Risky Business

By Patrick Gray

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in Apple Podcasts

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 1111
Reviews: 2

 Jul 13, 2020

 Oct 10, 2018


Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Episode Date
Risky Business #611 -- MalwareBytes the latest "Holiday Bear" victim

On this week’s show Dmitri Alperovitch, Sherrod DeGrippo and Joe Slowik join host Patrick Gray to talk through the week’s news:

  • MalwareBytes the latest victim in the increasingly poorly-named “SolarWinds campaign”
  • FireEye issues helpful guidance, tools, to help orgs detect “golden SAML” and related techniques
  • Rob Joyce, Anne Neuberger, Michael Sulmeyer all get promoted! Wooo!
  • Much, much more

This week’s show is brought to you by Airlock Digital. They make what we’re calling an execution control platform. Its central feature is easy-to-use and hard-to-bypass allowlisting. It’s a bunch of sensible and useable controls packaged up into a 7Mb. It slices, it dices, it slays lolbins and user powershell rights, and it comes in a beautiful suede pouch! It’s the endpoint protection you get when it’s built by practitioners in concert with people who actually understand windows internals. That’s right! Patrick is drinking the Kool-Aid on this one! Airlock founders Dave Cottingham and Daniel Schell join in this week’s sponsor interview to talk through allow-listings second wave of popularity.

Links to everything are below!

Show notes

Malwarebytes said it was hacked by the same group who breached SolarWinds | ZDNet
Fourth malware strain discovered in SolarWinds incident | ZDNet
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers | ZDNet
Hackers alter stolen regulatory data to sow mistrust in COVID-19 vaccine | Ars Technica
Rob Joyce named new NSA cybersecurity director - CyberScoop
Biden team taps NSA Cybersecurity Director Anne Neuberger for NSC - CyberScoop
Michael Sulmeyer, who held cyber posts under Trump and Obama, gets Biden White House gig
Airbnb to Cancel All DC Bookings in Inauguration Week
CISA tells agencies to consider ad blockers to fend off 'malvertising'
Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet
Iranian cyberspies behind major Christmas SMS spear-phishing campaign | ZDNet
Joker's Stash, the internet's largest carding forum, is shutting down | ZDNet
After judge orders release of hacker tied to ISIS, US says 'Not so fast'
A security researcher commandeered a country’s expired top-level domain to save it from hackers | TechCrunch
Scam-as-a-Service operation made more than $6.5 million in 2020 | ZDNet
Signal endures 'technical difficulties' amid new popularity - CyberScoop
Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware | The Daily Swig
Critical zero-day RCE in Microsoft Office 365 awaits third security patch | The Daily Swig
FBI investigating whether woman stole laptop from Pelosi's office to sell it to Russia - POLITICO
Linux Mint fixes screensaver bypass discovered by two kids | ZDNet
Text of a Letter to the Speaker of the House of Representatives and the President of the Senate | The White House
Request an Airlock Product Demonstration - Airlock Digital
Jan 20, 2021
Risky Business #610 -- Propellerheads in dark on JetBrains

Joe Slowik and Katie Nickels are guest co-hosts in this week’s edition of the show. They join Patrick Gray to talk about:

  • Mimecast having some stolen certificate, errr, “problems”
  • The confusing reports about JetBrains
  • Analysis of the malware used in the SolarWinds campaign
  • Australian man arrested in Germany and charged with running DarkMarket
  • The Great Deplatforming of 2021

This week’s show is brought to you by Gigamon.

If you’re a Gigamon shop you should really take a look at their ThreatInsight platform, that’s a no brainer. Even if you’re not, they’re real players in the network detection and response space. Joining us in this week’s sponsor interview is Jason Tesarz, a senior product manager for Gigamon ThreatInsight. He joined the show to talk about a few things, like how these days the NDR vendors are competing more around their workflows than trying to be the most comprehensive in detection.

Links to everything that we discussed are below and you can follow Patrick, Katie or Joe on Twitter if that’s your thing.

Show notes

Mimecast says hackers abused one of its certificates to access Microsoft accounts | ZDNet
JetBrains denies being involved in SolarWinds hack | ZDNet
Federal courts are latest apparent victim of SolarWinds hack
CISA: SolarWinds hackers also used password guessing to breach targets | ZDNet
Sealed U.S. Court Records Exposed in SolarWinds Breach — Krebs on Security
The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group | WIRED
(1) New Message!
SolarWinds hires Chris Krebs, Alex Stamos to boost security in wake of suspected Russian hack - CyberScoop
Exclusive: FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack - sources | Reuters
DarkMarket: world's largest illegal dark web marketplace taken down | Europol
Rioters Had Physical Access to Lawmakers’ Computers. How Bad Is That?
Trump Is Permanently Suspended From Twitter
Facebook bans Trump indefinitely; risks 'simply too great,' Zuckerberg says - CyberScoop
Amazon boots Parler from web hosting service over violent content - CyberScoop
Google removes Parler app from Play Store | ZDNet
Twitter purges QAnon accounts; Facebook targets 'Stop the Steal' - CyberScoop
Some ransomware gangs are going after top execs to pressure companies into paying | ZDNet
Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data | WIRED
Hackers can clone Google Titan 2FA keys using a side channel in NXP chips | Ars Technica
Encrypted Client Hello: Upcoming Firefox 85 rollout builds momentum for ESNI successor | The Daily Swig
Telegram feature exposes your precise address to hackers | Ars Technica
WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app | Ars Technica
More Chinese apps attract a ban from a presidential administration on the way out
China CCP to Nationalize Jack Ma's Alibaba and Ant Group - Report
CES 2021: Intel adds ransomware detection capabilities at the silicon level | ZDNet
Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes | Threatpost
Fortinet updates web application firewall to protect against SQL injection, denial-of-service attacks | The Daily Swig
Gigamon ThreatINSIGHT| Network Detection and Response | Gigamon
Jan 13, 2021
Risky Biz Soap Box: Mapping NIST 800-53 to MITRE ATT&CK

