エピソード

  • Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack

    Risky Business #819 -- Venezuela (credibly?!) blames USA for wiper attack
    2025/12/17
    In the final show of 2025, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: React2Shell attacks continue, surprising no oneThe unholy combination of OAuth consent phishing, social engineering and Azure CLIVenezuela’s state oil firm gets ransomware’d, blames US… but what if it really is a US cyber op?!Russian junk-hacktivist gets indicted for cybering critical… err… a car wash and a fountainMicrosoft finally turns RC4 off by default in Active Directory KerberosTraefik’s TLS verify=on … turns it off, whoopsie 🤡 This week’s episode is sponsored by Sublime Security, makers of an email filtering solution that’s up for dealing with modern problems. Founder and CEO Josh Kamdjou joins to talk about calendar invite phishing, and the extra steps they’ve had to take to reach into people’s calendars and fix the mess. The Risky Business weekly show is taking holiday break, and will return on 14 January for its twentieth year! Good luck out there, internet friends. This episode is also available on Youtube. Show notes React2Shell attacks expand widely across multiple sectors | Cybersecurity DiveReact issues new patches after security researchers flag additional flaws | Cybersecurity DiveConsentFix: Browser-native ClickFix hijacks OAuth grantsHacking Endpoint to Identity (Microsoft 365): "ConsentFix" - YouTubeAnnounced pick for No. 2 at NSA won’t get the job as another candidate surfaces | The Record from Recorded Future NewsLaura Loomer on X: "EXCLUSIVE: 🚨 White House Official Confirms Ongoing Search for NSA Deputy Director As Tim Kosiba's Deep State And Anti-Trump Ties Raise Red Flags 🚨"Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA | The Record from Recorded Future NewsTrump Administration Turning to Private Firms in Cyber Offensive - BloombergPdV says cyber attacks contained | Latest Market NewsVenezuela state oil company blames cyberattack on US after tanker seizure | The Record from Recorded Future NewsOffice of Public Affairs | Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups | United States Department of JusticeDOJ, CISA warn of Russia-linked attacks targeting meat processing plants, nuclear regulatory entities and other critical infrastructure | The Record from Recorded Future Newsvx-underground on X: "The United States government has indicted a state-sponsored Threat Actor named Victoria Eduardovna Dubranova"vx-underground on X: "I'm actually laughing. One of the compromises is so dumb"German parliament suffers suspected cyber attack during Zelenskyy’s visitWährend Selenskyj-Besuch: Große Internet-Störung im Bundestag! | Politik | BILD.deGermany summons Russian ambassador over cyberattack, election disinformation | The Record from Recorded Future NewsRussische hackgroep had toegang tot openbare waterfontein in Nederland | de VolkskrantMost Parked Domains Now Serving Malicious Content – Krebs on SecurityPornHub extorted after hackers steal Premium member activity dataOffice of Public Affairs | Senior Manager for Government Contractor Charged in Cybersecurity Fraud Scheme | United States Department of JusticeMicrosoft will finally kill obsolete cipher that has wreaked decades of havoc - Ars TechnicaCVE-2025-66491: Traefik's "Verify=On" Turned TLS Off | AISLEDylan O'Donnell 🦋 on X: "This week I was rushed to hospital with a diagnosis of oesophageal cancer."
    続きを読む 一部表示
    54 分
  • Risky Biz Soap Box: Graph the planet!

    Risky Biz Soap Box: Graph the planet!
    2025/12/11

    In this sponsored Soap Box edition of the Risky Business podcast, Patrick Gray chats with Jared Atkinson, CTO of SpecterOps, about BloodHound OpenGraph.

    OpenGraph enumerates attack paths across platforms and services, not just your primary directories.

    A compromised GitHub account to on-prem AD compromise attack path? It’s a thing, and OpenGraph will find it.

    Cross-platform attack path enumeration! So good!

    This episode is also available on Youtube.

