Risky Business #611 -- MalwareBytes the latest "Holiday Bear" victim
https://chtbl.com/track/383384/media3.risky.biz/RB611.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
13215348897
https://risky.biz/RB611
On this week’s show Dmitri Alperovitch, Sherrod DeGrippo and Joe Slowik join host Patrick Gray to talk through the week’s news:
- MalwareBytes the latest victim in the increasingly poorly-named “SolarWinds campaign”
- FireEye issues helpful guidance, tools, to help orgs detect “golden SAML” and related techniques
- Rob Joyce, Anne Neuberger, Michael Sulmeyer all get promoted! Wooo!
- Much, much more
This week’s show is brought to you by Airlock Digital. They make what we’re calling an execution control platform. Its central feature is easy-to-use and hard-to-bypass allowlisting. It’s a bunch of sensible and useable controls packaged up into a 7Mb. It slices, it dices, it slays lolbins and user powershell rights, and it comes in a beautiful suede pouch! It’s the endpoint protection you get when it’s built by practitioners in concert with people who actually understand windows internals. That’s right! Patrick is drinking the Kool-Aid on this one! Airlock founders Dave Cottingham and Daniel Schell join in this week’s sponsor interview to talk through allow-listings second wave of popularity.
Links to everything are below!
|
Jan 20, 2021 |
Risky Business #610 -- Propellerheads in dark on JetBrains
https://chtbl.com/track/383384/media3.risky.biz/RB610.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
12679637886
https://risky.biz/RB610
Joe Slowik and Katie Nickels are guest co-hosts in this week’s edition of the show. They join Patrick Gray to talk about:
- Mimecast having some stolen certificate, errr, “problems”
- The confusing reports about JetBrains
- Analysis of the malware used in the SolarWinds campaign
- Australian man arrested in Germany and charged with running DarkMarket
- The Great Deplatforming of 2021
This week’s show is brought to you by Gigamon.
If you’re a Gigamon shop you should really take a look at their ThreatInsight platform, that’s a no brainer. Even if you’re not, they’re real players in the network detection and response space. Joining us in this week’s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.
Links to everything that we discussed are below and you can follow Patrick, Katie or Joe on Twitter if that’s your thing.
|
Jan 13, 2021 |
Risky Biz Soap Box: Mapping NIST 800-53 to MITRE ATT&CK
https://chtbl.com/track/383384/media3.risky.biz/soapbox48.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
12618686764
https://risky.biz/soapbox48
These Soap Box editions of the show are wholly sponsored. If that’s not your thing and you’re looking for the weekly news edition of the show, just scroll one show back in your feed.
This soap box edition is brought to you by AttackIQ. They make a Breach and Attack Simulation platform that’s designed to test the effectiveness of your security controls by simulating bad things in your environment.
Carl Wright and Jonathan Reiber are joining us in this edition of the show. These days he’s AttackIQ’s senior director of cybersecurity and strategy but he previously served as a former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense.
They joined the show to talk through their work in mapping NIST 800-53 to the MITRE ATT&CK framework. Enjoy!
|
Jan 12, 2021 |
Risky Business #609 -- It's not NotPetya
https://chtbl.com/track/383384/media3.risky.biz/RB609.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
12161686191
https://risky.biz/RB609
On this week’s show, Patrick Gray talks to Joe Slowik and Dmitri Alperovitch about the APT campaign that impacted the US government and FireEye via SolarWinds’ supply chain.
Alex Stamos also joins the show to chime in more generally on supply chain interference before discussing some other news, like:
- Apple losing (most of) its case against Corellium
- Assange won’t be extradited… yet
- Adobe has finally killed Flash, and killed it good
This week’s show is brought to you by Signal Sciences. In this week’s sponsor interview we’ll be talking to a Signal Sciences customer, Doug DePerry. He heads product security at the Gemini cryptocurrency exchange. We’ll be talking to him about what that’s like because those sort of outfits tend to attract decent attackers.
Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing.
|
Jan 06, 2021 |
Risky Business #608 -- FireEye discloses breach and tool exfil
https://chtbl.com/track/383384/media3.risky.biz/RB608.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
10202668520
https://risky.biz/RB608
On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:
- FireEye’s Very Bad Week
- Russian bears all up in your VMwares
- Chris Krebs sues Trump campaign
- Foxconn ransomware
- So much more
Proofpoint’s Ryan Kalember is this week’s sponsor guest. He joins the show to talk about their rather different approach to DLP and insider threat detection. You may have noticed we don’t really talk about DLP a whole bunch on this show because it’s, well, really boring. But Proofpoint actually has an interesting approach to the problem that’s different enough to be interesting, so do stick around for that.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Dec 09, 2020 |
Risky Biz Soap Box: VMRay co-founders on the evolution of sandbox tech
https://chtbl.com/track/383384/media3.risky.biz/soapbox47.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
10064883326
https://risky.biz/soapbox47
Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.
VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.
|
Dec 07, 2020 |
Risky Business #607 -- Trump lawyer calls for Krebs' execution, ransomware insurance getting wobbly
https://chtbl.com/track/383384/media3.risky.biz/RB607.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
9737005438
https://risky.biz/RB607
On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:
- ORIGINAL: Ransomware insurance payouts are looking pretty unsustainable
- Trump lawyer calls for Chris Krebs’ execution
- Hunger relief charity loses $1m to BEC
- Supreme court weighs CFAA
- Much, much more!
This week’s sponsor interview is with Marc Rogers, Okta’s Executive Director of Cybersecurity. Marc is also heavily involved with the CTI League, a group of infosec professionals who banded together early this year to try to do some good. They’re cyber do gooders! They’ve chalked up some wins and helped out a bunch of organisations, and in the process Marc and his compadres have also been well positioned to observe changes in the ransomware landscape. He joins us in this week’s sponsor interview to talk through that.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Dec 02, 2020 |
Risky Business #606 -- BEC nukes Australian hedge fund
https://chtbl.com/track/383384/media3.risky.biz/RB606.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
9316746009
https://risky.biz/RB606
On this week’s show Patrick and Mark Piper discuss the week’s security news, including:
- UK unveils Cyber Force
- US passes surprisingly sane IoT security law
- Symantec drops some APT10 research
- MobileIron bugs getting a decent workout courtesy of state-backed attackers
- Much, much more…
This week’s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare – technology wise – as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.
Links to everything that we discussed are below and you can follow Patrick or Pipes on Twitter if that’s your thing.
|
Nov 25, 2020 |
Risky Biz Soap Box: Bugcrowd CEO Ashish Gupta
https://chtbl.com/track/383384/media3.risky.biz/soapbox46.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
9056563541
https://risky.biz/soapbox46
This is not an edition of the weekly news show, scroll back one episode in your podcast feed if you’re looking for that. Rhis is a wholly sponsored podcast brought to you by Bugcrowd.
Bugcrowd’s CEO Ashish Gupta joins us in this edition of the Soap Box. He’s been the CEO over there for about three years, taking the reins from our friend Casey Ellis who moved into the CTO position.
As you’re about to hear, the bug bounty companies have moved on from the days when they just provided the simple service of running bug bounty competitions for their clients. What’s emerging is a much more nuanced product mix designed to extract as much usefulness as possible out of the testers registered on their platforms.
|
Nov 19, 2020 |
Risky Business #605 -- Trump fires CISA director Chris Krebs
https://chtbl.com/track/383384/media3.risky.biz/RB605.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8948251480
https://risky.biz/RB605
On this week’s show Patrick and Adam discuss the week’s security news, including:
- CISA director Chris Krebs fired
- Trump ramps up his disinformation campaign
- TikTok ban stalls
- BlackBerry discovers new hacker-for-hire crew
- DNS cache poisoning is back. But do we really care?
- Much, much more
This week’s show is brought to you by Thinkst Canary. Thinkst’s founder Haroon Meer will be along in this week’s show to talk a bit about security product design. Canary has been remarkably restrained over the years. Instead of trying to use their success as a platform to launch a million other products, they’ve spent more time really working on design and usability. He’ll join us to talk through all of that.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Nov 18, 2020 |
Risky Business #604 -- Election-related cyber shenanigans fail to materialise
https://chtbl.com/track/383384/media3.risky.biz/RB604.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8753632303
https://risky.biz/RB604
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Zoom settles with FTC over misleading E2EE claim
- Some poor sod had to give up $1bn in Bitcoin
- Solaris SSH 0day? Let’s party like it’s 1999
- Samy Kamkar’s latest trick: NAT Slipstreaming
- Australia’s hardcore critical infrastructure protection bill
- Much, much more
This week’s show is brought to you by Remediant. Company co-founder Paul Lanzi joins the show in this week’s sponsor interview to talk about how they’ve been helping companies recover from ransomware attacks. Maybe listen to this one. You know. Just in case you find yourself in that situation one day?
