Risky Business

• Risky Business #787 -- Trump fires NSA director, CISA cuts inbound

  On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matter NSA and CyberCom leaders fired for not being MAGA enough US Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them …which is a great time to discuss slashing CISA’s staffing Ransomware crews and bullet proof hosting providers are getting rekt, and we love it And Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube. Show notes Oracle privately confirms Cloud breach to customers Oracle have finally issued a written notification to customers about their cybersecurity incident. Head of NSA and US Cyber Command reportedly fired | Cybersecurity Dive Trump fires numerous National Security Council staff - The Washington Post Trump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity Dive Hackers Spied on US Bank Regulators’ Emails for Over a Year - Bloomberg This is how Jeffrey Goldberg got added to the Signal chat Cybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News $500,000 stolen in Australian super fund data breach | Superannuation | The Guardian Australian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future News Everest ransomware group’s darknet site offline following defacement | The Record from Recorded Future News On March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34). There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHub The DragonForce ransomware group hacked two rivals this month CISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future News Kill Security Campaign Targets CrushFTP Servers National Vulnerability Database | NIST Microsoft patches zero-day actively exploited in string of ransomware attacks | CyberScoop Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

  --------  

  53:01
• Risky Business #786 -- Oracle is lying

  On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Yes, Oracle Health and Oracle Cloud did get hacked The fallout from Signalgate continues North Korean IT workers pivot to Europe Honeypot data suggests a storm is brewing for Palo Alto VPNs Canadian Anon gets arrested for hacking Texas GOP This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit. This episode is also available on Youtube. Show notes Oracle Health breach compromises patient data at US hospitals FBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & Analysis Oracle Still Denies Breach as Researchers Persist Hacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity Dive Publius on X: "🚨 SIGNAL SCANDAL: Katherine Maher, the leftist NPR CEO, is currently the Chair of the Board of Signal! WHAT ARE THE ODDS? https://t.co/jWNTeAt3Jz" / X Mike Waltz Is Losing Support Inside the White House - WSJ Waltz and staff used Gmail for government communications, officials say - The Washington Post Pete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online - DER SPIEGEL Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public | WIRED You Need to Use Signal's Nickname Feature SignalGate Is Driving the Most US Downloads of Signal Ever | WIRED Wickr - Wikipedia When Getting Phished Puts You in Mortal Danger – Krebs on Security DPRK IT Workers Expanding in Scope and Scale | Google Cloud Blog How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack Defense contractor to pay $4.6 million over third-party provider’s security weakness | The Record from Recorded Future News Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats CISA warns new malware targeting Ivanti zero-day vulnerability | Cybersecurity Dive Canadian hacker arrested for allegedly stealing data from Texas Republican Party | The Record from Recorded Future News British intel intern pleads guilty to smuggling top secret data out of protected facility | The Record from Recorded Future News

  --------  

  55:14
• Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access

  In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors. This episode is also available on Youtube. Show notes

  --------  

  30:46
• Risky Business #785 -- Signal-gate is actually as bad as it looks

  On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This week’s episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he’s doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he’s got you fam. This episode is also available on Youtube. Show notes The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive Researchers back claim of Oracle Cloud breach despite company’s denials | Cybersecurity Dive The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop US scraps sanctions on Tornado Cash, crypto ‘mixer’ accused of laundering North Korea money | Reuters Tornado Cash Delisting | U.S. Department of the Treasury Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News Clevo Boot Guard Keys Leaked in Update Package Six additional countries identified as suspected Paragon spyware customers | CyberScoop The Citizen Lab’s director dissects spyware and the ‘proliferating’ market for it | The Record from Recorded Future News Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News DNA of 15 Million People for Sale in 23andMe Bankruptcy

  --------  

  59:05
• Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

  On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projects Why a VC fund now owns a minority stake in Risky Business Media (!?!?) China doxes Taiwanese military hackers Microsoft thinks .lnk file whitespace trick isn’t worth patching but APTs sure love it CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave …and Google acquires Wiz for $32bn This week’s show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that’s been around 40 years. This episode is also available on Youtube. Show notes Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media China says Taiwan's military is behind PoisonIvy APT China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News 'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW ‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge | WIRED The Wiretap: CISA Staff Are Cautiously Optimistic About Trump’s Pick For Director White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News Telegram CEO Pavel Durov allowed to leave France amid investigation Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel

  --------  

  56:58

Więcej Wiadomości podcastów

Trendy w podcaście Wiadomości

O Risky Business