These Soap Box editions of the show are wholly sponsored. If that’s not your thing and you’re looking for the weekly news edition of the show, just scroll one show back in your feed.

This soap box edition is brought to you by AttackIQ. They make a Breach and Attack Simulation platform that’s designed to test the effectiveness of your security controls by simulating bad things in your environment.

Carl Wright and Jonathan Reiber are joining us in this edition of the show. These days he’s AttackIQ’s senior director of cybersecurity and strategy but he previously served as a former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense.

They joined the show to talk through their work in mapping NIST 800-53 to the MITRE ATT&CK framework. Enjoy!

Jan 12, 2021
Risky Business #609 -- It's not NotPetya

On this week’s show, Patrick Gray talks to Joe Slowik and Dmitri Alperovitch about the APT campaign that impacted the US government and FireEye via SolarWinds’ supply chain.

Alex Stamos also joins the show to chime in more generally on supply chain interference before discussing some other news, like:

  • Apple losing (most of) its case against Corellium
  • Assange won’t be extradited… yet
  • Adobe has finally killed Flash, and killed it good

This week’s show is brought to you by Signal Sciences. In this week’s sponsor interview we’ll be talking to a Signal Sciences customer, Doug DePerry. He heads product security at the Gemini cryptocurrency exchange. We’ll be talking to him about what that’s like because those sort of outfits tend to attract decent attackers.

Links to everything that we discussed are below and you can follow Patrick on Twitter if that’s your thing.

Jan 06, 2021
Risky Business #608 -- FireEye discloses breach and tool exfil

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:

  • FireEye’s Very Bad Week
  • Russian bears all up in your VMwares
  • Chris Krebs sues Trump campaign
  • Foxconn ransomware
  • So much more

Proofpoint’s Ryan Kalember is this week’s sponsor guest. He joins the show to talk about their rather different approach to DLP and insider threat detection. You may have noticed we don’t really talk about DLP a whole bunch on this show because it’s, well, really boring. But Proofpoint actually has an interesting approach to the problem that’s different enough to be interesting, so do stick around for that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

U.S. cybersecurity firm FireEye discloses breach, theft of hacking tools | Reuters
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability | ZDNet
Former CISA director Chris Krebs sues Trump campaign, lawyer after death threats
Foxconn electronics giant hit by ransomware, $34 million ransom
Ransomware attack may delay scheduled procedures at Baltimore-area medical center
Ransomware attack cripples Vancouver public transportation agency | ZDNet
Ransomware hits helicopter maker Kopter | ZDNet
Ransomware gang Egregor publishes details from HR firm Randstand following hack
Ransomware gangs are now cold-calling victims if they restore from backups without paying | ZDNet
The Internet’s Most Notorious Botnet Has an Alarming New Trick | WIRED
Hackers leak data from Embraer, world's third-largest airplane maker | ZDNet
Data of 243 million Brazilians exposed online via website source code | ZDNet
North Korean hackers ramp up coronavirus vaccine targeting
Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day | ZDNet
Hackers Are Targeting the Covid-19 Vaccine ‘Cold Chain’ | WIRED
Disputed bug in Microsoft Teams posed RCE risk, researcher warns | The Daily Swig
iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever | Ars Technica
Critical Flaws in Millions of IoT Devices May Never Get Fixed | WIRED
8% of all Google Play apps vulnerable to old security bug | ZDNet
A Broken Piece of Internet Backbone Might Finally Get Fixed | WIRED
Meet ODoH, where privacy means just not knowing anything
BTC-e founder sentenced to five years in prison for laundering ransomware funds | ZDNet
Hacker who sent information on US personnel to Islamic State is freed by judge
Kazakhstan government is intercepting HTTPS traffic in its capital | ZDNet
Dell announces new protections for its PC and server supply chain | ZDNet
Massachusetts lawmakers vote to pass a statewide police ban on facial recognition | TechCrunch
Account Hijacking Site OGUsers Hacked, Again — Krebs on Security
Russian bears all up in your VMwares - Risky Business
Hacker opens 2,732 PickPoint package lockers across Moscow | ZDNet
Dec 09, 2020
Risky Biz Soap Box: VMRay co-founders on the evolution of sandbox tech

Soap Box podcasts like this one are wholly sponsored. This edition of the Soap Box is brought to you by VMRay. They make a virtualised sandbox that initially found a market with DFIR professionals, but these days is being used for all sorts of things.

