Risky Business Patrick Gray

On this week’s show Patrick and Adam discuss the week’s security news, including:


Microsoft reassures* us that they take security very seriously*
Cisco ASA firewalls get sneakily backdoored, but no one’s quite sure how
Change Healthcare was 1FA Citrix all along
The FTC, FCC and other government sticks get waved at tech
Lizard Squad Finn who hacked the Vastaamo therapy chain gets sentenced
And much, much more.


This week’s sponsor is Zero Networks, who make a network micro-segmentation product that is actually usable. Zero Networks CEO Benny Lakunishok joins us to talk through why firewalling everything everywhere is finally workable.

* You’ll forgive us for being… a tad sceptical.

In this edition of Snake Oilers we’ll be hearing from:


Push Security: A browser plugin-based security company that combats identity-based attacks. (Much more compelling that it sounds in this description.)
Knocknoc: The tool Risky Business uses to protect our own applications and services. (Restrict network/port access to users who are authenticated via SSO.)
iVerify: Mobile security and threat hunting for iOS and Android. (Caught Pegasus in the wild!)

In this special edition of the Risky Business podcast Patrick Gray chats with former Facebook CSO Alex Stamos and founding CISA director Chris Krebs about sovereignty and technology.

China and Russia are doing their level best to yeet American tech from their supply chains – hardware, software and cloud services. They’ll be rebuilding these supply chains – for government systems, at least – from components that they have complete visibility into, and control over.

Meanwhile, America’s government faces different supply chain challenges. It has a supply chain that won’t be weaponised against it by its adversaries, but it lacks the same sort of visibility and control that its adversaries will eventually achieve over their supply chains. So where does this leave the west? Where does it leave China and Russia?

On this week’s show Patrick and Adam discuss the week’s security news, including:


Palo Alto’s firewalls have a ../ bad day
Sisense’s bucket full of creds gets kicked over
United Healthcare draws the ire of congress
FISA 702 reauthorisation finally moves forward
Apple warns about “mercenary exploitation” but what’s the India link?
And much, much, more


This week’s sponsor is Panther, a platform that does detection as code on massive amounts of data. Panther’s founder Jack Naglieri is this week’s sponsor guest, and we spoke with him about some common detection-as-code approaches.

On this week’s show Patrick and Adam discuss the week’s security news, including:


Ransomware: down but not out
Zero day prices on the rise…
… and what it means for enterprise software
Geopolitical conflict comes to computers in Palau
Ukraine cyber chief Illia Vitiuk suspended
More x86 microarchitectural bad times
And much much more


Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.

In this edition of Snake Oilers you’ll hear pitches from three companies:


Kodex: Makes a platform companies can use to interact with law enforcement (Solves the law enforcement impersonator problem, among others.)
ClearVector: Cloud security startup from former FireEye/Mandiant SVP/CTO John Laliberte
Censys: Scans the entire internet, identifies assets you didn’t know were yours, helps you track attacker infrastructure like C2