Risky Business Patrick Gray

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


A look at the Hive takedown
UK’s Royal Mail still struggling
GitHub’s code signing certificates stolen
TSA misses the point on no-fly list theft
Much, much more


This week’s show is brought to you by Remediant, which is now a part of Netwrix.

Tim Keeler is co-founder of Remediant and joins us to talk about how the PAM market – and the tech that makes it up – is changing.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

In this Soap Box edition of the show Nucleus Security’s Scott Kuffer discusses Stakeholder-Specific Vulnerability Categorization (SSVC) and why tools alone can’t fix a dysfunctional vulnerability management program.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


Google’s search results have become a malware-riddled sh*tshow
Ransomware payment values dropped by 40% YoY in 2022
Kraken takes over Solaris the old school way
Grand Theft Auto RCE is wreaking havoc
ManageEngine customers are all getting owned
So you know, pretty much business as usual


This week’s show is brought to you by Kroll.

Jim Hung co-leads the special projects and applied research team at Kroll and joins us to talk about the big changes happening in the incident response discipline.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


Royal Mail attack was LockBit and GCHQ will probably “bust some heads”
CircleCI’s incident report and the problem with malwared endpoints in the Zero Trust age
Cloudflare backs Mastodon
Paul Nakasone: NSA did some great stuff! It was really good!
Cisco won’t patch SMB routers sold in 2020
Much, much more


This week’s show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake’s head of cybersecurity strategy Omer Singer are this week’s sponsor guests.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the news we missed while on break. Because it’s the first show of the year, we split the discussion into themes:


Attacks against critical online services like Okta, CircleCI, Slack and Lastpass will increase in volume
All the latest global intrigue, from NSO being noped by the US Supreme Court to DDoS attacks in Serbia, Turla’s latest campaign, supply chain attacks against Ukraine, why Russia has been more active than we realised and much more
A ransomware wrap, a discussion about the rise of data extortion and why it’s unlikely to remain a huge problem
Why automotive security research will actually be interesting this year
PLUS: A bunch of random news!


This week’s show is brought to you by Trail of Bits. Dan Guido is this week’s sponsor guest and he joins us to talk about something they’ve developed – a zero knowledge proof of exploit technique. Very interesting stuff!

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


Apple to introduce user-encrypted backups, FBI is sad
Twitter ices e2ee plans for DMs
RackSpace is getting sued over its hosted Exchange ransomware incident
Dodgy driving: Microsoft signs some shady stuff
Japan to change laws, release the Shibas
A look at the US NDAA
Much, much more


This week’s show is sponsored by Obsidian Security. Obsidian co-founder Ben Johnson joins the show this week to talk through SaaS configuration security and visibility/monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.