VMRay’s cofounders – CEO Carsten Willems and CTO Ralf Hund – joined host Patrick Gray to talk through the history of the sandbox tech arms race.

Dec 07, 2020
Risky Business #607 -- Trump lawyer calls for Krebs' execution, ransomware insurance getting wobbly

On this week’s show Patrick and Adam Boileau discuss the week’s security news, including:

  • ORIGINAL: Ransomware insurance payouts are looking pretty unsustainable
  • Trump lawyer calls for Chris Krebs’ execution
  • Hunger relief charity loses $1m to BEC
  • Supreme court weighs CFAA
  • Much, much more!

This week’s sponsor interview is with Marc Rogers, Okta’s Executive Director of Cybersecurity. Marc is also heavily involved with the CTI League, a group of infosec professionals who banded together early this year to try to do some good. They’re cyber do gooders! They’ve chalked up some wins and helped out a bunch of organisations, and in the process Marc and his compadres have also been well positioned to observe changes in the ransomware landscape. He joins us in this week’s sponsor interview to talk through that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransom payouts spell trouble for insurers - Risky Business
Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack - The New York Times
It's hard to keep a big botnet down: TrickBot sputters back toward full health
(4) Chris Bing on Twitter: "It's insane for a lawyer of the President to casually mention that a former government official should be killed. And then doubly insane to see no broad condemnation from republican lawmakers." / Twitter
Researchers Find Powerful Cellphone Location Surveillance in Europe, Middle East, Australia
Microsoft links Vietnamese state hackers to crypto-mining malware campaign | ZDNet
MacOS backdoor appears to be update of tool previously used by Vietnam-linked group
Philly hunger relief group Philabundance lost nearly $1 million in cyberattack
FBI warns of email forwarding rules being abused in recent hacks | ZDNet
Three members of TMT cybercrime group arrested in Nigeria | ZDNet
Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date
Google security researcher banned from Call of Duty: Modern Warfare after ‘reverse engineering networking code’ | The Daily Swig
Getting Banned for Security Research | nedwill’s security blog
Bug Allowed Hackers to Get Anyone’s Email Address on Xbox Live
Malicious npm packages caught installing remote access trojans | ZDNet
Drupal inherits critical file archiving library flaw | The Daily Swig
2FA bypass discovered in web hosting software cPanel | ZDNet
Microsoft removes 18 malicious Edge extensions for injecting ads into web pages | ZDNet
Global Volunteer Cyberthreat Community-CERT | CTI League
Dec 02, 2020
Risky Business #606 -- BEC nukes Australian hedge fund

On this week’s show Patrick and Mark Piper discuss the week’s security news, including:

  • UK unveils Cyber Force
  • US passes surprisingly sane IoT security law
  • Symantec drops some APT10 research
  • MobileIron bugs getting a decent workout courtesy of state-backed attackers
  • Much, much more…

This week’s show is brought to you by ExtraHop Networks. Its VP of Security, Matt Cauthorn, joins the show this week to talk about how we might fare – technology wise – as COVID-19 cases spiral out of control in some parts of the world. With most of the heavy lifting on accelerated cloud adoption and work-from-home already done, Matt thinks the IT side of things is much better prepared for a second major pandemic-induced disruption than it was back in March.

Links to everything that we discussed are below and you can follow Patrick or Pipes on Twitter if that’s your thing.

Show notes

UK formally unveils GCHQ's offensive cyber-operation shop
After years of work, Congress passes 'internet of things' cybersecurity bill — and it's kind of a big deal
Symantec implicates APT10 in sweeping hacking campaign against Japanese firms
State-sponsored hackers try to exploit flaw in popular mobile software, UK warns
The malware that usually installs ransomware and you need to remove right away | ZDNet
Biotech research firm Miltenyi Biotec hit by ransomware, data leaked
Ransomware attack forces web hosting provider Managed.com to take servers offline | ZDNet
Hacker leaks the user data of event management app Peatix | ZDNet
Fake Zoom invite cripples Aussie hedge fund with $8m hit
Tradies frustrated by banks as business email scam costs them $51,000 - ABC News
Australia’s spy agencies caught collecting COVID-19 app data | TechCrunch
This Bluetooth Attack Can Steal a Tesla Model X in Minutes | WIRED
Baidu's Android apps caught collecting sensitive user details | ZDNet
Double-dipping scammers don't need malware to grab card numbers and turn a profit, report says
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services — Krebs on Security
Liquid crypto-exchange says hacker accessed internal network, stole user data | ZDNet
New WAPDropper malware abuses Android devices for WAP fraud | ZDNet
Google Is Testing End-to-End Encryption in Android Messages | WIRED
Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn | Ars Technica
A Facebook Messenger Flaw Could Have Let Hackers Listen In | WIRED
Cisco Webex bugs allow attackers to join meetings as ghost users | ZDNet
Exploitation of Cisco Security Manager RCE flaws ‘imminent’ | The Daily Swig
Minor controversy erupts over chained iOS exploit that harvests researchers’ crash dumps | The Daily Swig
Patrick Gray on Twitter: "Have a read of their security expert’s website. Seriously. Check out the services page: https://t.co/w5Nv9zeeWE https://t.co/F2bwzK9n8G" / Twitter
Office of National Intelligence - IT Systems Engineer
Nov 25, 2020
Risky Biz Soap Box: Bugcrowd CEO Ashish Gupta

