Risky Business

By: Patrick Gray
Listen for free

  • Summary

  • Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
    Copyright 2007-2025 Patrick Gray
    Show More Show Less
Politics & Government
Show More Show Less
Episodes
  • Risky Business #777 -- It's SonicWall's turn

    Risky Business #777 -- It's SonicWall's turn
    Jan 29 2025

    Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

    • Sonicwall firewalls hand out remote code exec like candy
    • Mastercard make a slapstick-grade mistake with their DNS
    • The data breach at PowerSchool and other niche SaaS providers
    • Academic research proposes taking down Europe’s power grid
    • Apple CPUs get a new speculative execution side channel
    • And much, much more.

    This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.

    This episode is also available on Youtube.

    Show notes
    • SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive
    • MasterCard DNS Error Went Unnoticed for Years – Krebs on Security
    • Data breach hitting PowerSchool looks very, very bad - Ars Technica
    • OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks’ | The Record from Recorded Future News
    • Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News
    • UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News
    • Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News
    • Researchers say new attack could take down the European power grid - Ars Technica
    • At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News
    • BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News
    • Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica
    • Apple fixes zero-day flaw affecting all devices | TechCrunch
    • I’m Lovin’ It: Exploiting McDonald’s APIs to hijack deliveries and order food for a penny
    • Government websites vanish under Trump, from the Constitution to DEI
    • Trail of Bits: Director, Technical Marketing
    • Push Security: Security Researcher (remote in the USA)
    Show More Show Less
    51 mins
  • Risky Business #776 -- Trump will flex America's cyber muscles

    Risky Business #776 -- Trump will flex America's cyber muscles
    Jan 22 2025
    Risky Business returns for its 19th year! Patrick Gray and Adam Boileau discuss the week’s cybersecurity news and there is a whole bunch of it. They discuss: The incoming Trump administration guts the CSRBBiden’s last cyber Executive Order has sensible things in itChina’s breach of the US Treasury gets our reluctant admirationRoss Ulbricht - the Dread Pirate Roberts of Silk Road fame - gets his Trump pardonNew year, same shameful comedy Forti- and Ivanti- bugsUS soldier behind the Snowflake hacks faces charges after a solid Krebs-ingAnd much, much (much! after a month off) more. This week’s episode is sponsored by Sandfly Security, who make a Linux EDR solution. Founder Craig Rowland joins to talk about how the Linux ecosystem struggles with its lack of standardised approaches to detection and response. If you’ve got a telco full of unix, and people are asking how much Salt Typhoon you’ve got in there… Sandfly’s tools are probably what you’re looking for. If you like your Business like us… - Risky - then we’re hiring! We’re looking for someone to help with audio and video production for our work, manage our socials, and if you’re also into the Cybers… even better. Position is remote, with a preference for timezones amenable to Australia/NZ. Drop us a line: editorial at risky.biz. This episode is also available on (Youtube)[https://www.youtube.com/watch?v=pJr2K9mCW-s]. Show notes POLITICO Pro | Article | Acting DHS chief ousts CSRB experts, other department advisersTreasury’s sanctions office hacked by Chinese government, officials say Strengthening America’s Resilience Against the PRC Cyber Threats | CISAAT&T, Verizon say they evicted Salt Typhoon from their networksRisky Bulletin: Looking at Biden's last cyber executive order - Risky BusinessInternet-connected devices can now have a label that rates their security | ReutersUS sanctions prominent Chinese cyber company for role in Flax Typhoon attacksFCC ‘rip and replace’ provision for Chinese tech tops cyber provisions in defense billCIA nominee tells Senate he, too, wants to go on cyber offense | CyberScoopTrump tells Justice Department not to enforce TikTok ban for 75 daysJudge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices | The Record from Recorded Future NewsUnpacking WhatsApp’s Legal Triumph Over NSO Group | LawfareTime to check if you ran any of these 33 malicious Chrome extensionsConsole Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls - Arctic WolfOngoing attacks on Ivanti VPNs install a ton of sneaky, well-written malwareResearchers warn of active exploitation of critical Apache Struts 2 flaw DOJ deletes China-linked PlugX malware off more than 4,200 US computersRussian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | The Record from Recorded Future NewsUkraine restores state registers after suspected Russian cyberattack | The Record from Recorded Future NewsHackers claim to breach Russian state agency managing property, land records | The Record from Recorded Future NewsU.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
    Show More Show Less
    1 hr and 4 mins
  • Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser

    Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser
    Dec 20 2024

    In this sponsored Soap Box edition of the show Patrick Gray talks to Island CEO Michael Fey about some of the cool tricks in the Island enterprise browser. You can use it to tick off so many compliance boxes, and not just cybersecurity boxes.

    This is largely a conversation about compliance, but it’s actually interesting and fun. These are words we never thought we’d type!

    You can find Island at https://island.io/

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      27 mins

    What listeners say about Risky Business

    Average customer ratings

    Reviews - Please select the tabs below to change the source of reviews.

    Audible.co.uk reviews

    Amazon reviews
    No Reviews are Available