    Show notes
      続きを読む 一部表示
      43 分
    • Risky Business #818 -- React2Shell is a fun one

      Risky Business #818 -- React2Shell is a fun one
      2025/12/10

      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

      • There’s a CVSS 10/10 remote code exec in the React javascript server. JS server? U wot mate?
      • China is out popping shells with it
      • Linux adds support for PCIe bus encryption
      • Amnesty International says Intellexa can just TeamViewer into its customers’ surveillance systems
      • …and a Belgian murder suspect complains that GrapheneOS’s duress wipe feature failed him?

      This week’s episode is sponsored by Kroll Cyber. Simon Onyons is Managing Director at Kroll’s Cyber and Data Resilience arm, and he discusses a problem near to many of our hearts. Just how do you explain cyber risk to the board?

      This episode is also available on Youtube.

      Show notes
      • Risky Bulletin: APTs go after the React2Shell vulnerability within hours - Risky Business Media
      • Guillermo Rauch on X: "React2Shell" / X
      • React2Shell-CVE-2025-55182-original-poc/README.md at main · lachlan2k/React2Shell-CVE-2025-55182-original-poc · GitHub
      • Hydrogen: Shopify’s headless commerce framework
      • Researchers track dozens of organizations affected by React2Shell compromises tied to China’s MSS | The Record from Recorded Future News
      • Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
      • Three hacking groups, two vulnerabilities and all eyes on China | The Record from Recorded Future News
      • Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers
      • Sean Plankey nomination to lead CISA appears to be over after Thursday vote | CyberScoop
      • 🕳 on X: "This guy is complaining that GrapheneOS “failed him”. Showing a Belgian 🇧🇪 police request for an interrogation regarding premeditated murder (as a suspect)." / X
      • Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch
      • To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware - Amnesty International Security Lab
      • Is ransomware finally on the decline? Treasury data offers cautious hope | CyberScoop
      • UK cyber agency warns LLMs will always be vulnerable to prompt injection | CyberScoop
      • In comedy of errors, men accused of wiping gov databases turned to an AI tool - Ars Technica
      続きを読む 一部表示
      58 分
    • Risky Business #817 -- Less carnage than your usual Thanksgiving

      Risky Business #817 -- Less carnage than your usual Thanksgiving
      2025/12/03
      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. It’s a quiet week with Thanksgiving in the US, but there’s always some cyber to talk about: Airbus rolls out software updates after a cosmic ray bitflips an A320 into a diveKrebs tracks down a Scattered Lapsus$ Hunters teen through the usual poor opsec…… as Wired publishes an opsec guide for teens.Microsoft decides its login portal is worth a Content Security PolicySouth Korean online retailer data breach covers 65% of the country This week’s episode is sponsored by Nebulock. Founder and CEO Damien Lewke joins to talk through their work bringing more SIgma threat detection rules to MacOS. This episode is also available on Youtube. Show notes Airlines race to fix their Airbus planes after warning solar radiation could cause pilots to lose control | CNNCongress calls on Anthropic CEO to testify on Chinese Claude espionage campaign | CyberScoopPost-mortem of Shai-Hulud attack on November 24th, 2025 - PostHogUpdate: Shai-Hulud and the npm Ecosystem: Why CTEM Must Extend Beyond Your Walls | ArmisGlassworm's resurgence | Secure Annex4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi BlogPost by @spuxx.bsky.social — BlueskyMeet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ – Krebs on SecurityThe WIRED Guide to Digital Opsec for Teens | WIREDPerth hacker Michael Clapsis jailed after setting up fake Qantas Wi-Fi, stealing sex videos - ABC NewsEd Conway on X: "The person who first downloaded the OBR's document at 11:35 on Budget day (I'm guessing someone at Reuters, given they first reported it) had already guessed the web address and tried and failed to download it 32 times so far that day(!) https://t.co/6iLm2uEUj2" / XReuters accused of hack attack | ZDNETThe Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ | WIREDMicrosoft tightens cloud login process to prevent common attack | Cybersecurity DiveFortinet FortiWeb flaws found in unsupported versions of web application firewall | Cybersecurity DiveCryptomixer platform raided by European police; $29 million in bitcoin seized | The Record from Recorded Future NewsOfficials accuse North Korea’s Lazarus of $30 million theft from crypto exchange | The Record from Recorded Future NewsData breach hits 'South Korea's Amazon,' potentially affecting 65% of country’s population | The Record from Recorded Future NewsNSA Contractor Groomed Teenage Girls On Reddit, DOJ AllegesNebulock developed coreSigma for MacOScoreSigma repo:
      続きを読む 一部表示
      1 時間 1 分
    • Risky Business #816 -- Copilot Actions for Windows is extremely dicey

