App Store

Google Play

SE - Details page - Device banner - 894x1036

Kliv in i en oändlig värld av stories

Lyssna när som helst, var som helst

Patrick Gray

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business

In this interview Patrick Gray talks to Yubico’s COO and President Jerrod Chong about a new Yubikey feature: pre-registration.

You can now ship pre-registered Yubikeys to your staff so you don’t need to rely on your staff to enrol them. They’ve achieved this with really slick Okta and Entra ID integrations.

Jerrod also talks about a recent trip to Singapore and concerns he has about the cybersecurity of critical infrastructure in the energy sector.

Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Cleo file transfer products have a remote code exec, here we go again!

 • Snowflake phases out password-based auth

 • Chinese Sophos-exploit-dev company gets sanctioned

 • Romania’s election gets rolled back after Tiktok changed the outcome

 • AMD’s encrypted VM tech bamboozled by RAM with one extra address bit

 • Some cool OpenWRT research

 • And much, much more.

This week’s episode is sponsored by Thinkst, who love sneaky canary token traps. Jacob Torrey previews an upcoming Blackhat talk filled with interesting operating system tricks you can use to trigger canaries in your environment. You wont believe the third trick! Attackers hate him!

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 | Huntress
 
 Blue Yonder investigating data leak claim following ransomware attack | Cybersecurity Dive
 
 Snowflake to phase out single-factor authentication by late 2025 | Cybersecurity Dive
 
 Treasury Sanctions Cybersecurity Company Involved in Compromise of Firewall Products and Attempted Ransomware Attacks | U.S. Department of the Treasury
 
 Another teenage hacker charged as feds continue Scattered Spider crackdown | The Record from Recorded Future News
 
 Germany arrests suspected admin of country’s largest criminal marketplace | The Record from Recorded Future News
 
 FCC, for first time, proposes cybersecurity rules tied to wiretapping law | CyberScoop
 
 Russian state hackers abuse Cloudflare services to spy on Ukrainian targets | The Record from Recorded Future News
 
 Cloudflare’s pages.dev and workers.dev Domains Increasingly Abused for
 
 Romania annuls presidential election over alleged Russian interference | The Record from Recorded Future News
 
 EU demands TikTok 'freeze and preserve data' over alleged Russian interference in Romanian elections | The Record from Recorded Future News
 
 Research Note: Meta’s Role in Romania’s 2024 Presidential Election - CheckFirst
 
 Key electricity distributor in Romania warns of ‘cyber attack in progress’ | The Record from Recorded Future News
 
 Backdoor slipped into popular code library, drains ~$155k from digital wallets - Ars Technica
 
 AMD’s trusted execution environment blown wide open by new BadRAM attack - Ars Technica
 
 New dog, old tricks: DaMAgeCard attack targets memory directly thru SD card reader – PT SWARM
 
 Telegram partners with child safety group to scan content for sexual abuse material
 
 Apple hit with $1.2B lawsuit after killing controversial CSAM-detecting tool - Ars Technica
 
 Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research
 
 How do I turn on the Do Not Track feature? | Firefox Help

Risky Business #774 -- Cleo file transfer appliances under widespread attack

In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOne’s Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations.

They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of China’s Ministry of State Security and People’s Liberation Army.

It’s a very dense hour of conversation!

This podcast was recorded in front of an audience at the Museum of Contemporary Art in Sydney.

This episode is also available on Youtube.

 
 
 Show notes

Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations

On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • The SEC’s cyber incident reporting isn’t very exciting after all

 • China Telecom on the way to being thrown out of the US

 • The NSA/Cybercom might get two separate hats

 • The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks

 • (Yet another) File upload bug in Struts makes Java admins weep

 • And much, much more.

This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they’re not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps’ Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing.

This episode is also available Youtube.

 
 
 Show notes
 
 
 SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive
 
 US senators, green groups call for accountability over hacking of Exxon critics | Reuters
 
 Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times
 
 Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News
 
 EU opens investigation into TikTok and the Romanian election – POLITICO
 
 Clop ransomware claims responsibility for Cleo data theft attacks
 
 CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News
 
 CVE-2024-55956 | AttackerKB
 
 Apache issues patches for critical Struts 2 RCE bug • The Register
 
 Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News
 
 Israeli spyware firm Paragon acquired by US investment group, report says | Reuters
 
 How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security
 
 Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop
 
 Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

In this sponsored Soap Box edition of the show Patrick Gray talks to Island CEO Michael Fey about some of the cool tricks in the Island enterprise browser. You can use it to tick off so many compliance boxes, and not just cybersecurity boxes.

This is largely a conversation about compliance, but it’s actually interesting and fun. These are words we never thought we’d type!

