
- Mass exploitation of iOS devices by Chinese govt
- Telegram moves to nix phone number enumeration “feature”
- USA targeted Iranian maritime awareness system
- Existence of Stuxnet mole revealed by Kim Zetter
- @jack gets hacked
- Much, much more
This week’s sponsor interview is with Michelle Price of AustCyber. AustCyber is the organisation here in Australia that aims to build out the Australian cyber security industry and skills base, and Michelle pops in this week to tell us all about the upcoming Australian Cyber Week.
Links to everything are below in the show notes.
Show notes
- Project Zero: A very deep dive into iOS Exploit chains found in the wild
- Mysterious iOS Attack Changes Everything We Know About iPhone Hacking | WIRED
- iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources
- Apple iPhone Hack Exposed By Google Breaks WhatsApp Encryption
- This Has Been the Worst Year for iPhone Security Yet - VICE
- Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks | WIRED
- Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen - VICE
- Researchers uncover malicious sites targeting China's Uyghur population
- Confirmed: Google’s Android Suffers Sustained Attacks By Anti-Uighur Hackers
- Exclusive: Messaging app Telegram moves to protect identity of Hong Kong protesters - Reuters
- U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say - The New York Times
- Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
- North Korean state hackers target retired diplomats and military officials | ZDNet
- How Twitter CEO Jack Dorsey's Account Was Hacked | WIRED
- Google launches bounty program to spot misuses of Google API, Chrome, and Android user data | ZDNet
- Google adds all Android apps with +100m installs to its bug bounty program | ZDNet
- Cisco releases guides for incident responders handling hacked Cisco gear | ZDNet
- BEC overtakes ransomware and data breaches in cyber-insurance claims | ZDNet
- How MuleSoft patched a critical security flaw and avoided a disaster | ZDNet
- Rash of ransomware continues with 13 new victims—most of them schools | Ars Technica
- Russian police take down malware gang that infected 800,000+ Android smartphones | ZDNet
- Avast and French police take over malware botnet and disinfect 850,000 computers | ZDNet
- TrickBot, today's top trojan, adds feature to aid SIM swapping attacks | ZDNet
- German bank loses €1.5 million in mysterious cashout of EMV cards | ZDNet
- Over 47,000 Supermicro servers are exposing BMC ports on the internet | ZDNet
- Spam In your Calendar? Here’s What to Do. — Krebs on Security
- Marc Owen Jones on Twitter: "[Thread] As promised, today I want to tell you of how I became friends with a Twitter troll called Angus Gallagher. Angus recently had a sex/ethnicity reassignment operation. He is now called Jasmine, but we'll come to that a bit later. First though, say hi to Angus #StopTheCoup https://t.co/z9cjTZxkxo" / Twitter
- Security Engineer job in Austin, TX at Praetorian
- National Missing Persons Hackathon 2019 Tickets, Fri 11/10/2019 at 9:30 am | Eventbrite
|
Sep 04, 2019 |
Risky Business #553 -- Imperva's cloud WAF gets owned hard
http://media2.risky.biz/RB553.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
770229141
https://risky.biz/RB553
|
Aug 28, 2019 |
Risky Biz Soap Box: Casey Ellis on "match.com for hackers"
http://media2.risky.biz/soapbox28.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
726200181
https://risky.biz/soapbox28
|
Aug 22, 2019 |
Risky Business #552 -- Guest host Alex Stamos on all the week's security news
http://media2.risky.biz/RB552.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
716946275
https://risky.biz/RB552
|
Aug 21, 2019 |
Feature Podcast: Inaction is escalatory
http://media2.risky.biz/HF2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
657311032
https://risky.biz/HF2
|
Aug 15, 2019 |
Risky Business #551 -- Post Vegas edition, more news than we can handle
http://media2.risky.biz/RB551.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
649001470
https://risky.biz/RB551
|
Aug 14, 2019 |
Risky Business #550 -- CapitalOne owned, Hutchins sentenced, VxWorks horror-show and more!
http://media2.risky.biz/RB550.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
495821517
https://risky.biz/RB550
|
Jul 31, 2019 |
Risky Business #549 -- FSB contractor breached, Equifax fined, NSO Group targets cloud
http://media2.risky.biz/RB549.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
437037191
https://risky.biz/RB549
|
Jul 24, 2019 |
Risky Biz Soap Box: Ryan Kalember of Proofpoint on "Very Attacked People"
http://media2.risky.biz/soapbox27.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
406143926
https://risky.biz/soapbox27
|
Jul 18, 2019 |
Risky Business #548 -- Zoom RCE details and all the week's news
http://media2.risky.biz/RB548.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
397849966
https://risky.biz/RB548
|
Jul 17, 2019 |
Risky Business #547 -- Zoom-gate, massive GDPR fines, ship hack warnings and more
http://media2.risky.biz/RB547.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
371073239
https://risky.biz/RB547
|
Jul 10, 2019 |
Risky Biz Soap Box: Cylance talks Persona
http://media2.risky.biz/soapbox26.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
360531012
https://risky.biz/soapbox26
|
Jul 04, 2019 |
Risky Business #546 -- The fifth domain sees some action
http://media2.risky.biz/RB546.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
351108226
https://risky.biz/RB546
|
Jul 03, 2019 |
Feature podcast: An interview with Jim Baker, former general counsel, FBI
http://media2.risky.biz/HF1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
282558027
https://risky.biz/HF1
|
Jun 15, 2019 |
Risky Business #545 -- US Government loses control of customs mugshot database
http://media2.risky.biz/RB545.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
271101832
https://risky.biz/RB545
|
Jun 12, 2019 |
Risky Business #544 -- NYTimes Baltimore report falls over
http://media2.risky.biz/RB544.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
248796578
https://risky.biz/RB544
|
Jun 05, 2019 |
Risky Business #543 -- NYTimes blames NSA for Baltimore hacks, Assange faces espionage charges
http://media2.risky.biz/RB543.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
211743734
https://risky.biz/RB543
|
May 29, 2019 |
Risky Biz Soap Box: VMRay CEO Carsten Willems talks sandbox tech
http://media2.risky.biz/soapbox25.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
179522136
https://risky.biz/soapbox25
|
May 23, 2019 |
Risky Business #542 -- Confusion reigns over Huawei ban
http://media2.risky.biz/RB542.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
176460553
https://risky.biz/RB542
|
May 22, 2019 |
Risky Biz Soap Box: Signal Sciences on serverless, app-layer deception and more
http://media2.risky.biz/soapbox24.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
132463668
https://risky.biz/soapbox24
|
May 16, 2019 |
Risky Business #541 -- NSO Group makes global headlines. What next?