      Risky Business #816 -- Copilot Actions for Windows is extremely dicey
      2025/11/26
      In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Salesforce partner Gainsight has customer data stolenCrowdstrike fires insider who gave hackers screenshots of internal systemsAustralian Parliament turns off wifi and bluetooth in fear of of visiting Chinese bigwigsShai-Hulud npm/Github worm is back, and rm -rf’ier than everSEC gives up on Solarwinds lawsuitDog eats cryptographer’s key material This week’s episode is sponsored by runZero. HD Moore pops in to talk about how they’re integrating runZero with Bloodhound-style graph databases. He also discusses uses for driving runZero’s tools with an AI, plus the complexities of shipping AI when the company has a variety of deployment models. This episode is also available on Youtube. Show notes Google says hackers stole data from 200 companies following Gainsight breachGainsight StatusTrust StatusCrowdStrike fires 'suspicious insider' who passed information to hackersSalesforce cuts off access to third-party app after discovering ‘unusual activity’Атаки разящей панды: APT31 сегодняOffice of Public Affairs | Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Australian federal MPs warned to turn off phones when Chinese delegation visits Parliament HouseSha1-Hulud: The Second Coming of the NPM Worm is Digging For SecretsFCC eliminates cybersecurity requirements for telecom companiesTrade Associations Cybersecurity Practices Ex ParteSEC voluntarily dismisses SolarWinds lawsuitRecord-breaking DDoS attack against Microsoft Azure mitigatedThe Cloudflare Outage May Be a Security Roadmap – Krebs on SecurityCritics scoff after Microsoft warns AI feature can infect machines and pilfer datavx-underground on X: "I've had a surprising amount of people ask me about Copilot"Researchers warn command injection flaw in Fortinet FortiWeb is under exploitationTwo suspected Scattered Spider hackers plead not guilty over Transport for London cyberattackRussia arrests young cybersecurity entrepreneur on treason chargesThis campaign aims to tackle persistent security myths in favor of better adviceOops. Cryptographers cancel election results after losing decryption key.Uncovering network attack paths with runZeroHoundModel Context Protocol
      続きを読む 一部表示
      58 分
    • Risky Biz Soap Box: Greynoise knows when bad bugs are coming

      Risky Biz Soap Box: Greynoise knows when bad bugs are coming
      2025/11/20

      In this sponsored Soap Box edition of the podcast, Andrew Morris joins Patrick Gray to talk about how Greynoise can often get a 90 day heads up on serious vulnerabilities. Whether it’s malicious actors doing reconnaissance or the affected vendors trying to understand the scope of the problem, it seems that mass scanning activity lines up pretty nicely with typical 90-day disclosure timelines.

      A fascinating chat with Andrew, as always.

      This episode is also available on Youtube.