This is not an edition of the weekly news show, scroll back one episode in your podcast feed if you’re looking for that. Rhis is a wholly sponsored podcast brought to you by Bugcrowd.

Bugcrowd’s CEO Ashish Gupta joins us in this edition of the Soap Box. He’s been the CEO over there for about three years, taking the reins from our friend Casey Ellis who moved into the CTO position.

As you’re about to hear, the bug bounty companies have moved on from the days when they just provided the simple service of running bug bounty competitions for their clients. What’s emerging is a much more nuanced product mix designed to extract as much usefulness as possible out of the testers registered on their platforms.

Nov 19, 2020
Risky Business #605 -- Trump fires CISA director Chris Krebs

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • CISA director Chris Krebs fired
  • Trump ramps up his disinformation campaign
  • TikTok ban stalls
  • BlackBerry discovers new hacker-for-hire crew
  • DNS cache poisoning is back. But do we really care?
  • Much, much more

This week’s show is brought to you by Thinkst Canary. Thinkst’s founder Haroon Meer will be along in this week’s show to talk a bit about security product design. Canary has been remarkably restrained over the years. Instead of trying to use their success as a platform to launch a million other products, they’ve spent more time really working on design and usability. He’ll join us to talk through all of that.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Patrick Gray on Twitter: "The final tweet. I LOVE it that Chris went down swinging. I've gotten to know him a little over the last year and a half, and yeah, he takes his job and mission extremely seriously. The USA has lost a true public servant." / Twitter
Exclusive: Top official on U.S. election cybersecurity tells associates he expects to be fired | Reuters
Lawmakers back CISA chief Krebs after report that he expects to be fired
Trump goes to DEF CON to explain election loss - Risky Business
After Trump tweets Defcon hacking video, voting security experts call BS | Ars Technica
TikTok gets extensions on US sale order, ban enforcement
The untold story of a cyberattack, a hospital and a dying woman | WIRED UK
The ransomware landscape is more crowded than you think | ZDNet
Video game company Capcom details attack, data breach by ransomware gang
Recent ransomware wave targeting Israel linked to Iranian threat actors | ZDNet
Australian government warns of possible ransomware attacks on health sector | ZDNet
Microsoft says three APTs have targeted seven COVID-19 vaccine makers | ZDNet
BlackBerry discovers new hacker-for-hire mercenary group | ZDNet
Mac certificate check stokes fears that Apple logs every app you run | Ars Technica
Apple lets some Big Sur network traffic bypass firewalls | Ars Technica
How the U.S. Military Buys Location Data from Ordinary Apps
Muslim Pro Stops Sharing Location Data After Motherboard Investigation
The iOS Covid App Ecosystem Has Become a Privacy Minefield | WIRED
Australia eyes payment card data for contact tracing - Risky Business
Bumble Vulnerabilities Put Facebook Likes, Locations And Pictures Of 95 Million Daters At Risk
Twitter hires influential hacker Peiter ‘Mudge’ Zatko as security boss
SAD DNS: Researchers pull source code as DNS cache poisoning technique deemed ‘too dangerous’ | The Daily Swig
Facebook link preview feature used as a proxy in website-scraping scheme | ZDNet
FIN7 recruiter Andrii Kolpakov pleads guilty to role in global hacking scheme
Hackers can use just-fixed Intel bugs to install malicious firmware on PCs | Ars Technica
Citrix patches RCE flaw in SD-WAN Center that could lead to network takeover | The Daily Swig
Google patches two more Chrome zero-days | ZDNet
Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation | ZDNet
Nov 18, 2020
Risky Business #604 -- Election-related cyber shenanigans fail to materialise

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Zoom settles with FTC over misleading E2EE claim
  • Some poor sod had to give up $1bn in Bitcoin
  • Solaris SSH 0day? Let’s party like it’s 1999
  • Samy Kamkar’s latest trick: NAT Slipstreaming
  • Australia’s hardcore critical infrastructure protection bill
  • Much, much more

This week’s show is brought to you by Remediant. Company co-founder Paul Lanzi joins the show in this week’s sponsor interview to talk about how they’ve been helping companies recover from ransomware attacks. Maybe listen to this one. You know. Just in case you find yourself in that situation one day?

