Risky Business

Risky Business Media
  • 0.0 (0)
  • NOTICIAS TECNOLÓGICAS
  • CADA SEMANA

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

  1. HACE 16 H

    Risky Biz Soap Box: It took a decade, but allowlisting is cool again

    In this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role AI models could play in managing enterprise allowlists. They also talk about the durability of allowlisting as a control. After 12 years in business, the Airlock product hasn’t really changed all that much. That’s a good thing! It also means the Airlock team have been able to spend some time doing deep engineering instead of chasing the latest attacker TTPs and writing detection rules for them. This episode is also available on Youtube. Show notes

    27 min

  2. HACE 2 DÍAS

    Risky Business #828 -- The Coruna exploits are truly exquisite

    On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: The Coruna exploits were L3 Harris, but it seems Triangulation… was not! Iran’s cyber HQ hit by Israeli (kinetic) strikes Trump’s cyber “strategy” is … well, all we’ve got is jokes cause there’s no serious content NSA and CyberCom finally get a leader after Lt Gen Joshua Rudd gets Senate nod DOGE (remember them?!) employee walked a social security database out on a USB stick This episode is sponsored by open source cloud security scanner Prowler. Creator and CEO Toni de la Fuente talks to Pat about some of the enterprise features Prowler is growing, while remaining true to its open source roots. This episode is also available on Youtube. Show notes Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript GitHub - matteyeux/coruna: deobfuscated JS and blobs US military contractor likely built iPhone hacking tools used by Russian spies in Ukraine APT36: A Nightmare of Vibeware State-linked actors targeted US networks in lead-up to Iran war Iranian cyber warfare HQ allegedly hit by Israel Last 2 names of 6 US soldiers who died in Kuwait attack identified by the Pentagon Signal, WhatsApp users face Russian phishing push, Dutch warn Samuel Bendett on X: "Russian military told it couldn't use Telegram messaging app" FBI investigating ‘suspicious’ cyber activities on critical surveillance network Risky Bulletin: New White House EO prioritizes fight against scams and cybercrime President Trump’s CYBER STRATEGY for America Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens UK plans to shift fraud fight onto telecoms, tech companies Trump to hit Anthropic with executive order to remove "woke" AI Claude Anthropic launches code review tool to check flood of AI-generated code CrowdStrike reports record quarter amid investor concerns about AI impact Critical defect in Java security engine poses serious downstream security risks Gen. Joshua Rudd confirmed as NSA, Cyber Command head Plankey’s nomination as CISA director now in jeopardy DOGE employee stole Social Security data and put it on a thumb drive, report says Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel Cel mai mare exportator român de carne, deținătorul brandului Cocorico, a intrat în restructurări, alături de Casa de Insolvență Transilvania

