Episodes

  • Risky Biz Soap Box: Prowler, the open cloud security platform

    Risky Biz Soap Box: Prowler, the open cloud security platform
    Jul 14 2025

    In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.

    Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      32 mins
    • Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses

      Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses
      Jul 2 2025
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ingMicrosoft works towards blunting the next CrowdStrike disasterChanges are coming for Microsoft’s default enterprise app consenting setupSynology downplays hardcoded passwords for its M365 cloud backup agentThe next Citrix Netscaler memory disclosure looks nastyDrug cartels used technical surveillance to find, fix and finish FBI informants and witnesses This week’s episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments. This episode is also available on Youtube. Show notes Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive (384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero AT&T deploys new account lock feature to counter SIM swapping | CyberScoop Iran-linked hackers threaten to release Trump aides' emails | Reuters US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop US, French authorities confirm arrest of BreachForums hackers | TechCrunch Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News
      Show More Show Less
      1 hr and 2 mins
    • Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators

      Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators
      Jun 25 2025
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream newsSome interesting cyber angles emerge from the conflict in IranOpensource maintainer of libxml2 is fed up with this hacker crapShockingly, there are yet more ways to trick people into pasting commands into WindowsVeeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper. This episode is also available on Youtube. Show notes No, the 16 billion credentials leak is not a new data breach Canadian telecom hacked by suspected China state group - Ars Technica Telecom giant Viasat breached by China's Salt Typhoon hackers WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X Top Pentagon spy pick rejected by White House - POLITICO DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say U.S. braces for Iran's response after overnight strikes on nuclear sites Assessing the Damage to Iran’s Nuclear Program Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times Iran's government says it shut down internet to protect against cyberattacks | TechCrunch Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2 README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog FileFix - A ClickFix Alternative | mr.d0x Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
      Show More Show Less
      1 hr and 2 mins
    • Risky Business #796 -- With special guest co-host Chris Krebs

      Risky Business #796 -- With special guest co-host Chris Krebs
      Jun 18 2025

      On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through:

      • Israeli “hacktivists” take out an Iranian state-owned bank
      • Scattered-spider and friends pivot into attacking insurers
      • Securing identities in a cloud-first world keeps us awake at night
      • Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software!
      • An AI prompt injection into M365 exfils corporate data

      This week’s episode is sponsored by Kroll’s Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks.

      This episode is also available on Youtube.

      Show notes
      • Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop
      • Iran orders officials to ditch connected devices
      • Heightened Cyberthreat Amidst Israel-Iran Conflict
      • Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive
      • Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica
      • Cyberattack on Washington Post Compromises Email Accounts of Journalists
      • Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News
      • A good one to talk to Chris about:
      • Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
      • CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive
      • Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News
      • Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News
      • Advisory: Cybersecurity incident
      Show More Show Less
      1 hr and 1 min
    • Soap Box: AI has entered the SOC, and it ain't going anywhere

      Soap Box: AI has entered the SOC, and it ain't going anywhere
      Jun 16 2025

      In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.

      The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?

      This episode is also available on Youtube.

      Show notes
        Show More Show Less
        31 mins
      • Risky Business #795 -- How The Com is hacking Salesforce tenants

        Risky Business #795 -- How The Com is hacking Salesforce tenants
        Jun 11 2025
        On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: New York Times gets a little stolen Russian FSB data as a treatiVerify spots possible evidence of iOS exploitation against the Harris-Walz campaignResearcher figures out a trick to get Google account holders’ full names and phone numbersMajor US food distributor gets ransomwaredThe Com’s social engineering of Salesforce app authorisations is a harbinger of our future problemsAustralian Navy forgets New Zealand has computers, zaps Kiwis with their giant radar. This week’s episode is sponsored by identity provider Okta. Long-time friend of the show Alex Tilley is Okta’s Global Threat Research Coordinator, and he joins to discuss how organisations can use both human and technical signals to spot North Koreans in their midst. This episode is also available on Youtube. Show notes How The Times Obtained Secret Russian Intelligence Documents - The New York TimesUkraine's military intelligence claims cyberattack on Russian strategic bomber maker | The Record from Recorded Future NewsHarris-Walz campaign may have been targeted by iPhone hackers, cybersecurity firm saysiVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.Spyware maker cuts ties with Italy after government refused audit into hack of journalist’s phone | The Record from Recorded Future NewsItalian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist | TechCrunchAndroid chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunchCellebrite to acquire mobile testing firm Corellium in $200 million deal | CyberScoopApple Gave Governments Data on Thousands of Push NotificationsA Researcher Figured Out How to Reveal Any Phone Number Linked to a Google AccountBruteforcing the phone number of any Google userAcreed infostealer poised to replace Lumma after global crackdown | The Record from Recorded Future NewsBidenCash darknet forum taken down by US, Dutch law enforcement | The Record from Recorded Future NewsNHS calls for 1 million blood donors as UK stocks remain low following cyberattack | The Record from Recorded Future NewsMajor food wholesaler says cyberattack impacting distribution systems | The Record from Recorded Future NewsKettering Health confirms attack by Interlock ransomware group as health record system is restored | The Record from Recorded Future NewsHackers abuse malicious version of Salesforce tool for data theft, extortion | Cybersecurity Diveshubs on X: "IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic through a specific location (cloud provider, geo-location). Today, we're releasing Newtowner, to help test for this issue: https://t.co/X3dkMz9gwK" / XRoss Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect | WIREDAustralian navy ship causes radio and internet outages to parts of New Zealand
        Show More Show Less
        1 hr and 8 mins
      • Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242