http://media2.risky.biz/RB541.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
132463669
https://risky.biz/RB541
|
May 15, 2019 |
Risky Business #540 -- In depth: Hamas cyber unit destroyed in air strike
http://media2.risky.biz/RB540.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
77527946
https://risky.biz/RB540
|
May 08, 2019 |
Snake Oilers 9 part 2: Rapid7 talks SOAR, Trend Micro on its API-based email security play
http://media2.risky.biz/snakeoilers9pt2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
44243225
https://risky.biz/snakeoilers9pt2
|
May 02, 2019 |
Risky Business #539 -- Docker Hub owned, Cloudflare, Bloomberg under fire
http://media2.risky.biz/RB539.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
44243226
https://risky.biz/RB539
|
May 01, 2019 |
Risky Business #538 -- Marcus Hutchins is a milkshake duck, Iranian APTs doxxed and more
http://media2.risky.biz/RB538.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873044
https://risky.biz/RB538
|
Apr 25, 2019 |
Snake Oilers 9 part 1: The best Snake Oilers edition we've ever run
http://media2.risky.biz/snakeoilers9pt1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873045
https://risky.biz/snakeoilers9pt1
|
Apr 23, 2019 |
Risky Business #537 -- Assange arrested, WordPress ecosystem on fire
http://media2.risky.biz/RB537.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873046
https://risky.biz/RB537
|
Apr 17, 2019 |
Risky Business #536 -- Mar-a-Lago arrest, ASUS supply chain attack and more
http://media2.risky.biz/RB536.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873047
https://risky.biz/RB536
|
Apr 10, 2019 |
Risky Biz Soap Box: All about WebAuthn with Duo Security
http://media2.risky.biz/soapbox23.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873048
https://risky.biz/soapbox23
|
Apr 02, 2019 |
Risky Business #535 -- Stop giving Cloudflare money
http://media2.risky.biz/RB535.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873049
https://risky.biz/RB535
|
Mar 20, 2019 |
Risky Business #534 -- Manning back in clink, automotive industry under attack
http://media2.risky.biz/RB534.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873050
https://risky.biz/RB534
|
Mar 13, 2019 |
Risky Business #533 -- Ghidra release, NSA discontinues metadata program and more
http://media2.risky.biz/RB533.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873051
https://risky.biz/RB533
|
Mar 06, 2019 |
Risky Biz Soap Box: PRODUCT LAUNCH: Backstory by Alphabet's Chronicle
http://media2.risky.biz/soapbox22.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873052
https://risky.biz/soapbox22
|
Mar 04, 2019 |
Risky Business #532 -- A big week of research and tech news
http://media2.risky.biz/RB532.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873053
https://risky.biz/RB532
|
Feb 28, 2019 |
Risky Business #531 -- Australia's political parties targeted, the Witt indictment and more
http://media2.risky.biz/RB531.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873054
https://risky.biz/RB531
|
Feb 20, 2019 |
Risky Business #530 -- UAE's Project Raven, Bezosgate and more
http://media2.risky.biz/RB530.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873055
https://risky.biz/RB530
|
Feb 12, 2019 |
Risky Biz Soap Box: Polyswarm builds a marketplace for AV engines
http://media2.risky.biz/soapbox21.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873056
https://risky.biz/soapbox21
|
Feb 07, 2019 |
Risky Business #529 -- Special guest Rob Joyce, NSA
http://media2.risky.biz/RB529.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873057
https://risky.biz/RB529
|
Feb 05, 2019 |
Risky Business #528 -- Huawei dinged, epic FaceTime and Exchange bugs
http://media2.risky.biz/RB528.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873058
https://risky.biz/RB528
|
Jan 29, 2019 |
Risky Business #527 -- Featuring Alex Stamos, The Grugq, Susan Hennessey, Brian Krebs, Kelly Shortridge and Bobby Chesney
http://media2.risky.biz/RB527.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873059
https://risky.biz/RB527
|
Jan 22, 2019 |
Risky Business #526 -- Huawei arrest in Poland, DPRK SWIFT hack conviction, more from the El Chapo trial
http://media2.risky.biz/RB526.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873060
https://risky.biz/RB526
|
Jan 15, 2019 |
Risky Business #525 -- Back on deck for 2019!
http://media2.risky.biz/RB525.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873061
https://risky.biz/RB525
|
Jan 09, 2019 |
Risky Biz Soap Box: From 2 billion events to 350 alerts with Respond Software
http://media2.risky.biz/soapbox20.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873062
https://risky.biz/soapbox20
|
Dec 14, 2018 |
Risky Business #524 -- Huawei CFO arrested, US Government dumps on Equifax
http://media2.risky.biz/RB524.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
11873063
https://risky.biz/RB524
|
Dec 12, 2018 |