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Nov 11, 2020 |
Risky Business #603 -- YOU get sanctions, and YOU get sanctions
https://chtbl.com/track/383384/media3.risky.biz/RB603.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8349737601
https://risky.biz/RB603
On this week’s show Patrick and Adam discuss the week’s security news, including:
- “Proud Boys” email campaign attributed to Iran in record time
- Sanctions for everyone!
- US doxes more adversary TTPs
- Katie Nickels and Chris Krebs join the show
This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
- CISA, FBI roll the dice on transparency - Risky Business
- Exclusive: 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources | Reuters
- FBI News Conference on Election Security | C-SPAN.org
- Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong
- Why the US was so fast to blame Iran for voter intimidation emails in Florida
- US Treasury sanctions 5 Iranian organizations for alleged election influence operations
- 'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
- The US Sanctions Russians for Potentially ‘Fatal’ Triton Malware | WIRED
- EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack
- DOD, FBI, DHS warn of active North Korean government-linked hacking operation
- FBI, CISA: Russian hackers breached US government networks, exfiltrated data | ZDNet
- The Hunter Biden laptop could be fake. Or it could be real. We may never know. - The Washington Post
- Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election | Reuters
- Phishing groups are collecting user data, email and banking passwords via fake voter registration forms | ZDNet
- (1) John Hultquist on Twitter: "If the hackers claim to be criminal and there’s no way to pay them, that raises doubt. Likewise, if they claim to be ideological and ask for money..." / Twitter
- Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals
- Dr. Reddy's shuts 'key' plants worldwide after potential cyberattack hits COVID work | FiercePharma
- Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts
- A Hacker Is Threatening to Leak Patients' Therapy Notes | WIRED
- Tech giants among those affected by breach at PDF signature software maker Nitro | The Daily Swig
- Massive Nitro data breach impacts Microsoft, Google, Apple, more
- 404 Error | Nitro
- Hacker steals $24 million from cryptocurrency service 'Harvest Finance' | ZDNet
- MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states | ZDNet
- (3) Patrick Gray on Twitter: "Wooo... about time" / Twitter
- Apple notarizes six malicious apps posing as Flash installers | ZDNet
- The Now-Defunct Firms Behind 8chan, QAnon — Krebs on Security
- CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant
- Over 100 irrigation systems left exposed online without a password | ZDNet
- Microsoft launches machine learning cyber-attack threat matrix | The Daily Swig
- WordPress deploys forced security update for dangerous bug in popular plugin | ZDNet
- NSA whistleblower Edward Snowden granted permanent residency in Russia | ZDNet
- Process Herpaderping | herpaderping
|
Oct 28, 2020 |
Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform
https://chtbl.com/track/383384/media3.risky.biz/snakeoilers12pt2.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8174333205
https://risky.biz/snakeoilers12pt2
In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:
- Gravwell pitches its “structure on read” approach to SIEM
- Plextrac describes its red team/pentest reporting platform
- ITProTV’s Don Pezet talks about trends in online training
|
Oct 22, 2020 |
Risky Business #602 -- US DoJ hooks Sandworm
https://chtbl.com/track/383384/media3.risky.biz/RB602.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
8152999581
https://risky.biz/RB602
On this week’s show Patrick and Adam discuss the week’s security news, including:
- US DoJ unseals indictments against Sandworm operators
- Twitter backtracks on “hacked materials” policy
- No consensus on Trickbot c2 status
- NSA publishes “most exploited” listicle that’s actually interesting
- Much, much more
Cmd Security is this week’s sponsor. Its CEO Jake King and CTO Mike Sample join the show this week to talk though a new remote access tech release from Hashicorp called Boundary and what it might mean for Linux system observability in your environment.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 21, 2020 |
Risky Business #601 -- Everyone's messing with TrickBot
https://chtbl.com/track/383384/media3.risky.biz/RB601.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7950874309
https://risky.biz/RB601
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Yep, it was Cyber Command
- Also Microsoft, Symantec, Lumen and others
- Norwegian parliament hack pinned on Russia
- We finally talk about “ethics in OST”
- More
Netflix senior security engineer Scott Behrens also joins the show this week. This week’s episode if brought to you by Signal Sciences – which is now a part of Fastly – and they suggested we talk to Scott for their sponsor slot this week. So, Scott joins the show to talk through how Netflix handles appsec.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 14, 2020 |
Snake Oilers 12 Part 1: An incident management platform for the SOC and auditing for your SaaS accounts
https://chtbl.com/track/383384/media3.risky.biz/snakeoilers12pt1.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7897475568
https://risky.biz/snakeoilers12pt1
In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:
- Vaughan Shanks pitches the Cydarm SOC incident management platform
- Adrian Kitto introduces Detexian, a platform that audits SaaS accounts
- Eric Skinner from Trend Micro talks about XDR
|
Oct 12, 2020 |
Risky Business #600 -- Who's messing with TrickBot?
https://chtbl.com/track/383384/media3.risky.biz/RB600.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7767448300
https://risky.biz/RB600
On this week’s show Patrick and Adam discuss the week’s security news, including:
- The UHS ransomware attack
- Someone is messing with TrickBot: Did the USA release the hounds?
