『Risky Business』のカバーアート

Risky Business

Risky Business

著者: Patrick Gray
無料で聴く

このコンテンツについて

 Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2025 政治・政府
エピソード
  • Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack

    Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack
    2025/12/17
    In the final show of 2025, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: React2Shell attacks continue, surprising no oneThe unholy combination of OAuth consent phishing, social engineering and Azure CLIVenezuela’s state oil firm gets ransomware’d, blames US… but what if it really is a US cyber op?!Russian junk-hacktivist gets indicted for cybering critical… err… a car wash and a fountainMicrosoft finally turns RC4 off by default in Active Directory KerberosTraefik’s TLS verify=on … turns it off, whoopsie 🤡 This week’s episode is sponsored by Sublime Security, makers of an email filtering solution that’s up for dealing with modern problems. Founder and CEO Josh Kamdjou joins to talk about calendar invite phishing, and the extra steps they’ve had to take to reach into people’s calendars and fix the mess. The Risky Business weekly show is taking holiday break, and will return on 14 January for its twentieth year! Good luck out there, internet friends. This episode is also available on Youtube. Show notes React2Shell attacks expand widely across multiple sectors | Cybersecurity DiveReact issues new patches after security researchers flag additional flaws | Cybersecurity DiveConsentFix: Browser-native ClickFix hijacks OAuth grantsHacking Endpoint to Identity (Microsoft 365): "ConsentFix" - YouTubeAnnounced pick for No. 2 at NSA won’t get the job as another candidate surfaces | The Record from Recorded Future NewsLaura Loomer on X: "EXCLUSIVE: 🚨 White House Official Confirms Ongoing Search for NSA Deputy Director As Tim Kosiba's Deep State And Anti-Trump Ties Raise Red Flags 🚨"Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA | The Record from Recorded Future NewsTrump Administration Turning to Private Firms in Cyber Offensive - BloombergPdV says cyber attacks contained | Latest Market NewsVenezuela state oil company blames cyberattack on US after tanker seizure | The Record from Recorded Future NewsOffice of Public Affairs | Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups | United States Department of JusticeDOJ, CISA warn of Russia-linked attacks targeting meat processing plants, nuclear regulatory entities and other critical infrastructure | The Record from Recorded Future Newsvx-underground on X: "The United States government has indicted a state-sponsored Threat Actor named Victoria Eduardovna Dubranova"vx-underground on X: "I'm actually laughing. One of the compromises is so dumb"German parliament suffers suspected cyber attack during Zelenskyy’s visitWährend Selenskyj-Besuch: Große Internet-Störung im Bundestag! | Politik | BILD.deGermany summons Russian ambassador over cyberattack, election disinformation | The Record from Recorded Future NewsRussische hackgroep had toegang tot openbare waterfontein in Nederland | de VolkskrantMost Parked Domains Now Serving Malicious Content – Krebs on SecurityPornHub extorted after hackers steal Premium member activity dataOffice of Public Affairs | Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme | United States Department of JusticeMicrosoft will finally kill obsolete cipher that has wreaked decades of havoc - Ars TechnicaCVE-2025-66491: Traefik's "Verify=On" Turned TLS Off | AISLEDylan O'Donnell 🦋 on X: "This week I was rushed to hospital with a diagnosis of oesophageal cancer."
    続きを読む 一部表示
    54 分
  • Risky Biz Soap Box: Graph the planet!

    Risky Biz Soap Box: Graph the planet!
    2025/12/11

    In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph.

    OpenGraph enumerates attack paths across platforms and services, not just your primary directories.

    A compromised GitHub account to on-prem AD compromise attack path? It’s a thing, and OpenGraph will find it.

    Cross-platform attack path enumeration! So good!

    This episode is also available on Youtube.

    Show notes
      続きを読む 一部表示
      43 分
    • Risky Business #818 -- React2Shell is a fun one

      Risky Business #818 -- React2Shell is a fun one
      2025/12/10

      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

      • There’s a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?
      • China is out popping shells with it
      • Linux adds support for PCIe bus encryption
      • Amnesty International says Intellexa can just TeamViewer into its customers’ surveillance systems
      • …and a Belgian murder suspect complains that GrapheneOS’s duress wipe feature failed him?

      This week’s episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll’s Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board?

      This episode is also available on Youtube.

      Show notes
      • Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media
      • Guillermo Rauch on X: "React2Shell" / X
      • React2Shell-CVE-2025-55182-original-poc/README.md at main · lachlan2k/React2Shell-CVE-2025-55182-original-poc · GitHub
      • Hydrogen: Shopify’s headless commerce framework
      • Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS | The Record from Recorded Future News
      • Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      • Three hacking groups, two vulnerabilities and all eyes on China | The Record from Recorded Future News
      • Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers
      • Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop
      • 🕳 on X: "This guy is complaining that GrapheneOS “failed him”. Showing a Belgian 🇧🇪 police request for an interrogation regarding premeditated murder (as a suspect)." / X
      • Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch
      • To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
      • Is ransomware finally on the decline? Treasury data offers cautious hope | CyberScoop
      • UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop
      • In comedy of errors, men accused of wiping gov databases turned to an AI tool - Ars Technica
      続きを読む 一部表示
      58 分
    まだレビューはありません