    1 h y 2 min

  3. 4 MAR

    Risky Business #827 -- Iranian cyber threat actors are down but not out

    On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used by Chinese crypto scammers So long Maddhu Gottumukkala, but CISA’s annus horribilis continues Adam “humbug” Boileau complains about the Airsnitch wifi attack just being three ethernets in a trenchcoat ASD’s Cisco SD-WAN threat hunting guide is clearly borne of … experience This week’s episode is sponsored by AI threat hunting platform Nebulock. Sydney Marrone joins to talk about how useful AI models are on the hunt, and her work building out an open source framework and maturity model. It’s methodology agnostic, so you can adapt it for your environment, and the github link is in the show notes! This episode is also available on Youtube. Show notes Inside the plan to kill Ali Khamenei Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran | TechCrunch Matthew Prince 🌥 on X: "Counter to what some cyber vendors are saying, there’s been a dramatic drop in Iranian cyber operations. Likely as the operators are sheltering. They may pick back up, but right now there’s a noticeable lull." / X Cyber Command disrupted Iranian comms, sensors, top general says | The Record from Recorded Future News Iranian Hackers Use Elon Musk’s Starlink To Stay Online Exclusive | U.S. Smuggled Thousands of Starlink Terminals Into Iran After Protest Crackdown - WSJ Attacks on GPS Spike Amid US and Israeli War on Iran | WIRED Amazon Data Centers on Fire After Iranian Missile Strikes on Dubai A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals | WIRED Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar - POLITICO CISA CIO Robert Costello exits agency | CyberScoop OpenAI alters deal with Pentagon as critics sound alarm over surveillance Inside Anthropic’s Killer-Robot Dispute With the Pentagon - The Atlantic Read the full transcript of our interview with Anthropic CEO Dario Amodei - CBS News CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements Large-Scale Online Deanonymization with LLMs Hackers Weaponize Claude Code in Mexican Government Cyberattack - SecurityWeek New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises - Ars Technica CISA orders agencies to patch Cisco devices now under attack | Cybersecurity Dive CISCO SD-WAN THREAT HUNT GUIDE ClawJacked attack let malicious websites hijack OpenClaw to steal data Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums | WIRED Intellexa founder, three others sentenced to 8 years in prison over Greek spyware scandal | The Record from Recorded Future News Moscow man accused of posing as FSB officer to extort Conti ransomware gang | The Record from Recorded Future News Farewell, Felix · The Recurity Lablog Atmos Sphere 2026 | Atmos The Agentic Threat Hunting Framework | Nebulock blog GitHub - Nebulock-Inc/agentic-threat-hunting-framework: ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and act with increasing autonomy. · GitHub

    1 h y 1 min

  4. 25 FEB

    Risky Business #826 -- A week of AI mishaps and skulduggery

    On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Low skill actors compromise 600 Fortinets with AI-generated playbooks Anthropic calls out Chinese AI firms over model distillation Meta’s director of AI safety tells her ClawdBot not to delete her mail… so of course it does Peter Williams cops 7 years in jail for selling L3 Harris Trenchant’s exploits to Russia Ivanti got hacked in 2021 via… bugs in Ivanti This episode is sponsored by line-rate network capture system Corelight. CEO Brian Dye joins to discuss what AI can do for defenders, and what it can’t. This episode is also available on Youtube. Show notes AI-augmented threat actor accesses FortiGate devices at scale "this reads to me like: they ran existing tools.... but with a cool dashboard :D" Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities | CyberScoop Detecting and preventing distillation attacks Hegseth warns Anthropic to let the military use the company’s AI tech as it sees fit, AP sources say Anthropic Rolls Out Embedded Security Scanning for Claude AWS's AI Coding Bot Kiro Caused a 13-Hour Outage Running OpenClaw safely: identity, isolation, and runtime risk Former Adobe, Cisco and Salesforce CISO talks AI pentesting History Repeats: Security in the AI Agent Era Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox Microsoft says Office bug exposed customers' confidential emails to Copilot AI | TechCrunch The (tangential) fix: Microsoft adds Copilot data controls to all storage locations Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools Risky Bulletin: Russia starts criminal probe of Telegram founder Pavel Durov Ukraine pushes tighter Telegram regulation, citing Russian recruitment of locals The watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds Persona emails customers saying they don’t work with ICE or DHS amid ‘surveillance’ claims Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 Ivanti hacked in 2021 via its own product Fed agencies ordered to patch Dell bug by Saturday after exploitation warning | The Record from Recorded Future News From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day

    1 h y 6 min

  5. 19 FEB

    Risky Biz Soap Box: The lethal trifecta of AI risks

    There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks. There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this. But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem. This episode is also available on Youtube. Show notes