      Show notes
        続きを読む 一部表示
        38 分
      • Risky Business #815 -- Anthropic's AI APT report is a big deal

        Risky Business #815 -- Anthropic's AI APT report is a big deal
        2025/11/19

        In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

        • Anthropic says a Chinese APT orchestrated attacks using its AI
        • It’s a day ending in -y, so of course there are shamefully bad Fortinet exploits in the wild
        • Turns out slashing CISA was a bad idea, now it’s time for a hiring spree
        • Researchers brute force entire phone number space against Whatsapp contact discovery API
        • DOJ figures out how to make SpaceX turn off scam compounds’ Starlink service

        This week’s episode is sponsored by Mastercard. Senior Vice President of Mastercard Cybersecurity Urooj Burney joins to talk about how the roles of fraud and cyber teams in the financial sector are starting to converge. Mastercard also recently acquired Recorded Future, and Urooj talks about how they aim to integrate cyber threat intelligence into the financial world.

        This episode is also available on Youtube.

        Show notes
        • Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign
        • Researchers question Anthropic claim that AI-assisted attack was 90% autonomous - Ars Technica
        • China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work | CyberScoop
        • Amazon discovers APT exploiting Cisco and Citrix zero-days | AWS Security Blog
        • CISA gives federal agencies one week to patch exploited Fortinet bug | The Record from Recorded Future News
        • PSIRT | FortiGuard Labs
        • CISA, eyeing China, plans hiring spree to rebuild its depleted ranks | Cybersecurity Dive
        • This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation | WIRED
        • A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers | WIRED
        • DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound | WIRED
        • Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million | The Record from Recorded Future News
        • Cyberattack leaves Jaguar Land Rover short of £680 million | The Record from Recorded Future News
        • FBI: Akira gang has received nearly $250 million in ransoms | The Record from Recorded Future News
        • Operation Endgame: Police reveal takedowns of three key cybercrime tools | The Record from Recorded Future News
        • Inside a Wild Bitcoin Heist: Five-Star Hotels, Cash-Stuffed Envelopes, and Vanishing Funds | WIRED
        続きを読む 一部表示
        51 分
      • Risky Business #814 -- It's a bad time to be a scam compound operator

        Risky Business #814 -- It's a bad time to be a scam compound operator
        2025/11/12

        In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:

        • The KK Park scam compound in Myanmar gets blasted with actual dynamite
        • China sentences more scammers TO DEATH
        • While Singapore is opting to lash them with the cane
        • Chinese security firm KnownSec leaks a bunch of documents
        • Necromancy continues on NSO Group, with a Trump associate in charge
        • OWASP freshens up the Top 10, you won’t believe what’s number three!

        This week’s episode is sponsored by Thinkst Canary. Big bird Haroon Meer joins and, as usual, makes a good point. If you’re going to trust a vendor to do something risky like put a box on your network, they have an obligation to explain how they make that safe. Thinkst has a /security page that does exactly that. So why do we let Palo Alto and Fortinet get away with “trust me, bro”?

        This episode is also available on Youtube.

        Show notes
        • Myanmar Junta Dynamites Scam Hub in PR Move as Global Pressure Grows
        • China sentences 5 Myanmar scam kingpins to death | The Record from Recorded Future News
        • Law passed for scammers, mules to be caned after victims in Singapore lose almost $4b since 2020 | The Straits Times
        • KnownSec breach: What we know so far. - NetAskari
        • Risky Bulletin: Another Chinese security firm has its data leaked
        • Inside Congress Live
        • The Government Shutdown Is a Ticking Cybersecurity Time Bomb | WIRED
        • Former Trump official named NSO Group executive chairman | The Record from Recorded Future News
        • Short-term renewal of cyber information sharing law appears in bill to end shutdown | The Record from Recorded Future News
        • Jaguar Land Rover hack hurt the U.K.'s GDP, Bank of England says
        • Monetary Policy Report - November 2025 | Bank of England
        • SonicWall says state-linked actor behind attacks against cloud backup service | Cybersecurity Dive
        • Japanese media giant Nikkei reports Slack breach exposing employee and partner records | The Record from Recorded Future News
        • "Intel sues former employee for allegedly stealing confidential data" Post by @campuscodi.risky.biz — Bluesky
        • Introduction - OWASP Top 10:2025 RC1
        続きを読む 一部表示
        1 時間 3 分