On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Did the US decide to stop caring about Russian cyber, or not? Adam stans hard for North Korea’s massive ByBit crypto-theft Cellebrite firing Serbia is an example of the system working Starlink keeps scam compounds in Myanmar running Biggest DDoS botnet yet pushes over 6Tbps This week’s episode is sponsored by network visibility company Corelight. Vincent Stoffer, field CTO at Corelight joins to talk through ...
Mar 05, 2025•50 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: North Korea pulls off a 1.5 billion dollar crypto heist Apple pulls Advanced Data Protection from the UK Black Basta ransomware gang’s internal chats leak Russians snoop on Signal with QR codes And Myanmar ships thousands of freed scam compound workers to Thailand Regular guest Lina Lau joins to discuss her work reading Chinese incident response reports on WeChat, and how that has people thinking that … she ...
Feb 26, 2025•1 hr 3 min
In this episode of the Wide World of Cyber podcast Risky Business host Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about AI, DeepSeek, and regulation. From its bad transport security to its Chinese ownership and the economic implications of China “entering the chat”, everyone’s freaking out over this new model. But should they be? Pat, Alex and Chris dissect the model’s significance, the politics of it all and how AI regulation in Europe, the US and China will shape the fut...
Feb 21, 2025•41 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Australian spooks scrubbed Medibank data off Zservers bulletproof hosting Why device code phishing is the latest trick in confusing poor users about cloud authentication Cloudflare gets blocked in Spain, but only on weekends and because of… football? Palo Alto has yet another dumb bug Adam gushes about Qualys’ latest OpenSSH vulns Enterprise browser maker Island is this week’s sponsor and Chief Cu...
Feb 19, 2025•1 hr 1 min
In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik. The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source it’s extremely flexible, and if you’re running it yourself, you get to decide where your IDP should sit in your architecture. You can run it on prem if you’re an emergency call centre or you’re operating an airgapped network, or you ca...
Feb 14, 2025•38 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Musk’s DOGE kid has a history with The Com Paragon fires Italy as a spyware customer Thailand cuts power to scam compounds… … and arrests Phobos/8Base Russian cybercrims The CyberCX DFIR report shows non-U2F MFA is well and truly over And much, much more. This week’s episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious ...
Feb 12, 2025•59 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: DeepSeek leaves an unauthed database on the internet Russia hacked UK prime minister’s personal mail Australia sanctions a Telegram group… which is more sensible than it sounds Medical device backdoor turns out to be just poorly thought out upgrade feature Google abuses weak hashing to patch AMD CPU microcode And much, much more. This week’s episode is sponsored by email security boffins Sublime. ...
Feb 05, 2025•56 min
Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through: Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europe’s power grid Apple CPUs get a new speculative execution side channel And much, much more. This week’s episode is sponsored by ...
Jan 29, 2025•51 min
Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss: The incoming Trump administration guts the CSRB Biden’s last cyber Executive Order has sensible things in it China’s breach of the US Treasury gets our reluctant admiration Ross Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardon New year, same shameful comedy Forti- and Ivanti- bugs US soldier behind the Snowflake...
Jan 22, 2025•1 hr 4 min
In this sponsored Soap Box edition of the show Patrick Gray talks to Island CEO Michael Fey about some of the cool tricks in the Island enterprise browser. You can use it to tick off so many compliance boxes, and not just cybersecurity boxes. This is largely a conversation about compliance, but it’s actually interesting and fun. These are words we never thought we’d type! You can find Island at https://island.io/ This episode is also available on Youtube . Show notes...
Dec 20, 2024•27 min
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: The SEC’s cyber incident reporting isn’t very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch off...
Dec 18, 2024•1 hr 1 min
In this edition of the Wild World of Cyber podcast Patrick Gray sits down with SentinelOne’s Chief Intelligence and Public Policy Officer Chris Krebs to talk all about Chinese cyber operations. They look at the Salt Typhoon and Volt Typhoon campaigns, the last 20 years of Chinese operations, and the evolution of the cyber roles of China’s Ministry of State Security and People’s Liberation Army. It’s a very dense hour of conversation! This podcast was recorded in front of an audience at the Museu...