    38 min

  6. 18 FEB

    Risky Business #825 -- Palo Alto Networks blames it on the boogie

    On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shush An increasing proportion of ransomware is data extortion. Is this good? Cambodia says it’s going to dismantle scam compounds CISA sufferers through yet another shutdown Google Gemini’s training secrets are being systematically harvested to improve other LLMs Academics assess SaaS password managers’ resilience against a malicious server This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows. This episode is also available on Youtube. Show notes Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity Dive Arctic Wolf Threat Report 2026 Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say Risky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business Media Age of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The Guardian Critical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity Dive CISA Navigates DHS Shutdown With Reduced Staff - SecurityWeek Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security Labs Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future News Password managers' promise that they can't see your vaults isn't always true - Ars Technica Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers Google finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoop Google: Gemini hit with 100,000+ prompts in cloning attempt Proofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoop Cisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASE Sophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every Organization Dave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / X Clash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / X Dutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News

    1 h y 3 min

  7. 11 FEB

    Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Microsoft reshuffles security leadership. It doesn’t spark joy. Russia is hacking the Winter Olympics. Again. But y tho? China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of others Campaigns underway targeting Ivanti, BeyondTrust and SolarWinds products An unknown hero blocks 23/tcp on the US internet backbone And James Wilson pops into talk about Claude’s go at a C compiler This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft Blog Strengthening Windows trust and security through User Transparency and Consent | Windows Experience Blog Microsoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity Dive Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoop Microsoft releases urgent Office patch. Russian-state hackers pounce. - Ars Technica Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future News Researchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future News Germany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future News Norwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future News Singapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future News Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of Singapore How Intel and Google Collaborate to Strengthen Intel® TDX Strengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug Hunters Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress EU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future News North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future News BeyondTrust warns of critical RCE flaw in remote support software Rapid7 Analysis of CVE-2026-1731 Building a C compiler with a team of parallel Claudes \ Anthropic (1) Post by @ryiron.bsky.social — Bluesky What AI Security Research Looks Like When It Works | AISLE South Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The Guardian White House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News

    56 min

  8. 4 FEB

    Risky Business #823 -- Humans impersonate clawdbots impersonating humans

    Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including: Notepad++ update supply chain attack has been attributed to China The AI agent future is even more stupid than expected; behold the OpenClaw/Clawdbot/Moltbook mess The Epstein files claim he had a personal hacker? Microsoft is finally getting ready to (think about starting to begin to) disable NTLM by default The usual bugs in the usual things! Ivanti, Fortinet, and Solarwinds. Again. Telco hides a free trip in its privacy policy, someone actually reads it and wins! This weeks’s episode is sponsored by opensource IDP platform Authentik. CEO Fletcher Heisler talks to Pat about their new endpoint agent that can enforce device posture policies during login. This episode is also available on Youtube. Show notes The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit Notepad++ Hijacked by State-Sponsored Hackers | Notepad++ Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations | Notepad++ Hacking Moltbook: AI Social Network Reveals 1.5M API Keys | Wiz Blog lcamtuf on X: "Moltbook debate in a nutshell" / X Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site AndrewMohawk on X: "How exactly did an attacker send a message to your bot since you need to approve all the channels and set keys etc" / X Signal president warns AI agents are making encryption irrelevant Massive AI Chat App Leaked Millions of Users Private Conversations Runa Sandvik on X: New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson EFTA01683874.pdf Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog Nobel Committee says Peace Prize winner likely revealed early by digital spying | Reuters County pays $600,000 to pentesters it arrested for assessing courthouse security - Ars Technica Advancing Windows security: Disabling NTLM by default - Windows IT Pro Blog Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts | Cybersecurity Dive CISA orders federal agencies to patch exploited SolarWinds bug by Friday | The Record from Recorded Future News CISA, security researchers warn FortiCloud SSO flaw is under attack | Cybersecurity Dive Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch We Hid a Free Trip to Switzerland in Our Privacy Policy. Someone Found It in 2 Weeks. - Cape Between Two Nerds: The internal logic of Russian power grid attacks - YouTube

    56 min
Ver todo (102)

Anfitriones e invitados

Acerca de

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Información

  • Creador
    Risky Business Media
  • Años de actividad
    2007 - 2026
  • Episodios
    102
  • Clasificación
    Apto
  • Copyright
    © Copyright Risky Business Media 2007-2026
  • Mostrar sitio web
    Risky Business

También te podría interesar