You can find Island at https://island.io/

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser

Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss:

 • The incoming Trump administration guts the CSRB

 • Biden’s last cyber Executive Order has sensible things in it

 • China’s breach of the US Treasury gets our reluctant admiration

 • Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon

 • New year, same shameful comedy Forti- and Ivanti- bugs

 • US soldier behind the Snowflake hacks faces charges after a solid Krebs-ing

 • And much, much (much! after a month off) more.

This week’s episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you’ve got a telco full of unix, and people are asking how much Salt Typhoon you’ve got in there… Sandfly’s tools are probably what you’re looking for.

If you like your Business like us… - Risky - then we’re hiring! We’re looking for someone to help with audio and video production for our work, manage our socials, and if you’re also into the Cybers… even better. Position is remote, with a preference for timezones amenable to Australia/NZ. Drop us a line: editorial at risky.biz.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisers
 
 Treasury’s sanctions office hacked by Chinese government, officials say 
 
 Strengthening America’s Resilience Against the PRC Cyber Threats | CISA
 
 AT&T, Verizon say they evicted Salt Typhoon from their networks
 
 Risky Bulletin: Looking at Biden's last cyber executive order - Risky Business
 
 Internet-connected devices can now have a label that rates their security | Reuters
 
 US sanctions prominent Chinese cyber company for role in Flax Typhoon attacks
 
 FCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense bill
 
 CIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoop
 
 Trump tells Justice Department not to enforce TikTok ban for 75 days
 
 Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future News
 
 Unpacking WhatsApp’s Legal Triumph Over NSO Group | Lawfare
 
 Time to check if you ran any of these 33 malicious Chrome extensions
 
 Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic Wolf
 
 Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
 
 Researchers warn of active exploitation of critical Apache Struts 2 flaw 
 
 DOJ deletes China-linked PlugX malware off more than 4,200 US computers
 
 Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future News
 
 Ukraine restores state registers after suspected Russian cyberattack | The Record from Recorded Future News
 
 Hackers claim to breach Russian state agency managing property, land records | The Record from Recorded Future News
 
 U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security

Risky Business #776 -- Trump will flex American cyber muscles

Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

 • Sonicwall firewalls hand out remote code exec like candy

 • Mastercard make a slapstick-grade mistake with their DNS

 • The data breach at PowerSchool and other niche SaaS providers

 • Academic research proposes taking down Europe’s power grid

 • Apple CPUs get a new speculative execution side channel

 • And much, much more.

This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive
 
 MasterCard DNS Error Went Unnoticed for Years – Krebs on Security
 
 Data breach hitting PowerSchool looks very, very bad - Ars Technica
 
 OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks’ | The Record from Recorded Future News
 
 Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News
 
 UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News
 
 Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News
 
 Researchers say new attack could take down the European power grid - Ars Technica
 
 At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News
 
 BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News
 
 Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica
 
 Apple fixes zero-day flaw affecting all devices | TechCrunch
 
 I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
 
 Government websites vanish under Trump, from the Constitution to DEI
 
 Trail of Bits: Director, Technical Marketing
 
 Push Security: Security Researcher (remote in the USA)
 
 A new class of phishing: Verification phishing and cross-IdP impersonation

Risky Business #777 -- It's SonicWall's turn

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • DeepSeek leaves an unauthed database on the internet

 • Russia hacked UK prime minister’s personal mail

 • Australia sanctions a Telegram group… which is more sensible than it sounds

 • Medical device backdoor turns out to be just poorly thought out upgrade feature

 • Google abuses weak hashing to patch AMD CPU microcode

 • And much, much more.

This week’s episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers’ abuse of legitimate services like Docusign is a challenge for email security vendors.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Exclusive: Musk aides lock workers out of OPM computer systems | Reuters
 
 Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
 
 Криптостилер SparkCat в магазинах Google Play и App Store | Securelist
 
 Russian hackers suspected of compromising British PM’s personal email account | The Record from Recorded Future News
 
 PowerSchool hack: missed basic security step resulted in data breach
 
 Australia sanctions ‘Terrorgram’ white supremacist online group | The Record from Recorded Future News
 
 ‘Paid actors’ could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The Guardian
 
 Interview with James Glenday, ABC News Breakfast | Australian Minister for Foreign Affairs
 
 WhatsApp says spyware company Paragon Solutions targeted journalists
 
 Spyware maker Paragon confirms US government is a customer | TechCrunch
 
 Former Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future News
 
 Sweden releases suspected ship, says cable break ‘clearly’ not sabotage | The Record from Recorded Future News
 
 Backdoor found in two healthcare patient monitors, linked to IP in China
 
 Attackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity Dive
 
 AMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub
 
 22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars Technica
 
 A method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UK
 
 Living Off the Land: Credential Phishing via Docusign abuse
 
 Living Off the Land: Callback Phishing via Docusign comment
 
 B2B freight-forwarding scams on the rise to evade financial fraud crackdowns
 
 Callback phishing via invoice abuse and distribution list relays
 
 Enhanced message groups: Improving efficiency in email incident response

Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

 • Musk’s DOGE kid has a history with The Com

 • Paragon fires Italy as a spyware customer

 • Thailand cuts power to scam compounds…

 • … and arrests Phobos/8Base Russian cybercrims

 • The CyberCX DFIR report shows non-U2F MFA is well and truly over

 • And much, much more.