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Zoom settles FTC charges for misleading users about security features | ZDNet
Someone has transferred ~$1 billion from a bitcoin wallet quiet since 2015 | Ars Technica
The feds just seized Silk Road’s $1 billion stash of bitcoin | Ars Technica
Hacker group uses Solaris zero-day to breach corporate networks | ZDNet
NAT Slipstreaming hack tricks firewalls and routers | The Daily Swig
Australia's hardcore critical infrastructure laws open to challenge - Risky Business
23,600 hacked databases have leaked from a defunct 'data breach index' site | ZDNet
More suspected North Korean malware identified after US alert on Kimsuky hackers
Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed
The many personalities of Lazarus - Risky Business
Windows 10, iOS, Chrome, and many others fall at China's top hacking contest | ZDNet
Linux version of RansomEXX ransomware discovered | ZDNet
Cyberattack on U. of Vermont hospital IT network delays chemotherapy, mammogram appointments
Building wave of ransomware attacks strike U.S. hospitals | Reuters
Why Paying to Delete Stolen Data is Bonkers — Krebs on Security
Israeli companies targeted with new Pay2Key ransomware | ZDNet
Capcom takes systems offline following cyber-attack | The Daily Swig
Company that runs US illegal immigration detention centers discloses ransomware attack | ZDNet
Ransomware Hits Dozens of Hospitals in an Unprecedented Wave | WIRED
Italian beverage vendor Campari knocked offline after ransomware attack | ZDNet
Compal, the second-largest laptop manufacturer in the world, hit by ransomware | ZDNet
Toy maker Mattel discloses ransomware attack | ZDNet
Wisconsin Republicans say last minute hack cost party $2 million meant to reelect Trump
FBI: Hackers stole source code from US government agencies and private companies | ZDNet
Pwned: Deloitte Hacker IQ game forced offline after hack | The Daily Swig
Russian authorities make rare arrest of malware author | ZDNet
CERT/CC launches Twitter bot to give security bugs random names | ZDNet
Oracle publishes rare out-of-band security update for WebLogic servers | ZDNet
Apple fixes three iOS zero-days exploited in the wild | ZDNet
After two zero-days in Chrome desktop, Google patches a third zero-day in the Android version | ZDNet
Google’s Project Zero discloses Windows 0-day that’s been under active exploit | Ars Technica
Google discloses Windows zero-day exploited in the wild | ZDNet
Google patches second Chrome zero-day in two weeks | ZDNet
ACOS/aGalaxy GUI RCE Vulnerability – CVE-2020-24384 – A10 Support
Infamous ‘Hoax’ Artist Behind Trumpworld’s New Voter Fraud Claim
(1) Matthew Gertz (@MattGertz) / Twitter
Nov 11, 2020
Risky Business #603 -- YOU get sanctions, and YOU get sanctions

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • “Proud Boys” email campaign attributed to Iran in record time
  • Sanctions for everyone!
  • US doxes more adversary TTPs
  • Katie Nickels and Chris Krebs join the show

This week’s show is brought to you by attack simulation platform company AttackIQ. Carl Wright from AttackIQ joins us this week to talk about the distinct possibility that large organisations are going to start slashing their security budgets in response to the changing economy.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

CISA, FBI roll the dice on transparency - Risky Business
Exclusive: 'Dumb mistake' exposed Iranian hand behind fake Proud Boys U.S. election emails - sources | Reuters
FBI News Conference on Election Security | C-SPAN.org
Iran’s bogus email campaign on U.S. elections had a Facebook disinformation prong
Why the US was so fast to blame Iran for voter intimidation emails in Florida
US Treasury sanctions 5 Iranian organizations for alleged election influence operations
'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
The US Sanctions Russians for Potentially ‘Fatal’ Triton Malware | WIRED
EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack
DOD, FBI, DHS warn of active North Korean government-linked hacking operation
FBI, CISA: Russian hackers breached US government networks, exfiltrated data | ZDNet
The Hunter Biden laptop could be fake. Or it could be real. We may never know. - The Washington Post
Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election | Reuters
Phishing groups are collecting user data, email and banking passwords via fake voter registration forms | ZDNet
(1) John Hultquist on Twitter: "If the hackers claim to be criminal and there’s no way to pay them, that raises doubt. Likewise, if they claim to be ideological and ask for money..." / Twitter
Justice Department official accuses China of acting as ‘safe haven’ for cybercriminals
Dr. Reddy's shuts 'key' plants worldwide after potential cyberattack hits COVID work | FiercePharma
Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts
A Hacker Is Threatening to Leak Patients' Therapy Notes | WIRED
Tech giants among those affected by breach at PDF signature software maker Nitro | The Daily Swig
Massive Nitro data breach impacts Microsoft, Google, Apple, more
404 Error | Nitro
Hacker steals $24 million from cryptocurrency service 'Harvest Finance' | ZDNet
MobileIron enterprise MDM servers under attack from DDoS gangs, nation-states | ZDNet
(3) Patrick Gray on Twitter: "Wooo... about time" / Twitter
Apple notarizes six malicious apps posing as Flash installers | ZDNet
The Now-Defunct Firms Behind 8chan, QAnon — Krebs on Security
CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant
Over 100 irrigation systems left exposed online without a password | ZDNet
Microsoft launches machine learning cyber-attack threat matrix | The Daily Swig
WordPress deploys forced security update for dangerous bug in popular plugin | ZDNet
NSA whistleblower Edward Snowden granted permanent residency in Russia | ZDNet
Process Herpaderping | herpaderping
Oct 28, 2020
Snake Oilers 12 part 2: Gravwell seeks to shake up SIEM market, Plextrac pitches its pentest reporting platform