Dec 13, 2024•50 min
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Cleo file transfer products have a remote code exec, here we go again! Snowflake phases out password-based auth Chinese Sophos-exploit-dev company gets sanctioned Romania’s election gets rolled back after Tiktok changed the outcome AMD’s encrypted VM tech bamboozled by RAM with one extra address bit Some cool OpenWRT research And much, much more. This week’s episode is sponsored by Thinkst, who l...
Dec 11, 2024•1 hr 2 min
In this interview Patrick Gray talks to Yubico’s COO and President Jerrod Chong about a new Yubikey feature: pre-registration. You can now ship pre-registered Yubikeys to your staff so you don’t need to rely on your staff to enrol them. They’ve achieved this with really slick Okta and Entra ID integrations. Jerrod also talks about a recent trip to Singapore and concerns he has about the cybersecurity of critical infrastructure in the energy sector....
Dec 08, 2024•30 min
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: The FTC decides its time to take another look at Microsoft Exxon’s opponents targeted by hackers Russian hackers keep getting sentenced and it confuses us The Feds recommend Signal, because throwing hackers out of telcos ain’t gonna happen A South Korean set-top-box manufacturer shipped a DDoS client for corpo-combat And much, much more. This week’s sponsor interview with Vijit Nair from Coreligh...
Dec 04, 2024•57 min
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: A ransomware attack has crippled US supply chain software provider Blue Yonder Russian spies hack nearby wifi to get to their targets, but that doesn’t seem surprising? Salt Typhoon’s attacks on telcos are hard to solve and big on impact China’s surveillance state workers sell their access at home Palo Alto is bad and should feel bad And much, much more. In this week’s sponsor interview Patrick G...
Nov 27, 2024•1 hr 1 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Microsoft introduces some sensible sounding post-Crowdstrike changes Palo Alto patches hella-stupid bugs in its firewall management webapp CISA head Jen Easterly to depart as Trump arrives AI grandma tarpits phone scammers in family-tech-support hell Academic research supports your gut-reaction; phishing training doesn’t work And much, much more. This week’s episode is sponsored by Greynoise. The ...
Nov 20, 2024•1 hr 1 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Apple frustrates law enforcement with iOS auto-reboot CISA says most KEV vulnerabilities in 2023 were first used as zero days Russians roll incident response on some sweet Linux spookware Regular users can create mailboxes in M365? Tor tracks down the source of its joe-job abuse complaints And much, much more. This week’s feature guest is former FBI agent Chris Tarbell, who arrested Silk Road oper...
Nov 13, 2024•1 hr 3 min
In this edition of the Risky Business Soap Box we’re talking all about email security with Sublime Security co-founder Josh Kamdjou. Email security is one of the oldest product categories in security, but as you’ll hear, Josh thinks the incumbents are just doing it wrong. He joins Risky Business host Patrick Gray for this interview about Sublime’s origin story and its new approach to email security....
Nov 11, 2024•36 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Sophos drops implants on Chinese firewall exploit devs Microsoft workshops better just-in-time Windows admin privileges Snowflake hacker arrested in Canada Okta has a fun, but not very impactful auth-bypass bug Russians bring dumb-but-smart RDP client attacks And much, much more. Special guest Sophos CISO Ross McKerchar joined us to talk about its “hacking back” campaign. The full interview is ava...
Nov 06, 2024•57 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: CSRB to investigate China’s telco-wiretapping hacks Euro law enforcement takes down the Redline infostealer Someone steals Fed crypto… and then tries to quietly sneak it back in Russia sentences REvil guys to … jail? Really? Apple private cloud compute gets a proper bug bounty program And much, much more. This week’s episode is sponsored by Material Security, who help navigate the mess of cloud pr...