This week’s episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious work, so they can focus on the value of human insight. Dropzone’s founder and CEO Edward Wu joins to talk about how they approach the problem.

This episode is also available on Youtube.

 
 
 Show notes
 
 
 Teen on Musk’s DOGE Team Graduated from ‘The Com’ – Krebs on Security
 
 ACLU Warns DOGE’s ‘Unchecked’ Access Could Violate Federal Law | WIRED
 
 Lawsuit accuses Trump administration of violating federal information security law | The Record from Recorded Future News
 
 The Recruitment Effort That Helped Build Elon Musk’s DOGE Army | WIRED
 
 States prepare privacy lawsuit against DOGE over access to federal data | The Record from Recorded Future News
 
 Union groups sue Treasury over giving DOGE access to sensitive data | The Record from Recorded Future News
 
 Student group sues Education Department over reported DOGE access to financial aid databases | The Record from Recorded Future News
 
 Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts | The Record from Recorded Future News
 
 DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers - Ars Technica
 
 DeepSeek Is a Win for Chinese Hackers - Risky Business
 
 Owner of spyware used in alleged WhatsApp breach ends contract with Italy | WhatsApp | The Guardian
 
 Another person targeted by Paragon spyware comes forward | TechCrunch
 
 Apple fixes security flaw allowing third-party access to locked devices | The Record from Recorded Future News
 
 U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure | CyberScoop
 
 Thailand cuts power supply to Myanmar scam hubs | The Record from Recorded Future News
 
 8Base ransomware site taken down as Thai authorities arrest 4 connected to operation | The Record from Recorded Future News
 
 Two Russian nationals arrested in takedown of Phobos ransomware infrastructure | The Record from Recorded Future News
 
 The Company Man: Binance exec detained in Nigeria breaks his silence | The Record from Recorded Future News
 
 Deloitte pays $5M in connection with breach of Rhode Island benefits site | Cybersecurity Dive
 
 DFIR - Threat Report 2025 | CyberCX
 
 Request a Demo | Dropzone AI

Risky Business #779 -- DOGE staffer linked to The Com

In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik.

The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source it’s extremely flexible, and if you’re running it yourself, you get to decide where your IDP should sit in your architecture. You can run it on prem if you’re an emergency call centre or you’re operating an airgapped network, or you can spin it up in your cloud environment if you’re a typical enterprise.

Fletcher talks through the reasons Authentik users are decoupling themselves from the major SaaS Identity Providers, and the flexibility that comes from being able to assemble exactly what you need.

This episode is also available on Youtube.

 
 
 Show notes

Risky Biz Soap Box: Run your own open source IDP with Authentik

The Risky Biz main show returns from a break to the traditional internet-melting mess that happens whenever Patrick Gray takes a holiday. Pat and Adam Boileau talk through the week’s security news, including:

 • Oh Crowdstrike, no, oh no, honey, no

 • AT&T stored call records on Snowflake and you’ll never guess what happened next

 • Squarespace buys Google Domains and makes a hash of it

 • Some but not all of the SECs case against Solarwinds gets thrown out

 • Pity the incident responders digging through a terabyte of Disney Slack dumps

 • Internet Explorer rises from the grave, and it wants SHELLS RAAAAARGH SSHHEEELLLS

 • And much, much more.

This week’s show is brought to you by Sublime Security, a flexible and modern email security platform. If you’re sick of using a black box email security solution, Sublime is a terrific option for you.

 
 
 Show notes
 
 
 Risky Biz News: CrowdStrike faulty update affects 8.5 million Windows systems
 
 Low-level cybercriminals are pouncing on CrowdStrike-connected outage | CyberScoop
 
 CrowdStrike says flawed update was live for 78 minutes | Cybersecurity Dive
 
 Crooks Steal Phone, SMS Records for Nearly All AT&T Customers – Krebs on Security
 
 Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security
 
 Teenage suspect in MGM Resorts hack arrested in Britain
 
 Majority of SEC civil fraud case against SolarWinds dismissed, but core remains | Cybersecurity Dive
 
 How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter | WIRED
 
 Kaspersky Lab Closing U.S. Division; Laying Off Workers
 
 Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages | WIRED
 
 Wallets tied to CDK ransom group received $25 million two days after attack | CyberScoop
 
 UnitedHealth’s cyberattack response costs to surpass $2.3B this year | Cybersecurity Dive
 
 Ransomware ecosystem fragmenting under law enforcement pressure and distrust
 
 Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

Risky Business #756 -- Move fast and break everything

Lyssna när som helst, var som helst

Andra podcasts som du kanske gillar...