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Gravwell pitches its “structure on read” approach to SIEM
  • Plextrac describes its red team/pentest reporting platform
  • ITProTV’s Don Pezet talks about trends in online training
Oct 22, 2020
Risky Business #602 -- US DoJ hooks Sandworm

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • US DoJ unseals indictments against Sandworm operators
  • Twitter backtracks on “hacked materials” policy
  • No consensus on Trickbot c2 status
  • NSA publishes “most exploited” listicle that’s actually interesting
  • Much, much more

Cmd Security is this week’s sponsor. Its CEO Jake King and CTO Mike Sample join the show this week to talk though a new remote access tech release from Hashicorp called Boundary and what it might mean for Linux system observability in your environment.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit | WIRED
UK says Russia was preparing cyber-attacks against the Tokyo Olympics | ZDNet
Sandworm operators indicted - Risky Business
Microsoft says it took down 94% of TrickBot's command and control servers | ZDNet
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers | ZDNet
800,000 SonicWall VPNs vulnerable to new remote code execution bug | ZDNet
New York Post Published Hunter Biden Report Amid Newsroom Doubts - The New York Times
Twitter Says It Blocked NY Post Hunter Biden Article Because It Contains Hacked Data
The Media Just Passed a Test It Failed Four Years Ago | WIRED
Brevard voters threatened in emails purportedly from 'Proud Boys'
Google offers details on Chinese hacking group that targeted Biden campaign
Industry alert pins state, local government hacking on suspected Russian group
New York regulator faults Twitter for lax security measures prior to big account breach
German authorities raid FinFisher offices | ZDNet
Shannon Vavra on Twitter: "Details via @hsu_spencer & @kfahim https://t.co/QTRooHnw0I" / Twitter
Encrochat Hack That Brought Down Hundreds of Criminals Faces Legal Challenges
Hackney Council unable to pay housing benefit after cyber attack | Science & Tech News | Sky News
London's Hackney Borough Council hit by hack attack - BBC News
Hackney Council services to be disrupted ‘for some time’
Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion
QAnon/8Chan Sites Briefly Knocked Offline — Krebs on Security
Alexander Vinnik heads to trial in France on ransomware, money laundering charges
Alleged KickassTorrents founder Artem Vaulin jumped bail in Poland
Thousands of infected IoT devices used in for-profit anonymity service | Ars Technica
Microsoft adds option to disable JScript in Internet Explorer | ZDNet
Zoom to roll out end-to-end encrypted (E2EE) calls | ZDNet
QRadar: Popular IBM security tool open to remote code execution attacks | The Daily Swig
Google releases Chrome security update to patch actively exploited zero-day | ZDNet
Security testing firm NSS Labs ceases operations, citing coronavirus | TechCrunch
Ryuk in 5 Hours – The DFIR Report
Oct 21, 2020
Risky Business #601 -- Everyone's messing with TrickBot

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Yep, it was Cyber Command
  • Also Microsoft, Symantec, Lumen and others
  • Norwegian parliament hack pinned on Russia
  • We finally talk about “ethics in OST”
  • More

Netflix senior security engineer Scott Behrens also joins the show this week. This week’s episode if brought to you by Signal Sciences – which is now a part of Fastly – and they suggested we talk to Scott for their sponsor slot this week. So, Scott joins the show to talk through how Netflix handles appsec.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Report: U.S. Cyber Command Behind Trickbot Tricks — Krebs on Security
Persistently Engaging TrickBot: USCYBERCOM Takes on a Notorious Botnet - Lawfare
(1) Ciaran Martin on Twitter: "Fascinating account from ⁦@BobbyChesney⁩ on new adaptation of persistent engagement: the hounds released against #ransomware. https://t.co/Dk5Spcjkmy" / Twitter
Trickbot and the Context of Cyber Warfare – Stranded on Pylos
TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent | ZDNet
The Man Who Speaks Softly—and Commands a Big Cyber Army | WIRED
FBI/DHS: Government election systems face threat from active Zerologon exploits | Ars Technica
DHS warns that Emotet malware is one of the most prevalent threats today | Ars Technica
Norway says Russian hackers carried out breach at parliament
Russian-speaking hackers target Russian organizations with industrial spying tools
Chinese hackers suspected in cyber-espionage operation against Russia, India
'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows | Reuters
Lined up in the sights of Vietnamese hackers
Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet
Cyber Command and Microsoft pile in on TrickBot - Risky Business
Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux – Sophos News
German tech giant Software AG down after ransomware attack | ZDNet
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work — Krebs on Security
Malware gangs love open source offensive hacking tools | ZDNet
Researchers map threat actors’ use of open source offensive security tools | The Daily Swig
Researchers Found 55 Flaws in Apple's Corporate Network | WIRED
Swiss Post releases bug bounty safe harbor wording under Creative Commons license | The Daily Swig
Oct 14, 2020
Snake Oilers 12 Part 1: An incident management platform for the SOC and auditing for your SaaS accounts