- US Treasury issues final warning on sanctioned ransomware crews
- Azerbaijan and Armenia going at it
- Fancy Bear owns US government department
Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Oct 07, 2020 |
Risky Biz special guest: Former Australian Prime Minister Malcolm Turnbull
https://chtbl.com/track/383384/media3.risky.biz/HF8.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7571867204
https://risky.biz/HF8
This edition of the show is brought to you with the assistance the Hewlett Foundation, which awarded us a grant so we could do these policy-focussed podcasts.
Malcolm Bligh Turnbull served as a member of Parliament from 2004 until 2018, and as Prime Minister from September 2015 until August 2018. But he has been a public figure in Australia for decades. He’s an Oxford-educated lawyer who studied there under a Rhodes scholarship, he’s worked as a journalist, as the personal lawyer to Australian media baron Kerry Packer and was a leader of the ultimately unsuccessful campaign to make Australia a republic in the 1990s.
He can also list a number of achievements in the business world. In 1994 he invested half a million dollars into Australian ISP Ozemail, selling his stake to Worldcom in 1999 for $57m.
As you’ll hear, now he’s returned to private life Turnbull is investing in technology again. He joined the show to talk about cybersecurity in government, Huawei, the 2016 hack-and-leak operation against the DNC – which took place while he was PM – and more.
|
Sep 30, 2020 |
Risky Biz Soap Box: Identity as the new perimeter
https://chtbl.com/track/383384/media3.risky.biz/soapbox45.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7387466211
https://risky.biz/soapbox45
As regular listeners know, these Soap Box podcasts are wholly sponsored. That means everyone you hear in a Soap Box podcast, paid to be here. But that’s ok, because we manage to book very interesting guests into these things, like today’s guest, Sami Laine.
Officially he’s Okta’s director of technology strategy – but informally he describes his role as being more like a principal security architect.
He joins us to talk about identity as the new perimeter and the massive leap we’ve towards a zero trust future through 2020.
|
Sep 23, 2020 |
Risky Business #599 -- You get domain admin! And YOU get domain admin!
https://chtbl.com/track/383384/media3.risky.biz/RB599.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
7189180218
https://risky.biz/RB599
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Russia, China, Iran having a red hot go at US political orgs
- Crowdstrike drops report, telcos having a bad time
- MSS owning US government with dumb bugs
- DoJ indicts Iranian script kiddie because reasons
- Proposed TikTok-Oracle deal barely makes sense
- The mother of all Microsoft auth bugs, wow
- Much, much more…
This week’s show is brought to you by Senetas. And we’ve got two sponsor guests for you this week: Senetas CTO Julian Fay will join us, as will Peter Farrely of AUCloud. Senetas uses AUCloud as a partner for its Suredrop file sharing and collaboration platform here in Oz, and Pete is joining us this week to talk through the new Cloud Assessment and Authorisation Framework published by the ACSC. If you work in Australian government IT and security, this one’s for you!
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 16, 2020 |
Risky Business #598 -- China closing the "cyber gap" with USA
https://chtbl.com/track/383384/media3.risky.biz/RB598.mp3
https://images.podcastrepublic.net/podcast/216478078hd.jpg
6975223002
https://risky.biz/RB598
On this week’s show Patrick and Adam discuss the week’s security news, including:
- Why integrity and availability are key to developing a COVID vaccine
- China closing the “cyber gap” with USA
- ASPI publishes research on TikTok, WeChat censorship
- Belarusian “news app” was tracking activists
- Julian Assange back in court to fight extradition
- Much, much more
This week’s show is brought to you by Proofpoint, and this week’s sponsor guest is Proofpoint’s senior director of threat research Sherrod DeGrippo. She’ll be telling us about the emergence of some new mid-tier ransomware crews that are targeting people who speak Russian, which is kind of unusual.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
|
Sep 09, 2020 |