Oct 30, 2024•52 min
In this Soap Box edition of the podcast Patrick Gray chats with Thinkst Canary founder Haroon Meer about his “decade of deception”, including: A history of Thinkst Canary including a recap of what they actually do A look at why they’re still really the only major player in the deception game A look at what companies like Microsoft are doing with deception Why security startups should have conference booths...
Oct 28, 2024•38 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: SEC fines tech firms for downplaying the Solarwinds hacks Anonymous Sudan still looks and quacks like a Russian duck Apple proposes max 10 day TLS certificate life Oopsie! Microsoft loses a bunch of cloud logs Veeam and Fortinet are bad and should feel bad North Koreans are good (at hacking) And much, much more. This week’s episode is sponsored by Proofpoint. Chief Strategy Officer Ryan Kalember j...
Oct 23, 2024•1 hr 2 min
On this week’s show Patrick Gray and Adam Boileau discuss the week’s infosec news, including: Chinese spooks all up in western telco lawful intercept Jerks ruin the Internet Archive’s day Microsoft drops a great report with a bad chart The feds make their own crypto currency and get it pumped Forti-, Palo- and Ivanti-fail And much, much more. This week’s episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther’s Director Product Management joins to discuss why the old “just ...
Oct 16, 2024•54 min
In this edition of Snake Oilers we hear pitches from three security vendors: Sandfly Security : An agentless Linux security platform that actually sounds very cool Permiso : An identity security platform founded by ex FireEye folks Wiz : The cloud security giant is getting in on code security scanning You can watch this edition of Snake Oilers on YouTube here ....
Oct 01, 2024•40 min
Patrick Gray and Adam Boileau discuss the week’s infosec news with everyone’s favourite ex-NSA big-brain, Rob Joyce. They talk through: Musk and Durov bow to government pressure Tiktok rushes to ban authoritarian propagandists The US doesn’t want Chinese software in its cars Kaspersky replaces itself with an AV no one has ever heard of Aussie police chalk up another crimephone takedown Press Win-R Ctrl-V to prove you’re human And much, much more. This week’s show is brought to you by Stairwell, ...
Sep 25, 2024•1 hr 6 min
On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Hezbollah’s attempts to avoid SIGINT with pagers ends in explosions The US shines many bright lights on RT’s disinfo role Australia counters Chinese bullying in the Pacific Valid accounts are the most prevalent entry point, says CISA’s data Ivanti and Fortinet vie for worst vendor of the week Krebs writes up the shift towards charging The Com with terrorism And much, much more… This week’s episode is s...
Sep 18, 2024•1 hr 3 min
On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Russia’s disinformation peddlers face multifaceted sternness from the DoJ Telegram is now law enforcement’s bestest new pal, all of a sudden Iran’s banking industry arranges a payment plan for a ransom Columbia investigates how it sent private jets full of cash to pay for Pegasus Microsoft innovates with Un-Patch Tuesday And much, much more. This week’s sponsor is Kroll Cyber, and one of their incident...
Sep 11, 2024•52 min
In this edition of Snake Oilers Patrick Gray gets pitches from three cybersecurity companies: Authentik, an open source identity provider that a lot of large organisations are deploying on prem as an alternative to cloud-based IDPs Dropzone AI, an LLM-based agent that can do the work of a Tier 1 SOC analyst SlashID, an identity security company that can crunch your logs to find attackers You can watch this edition of Snake Oilers on YouTube here . Show notes Welcome | authentik Dropzone AI: Rein...
Sep 06, 2024•38 min
On this week’s show, Patrick Gray and Adam Boileau discuss the weeks security news, including: Brazil’s supreme court bans X-formerly-Twitter, Iranian cyber teams cooperate with ransomware crews While North Koreans wield chrome-windows 0-day Yubikey cloning attack is impressive, but doesn’t have us binning our keys quite yet The White House is coming for your unsigned BGP announcements And much, much more. This week’s episode is sponsored by Okta, and specifically their Identity Security Posture...
Sep 04, 2024•1 hr 5 min