In this (wholly sponsored) edition of the Snake Oilers podcast, three vendors will drop by to pitch their sweet, sweet snake oil:

  • Vaughan Shanks pitches the Cydarm SOC incident management platform
  • Adrian Kitto introduces Detexian, a platform that audits SaaS accounts
  • Eric Skinner from Trend Micro talks about XDR
Oct 12, 2020
Risky Business #600 -- Who's messing with TrickBot?

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • The UHS ransomware attack
  • Someone is messing with TrickBot: Did the USA release the hounds?
  • US Treasury issues final warning on sanctioned ransomware crews
  • Azerbaijan and Armenia going at it
  • Fancy Bear owns US government department

Nucleus Security co-founder Scott Kuffer joins the show in this week’s sponsor interview to talk about how they have discovered a LOT of enterprises are actually trying to develop in-house vulnerability management software and how that is not going well.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

A Ransomware Attack Has Struck a Major US Hospital Chain | WIRED
German investigators treating ransomware attack as negligent homicide, reports say
Attacks Aimed at Disrupting the Trickbot Botnet — Krebs on Security
Microsoft: Some ransomware attacks take less than 45 minutes | ZDNet
US Treasury says some ransomware payments may need its express approval | ZDNet
Front companies for Chinese and Iranian APTs doxxed - Risky Business
Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security
Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says - CyberScoop
US charges Iranian hackers for breaching US satellite companies | ZDNet
A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware | WIRED
Microsoft says Iranian hackers are exploiting the Zerologon vulnerability | ZDNet
Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated
North Korea has tried to hack 11 officials of the UN Security Council | ZDNet
Federal Agency Compromised by Malicious Cyber Actor | CISA
Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency | WIRED
Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group | ZDNet
TikTok, WeChat survive in US app stores — one with a deal, the other with a judge's help
Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI | ZDNet
Kevin Rudd: «The Dollar is One of the Things China Fears»
Portland passes landmark private sector facial recognition technology ban | The Daily Swig
All four of the world's largest shipping companies have now been hit by cyber-attacks | ZDNet
UN maritime agency says it was hacked | ZDNet
Trump officials hint at update for US maritime cybersecurity
Encrochat Investigation Finds Corrupt Cops Leaking Information to Criminals
KuCoin cryptocurrency exchange hacked for $150 million | ZDNet
GitHub rolls out new Code Scanning security feature to all users | ZDNet
Facebook sues two Chrome extension makers for scraping user data | ZDNet
Senator asks DHS if foreign-controlled browser extensions threaten the US | Ars Technica
A security flaw in Grindr let anyone easily hijack user accounts | TechCrunch
Hackers claim they can now jailbreak Apple's T2 security chip | ZDNet
Critical stored XSS vulnerability in Instagram’s Spark AR Studio nets 14-year-old researcher $25,000 | The Daily Swig
Mozilla shuts down Firefox Send and Firefox Notes services | ZDNet
Member of 'The Dark Overlord' hacking group sentenced to five years in prison | ZDNet
LinkedIn hacker Nikulin sentenced to 7 years in prison after years of legal battles
John McAfee arrested in Spain, charged with tax evasion
Oct 07, 2020
Risky Biz special guest: Former Australian Prime Minister Malcolm Turnbull

This edition of the show is brought to you with the assistance the Hewlett Foundation, which awarded us a grant so we could do these policy-focussed podcasts.

Malcolm Bligh Turnbull served as a member of Parliament from 2004 until 2018, and as Prime Minister from September 2015 until August 2018. But he has been a public figure in Australia for decades. He’s an Oxford-educated lawyer who studied there under a Rhodes scholarship, he’s worked as a journalist, as the personal lawyer to Australian media baron Kerry Packer and was a leader of the ultimately unsuccessful campaign to make Australia a republic in the 1990s.

He can also list a number of achievements in the business world. In 1994 he invested half a million dollars into Australian ISP Ozemail, selling his stake to Worldcom in 1999 for $57m.

As you’ll hear, now he’s returned to private life Turnbull is investing in technology again. He joined the show to talk about cybersecurity in government, Huawei, the 2016 hack-and-leak operation against the DNC – which took place while he was PM – and more.

Sep 30, 2020
Risky Biz Soap Box: Identity as the new perimeter

As regular listeners know, these Soap Box podcasts are wholly sponsored. That means everyone you hear in a Soap Box podcast, paid to be here. But that’s ok, because we manage to book very interesting guests into these things, like today’s guest, Sami Laine.

Officially he’s Okta’s director of technology strategy – but informally he describes his role as being more like a principal security architect.