        Risky Business #794 -- Psychic Panda outgunned by Fluffy Lizard and UNC56728242
        Jun 4 2025

        On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

        • Cyber firms agree to deconflict and cross-reference hacker group names
        • Russian nuclear facility blueprints gathered from public procurement websites
        • Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
        • Germany identifies the Trickbot kingpin
        • Google spots China’s MSS using Calendar events for malware C2
        • Meta apps abuse localhost listeners to track web sessions.

        This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.

        This episode is also available on Youtube.

        Show notes
        • 'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames | Reuters
        • Ukraine's Massive Drone Attack Was Powered by Open Source Software
        • Massive security breach: Russian nuclear facilities exposed online
        • How a Spyware App Compromised Assad’s Army - New Lines Magazine
        • Exclusive | Federal Authorities Probe Effort to Impersonate White House Chief of Staff Susie Wiles - WSJ
        • Malaysian home minister’s WhatsApp hacked, used to scam contacts | The Record from Recorded Future News
        • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams – Krebs on Security
        • Top counter antivirus service disrupted in global takedown | CyberScoop
        • Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin | WIRED
        • Australian ransomware victims now must tell the government if they pay up | The Record from Recorded Future News
        • Google: China-backed hackers hiding malware in calendar events | Cybersecurity Dive
        • Coinbase breach linked to customer data leak in India, sources say | Reuters
        • US military IT specialist arrested for allegedly trying to leak secrets to foreign government | The Record from Recorded Future News
        • NSO appeals WhatsApp decision, says it can’t pay $168 million in ‘unlawful’ damages | The Record from Recorded Future News
        • ConnectWise says nation-state attack targeted multiple ScreenConnect customers | The Record from Recorded Future News
        • Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
        • Meta and Yandex are de-anonymizing Android users’ web browsing identifiers - Ars Technica
        • An Open Letter to Third-Party Suppliers
        Show More Show Less
        58 mins
      • Risky Business #793 -- Scattered Spider is hijacking MX records

        Risky Business #793 -- Scattered Spider is hijacking MX records
        May 28 2025
        In this week’s edition of Risky Business Dmitri Alperovitch and Adam Boileau join Patrick Gray to talk through the week’s news, including: EXCLUSIVE: A Scattered Spider-style crew is hijacking DNS MX entries and compromising enterprises within minutesThe SVG format brings the all horrors of HTML+JS to image files, and attackers have noticedBrian Krebs eats a 6.3Tbps DDoS … ‘cause that’s how you demo your packet cannonLaw enforcement takes out Lumma Stealer, Qakbot, Danabot and some dark web drug traffickersIranian behind 2019 Baltimore ransomware mysteriously appears in North Carolina and pleads guiltyCISA’s leadership is fleeing in droves, even though the US needs them more than ever. This week’s episode is sponsored by Thinkst Canary. Long time friend of the show Haroon Meer joins and talks through where he feels the industry is at, having just returned home from the AI-fueled hype at this year’s RSA conference. This episode is also available on Youtube. Show notes China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says - Nextgov/FCW Risky Bulletin: SVG use for phishing explodes in 2025 - Risky Business Media KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – Krebs on Security Midwestern telco Cellcom confirms cyber incident after days of service outages | The Record from Recorded Future News Microsoft leads international takedown of Lumma Stealer | Cybersecurity Dive Who said what? on X: "Message from the administrator of Lumma Stealer on the forums about the recent events🕊️👀 https://t.co/MOjCSMMErK" / X Ransomware hackers charged, infrastructure dismantled in international law enforcement operation | The Record from Recorded Future News Oops: DanaBot Malware Devs Infected Their Own PCs – Krebs on Security DOJ charges man allegedly behind Qakbot malware | The Record from Recorded Future News US, Europol arrest 270 dark web drug traffickers in Operation RapTor | The Record from Recorded Future News Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars | The Record from Recorded Future News Decentralized crypto platform Cetus hit with $223 million hack | The Record from Recorded Future News Nearly 70,000 impacted by Coinbase breach involving $20 million ransom demand | The Record from Recorded Future News USA: Crypto investor charged with kidnapping, torturing man in an NYC apartment Vietnam orders ban on Telegram messaging app over security concerns | The Record from Recorded Future News Exclusive: Hacker who breached communications app used by Trump aide stole data from across US government | Reuters CISA loses nearly all top officials as purge continues | Cybersecurity Dive White House dismisses scores of National Security Council staff - The Washington Post
        Show More Show Less
        1 hr and 5 mins