He joins us to talk about identity as the new perimeter and the massive leap we’ve towards a zero trust future through 2020.

Sep 23, 2020
Risky Business #599 -- You get domain admin! And YOU get domain admin!

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Russia, China, Iran having a red hot go at US political orgs
  • Crowdstrike drops report, telcos having a bad time
  • MSS owning US government with dumb bugs
  • DoJ indicts Iranian script kiddie because reasons
  • Proposed TikTok-Oracle deal barely makes sense
  • The mother of all Microsoft auth bugs, wow
  • Much, much more…

This week’s show is brought to you by Senetas. And we’ve got two sponsor guests for you this week: Senetas CTO Julian Fay will join us, as will Peter Farrely of AUCloud. Senetas uses AUCloud as a partner for its Suredrop file sharing and collaboration platform here in Oz, and Pete is joining us this week to talk through the new Cloud Assessment and Authorisation Framework published by the ACSC. If you work in Australian government IT and security, this one’s for you!

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Exclusive: Microsoft believes Russians that hacked Clinton targeted Biden campaign firm - sources | Reuters
GRU eyes US election - Risky Business
STRONTIUM: Detecting new patterns in credential harvesting - Microsoft Security
Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says
New CDRThief malware targets VoIP softswitches to steal call detail records | ZDNet
VOS3000 VOS5000 Softswitch by Linknat - A Word-leading VoIP Solutions Provider
Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says
(8) Eric Geller on Twitter: "DOJ to announce Chinese hacking charges (and arrests!) tomorrow. https://t.co/Wj7KSq9BNd" / Twitter
PAN-OS vulnerabilities add to a torrid year for enterprise software bugs
Public disclosure didn't stop suspected Chinese hackers from targeting the Vatican
Trump says Oracle ' very close' to TikTok deal
Huawei HarmonyOS: Operating system will be on smartphones in 2021
US charges two hackers for defacing US websites following Soleimani killing | ZDNet
FBI says credential stuffing attacks are behind some recent bank hacks | ZDNet
Magento online stores hacked in largest campaign to date | ZDNet
Multibillion-dollar Equinix is the latest data-center firm to face ransomware incident
[Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)
New BlindSide attack uses speculative execution to bypass ASLR | ZDNet
BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys | ZDNet
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw | ZDNet
MITRE releases emulation plan for FIN6 hacking group, more to follow | ZDNet
Internal Facebook systems exposed via unpatched Apache library | The Daily Swig
Porn site users targeted with malicious ads redirecting to exploit kits, malware | ZDNet
Researcher kept a major Bitcoin bug secret for two years to prevent attacks | ZDNet
Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency | ZDNet
Slovak cryptocurrency exchange ETERBASE discloses $5.4 million hack | ZDNet
Chinese diplomat demands investigation after his Twitter account liked embarrassing posts
Whistleblower Says Facebook Ignored Global Political Manipulation
When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number
Anatomy of a Cloud Assessment and Authorisation | Cyber.gov.au
Sep 16, 2020
Risky Business #598 -- China closing the "cyber gap" with USA

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Why integrity and availability are key to developing a COVID vaccine
  • China closing the “cyber gap” with USA
  • ASPI publishes research on TikTok, WeChat censorship
  • Belarusian “news app” was tracking activists
  • Julian Assange back in court to fight extradition
  • Much, much more

This week’s show is brought to you by Proofpoint, and this week’s sponsor guest is Proofpoint’s senior director of threat research Sherrod DeGrippo. She’ll be telling us about the emergence of some new mid-tier ransomware crews that are targeting people who speak Russian, which is kind of unusual.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes

Ransomware takes down state-owned bank - Risky Business
How the government is keeping hackers from disrupting coronavirus vaccine research
Chinese cyber power is neck-and-neck with US, Harvard research finds
ASPI finds TikTok censoring LGBTQ+ issues, Uighur crackdown
Google removes Android app that was used to spy on Belarusian protesters | ZDNet
Julian Assange Lays Out His Case Against US Extradition | WIRED
Chilean bank shuts down all branches following ransomware attack | ZDNet
DDoS extortionists posing as cyberspies to run blackmail scam | The Daily Swig
European ISPs report mysterious wave of DDoS attacks | ZDNet
Service NSW confirms 186,000 customers’ data breached in cyber-attack | The Daily Swig
Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene | WIRED
Private Intel Firm Buys Location Data to Track People to their 'Doorstep'
White House publishes a cyber-security rulebook for space systems | ZDNet
Voatz urges Supreme Court to not protect ethical research from prosecution
NSA call records collection ruled illegal by US appeals court | TechCrunch
Facebook explains how it will notify third-parties about bugs in their products | ZDNet
CISA orders agencies to set up vulnerability disclosure programs
A single text is all it took to unleash code-execution worm in Cisco Jabber | Ars Technica
Former IT director gets jail time for selling government's Cisco gear on eBay | ZDNet
Warner Music discloses months-long web skimming incident | ZDNet
A SonicWall cloud bug exposed corporate networks to hackers | TechCrunch
Sep 09, 2020