Risky Business cover art

Risky Business

Risky Business

By: Patrick Gray
Listen for free

About this listen

 Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2025 Politics & Government
Episodes
  • Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators

    Risky Business #797 -- Stuxnet vs Massive Ordnance Penetrators
    Jun 25 2025
    On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream newsSome interesting cyber angles emerge from the conflict in IranOpensource maintainer of libxml2 is fed up with this hacker crapShockingly, there are yet more ways to trick people into pasting commands into WindowsVeeam “patches” its backup software RCE like it’s 2002 … by breaking the public PoC This week’s episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they’re destined for the woodchipper. This episode is also available on Youtube. Show notes No, the 16 billion credentials leak is not a new data breach Canadian telecom hacked by suspected China state group - Ars Technica Telecom giant Viasat breached by China's Salt Typhoon hackers WarTranslated on X: "Iran’s jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X Top Pentagon spy pick rejected by White House - POLITICO DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say U.S. braces for Iran's response after overnight strikes on nuclear sites Assessing the Damage to Iran’s Nuclear Program Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times Iran's government says it shut down internet to protect against cyberattacks | TechCrunch Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2 README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog FileFix - A ClickFix Alternative | mr.d0x Address bar shows hp.com. Browser displays scammers’ malicious text anyway. - Ars Technica Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 | MrBruh's Epic Blog Perth dad who created ‘evil twin’ Wi-Fi did so to access pictures of women GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
    Show More Show Less
    1 hr and 2 mins
  • Risky Business #796 -- With special guest co-host Chris Krebs

    Risky Business #796 -- With special guest co-host Chris Krebs
    Jun 18 2025

    On this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through:

    • Israeli “hacktivists” take out an Iranian state-owned bank
    • Scattered-spider and friends pivot into attacking insurers
    • Securing identities in a cloud-first world keeps us awake at night
    • Microsoft takes the “aas” out of SaaS for Europe, leaving us with just software!
    • An AI prompt injection into M365 exfils corporate data

    This week’s episode is sponsored by Kroll’s Cyber practice. Kroll Cyber Associate Managing Director George Glass is based in London and talks through his experiences helping organisations in the UK deal with the Scattered Spider attacks.

    This episode is also available on Youtube.

    Show notes
    • Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group | CyberScoop
    • Iran orders officials to ditch connected devices
    • Heightened Cyberthreat Amidst Israel-Iran Conflict
    • Threat group linked to UK, US retail attacks now targeting insurance industry | Cybersecurity Dive
    • Coming to Apple OSes: A seamless, secure way to import and export passkeys - Ars Technica
    • Cyberattack on Washington Post Compromises Email Accounts of Journalists
    • Hackers impersonating US government compromise email account of prominent Russia researcher | The Record from Recorded Future News
    • A good one to talk to Chris about:
    • Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
    • CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws | Cybersecurity Dive
    • Whole Foods supplier making progress on restoration after cyberattack left shelves empty | The Record from Recorded Future News
    • Ransomware attack on ticketing platform upends South Korean entertainment industry | The Record from Recorded Future News
    • Advisory: Cybersecurity incident
    Show More Show Less
    1 hr and 1 min
  • Soap Box: AI has entered the SOC, and it ain't going anywhere

    Soap Box: AI has entered the SOC, and it ain't going anywhere
    Jun 16 2025

    In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Dropzone AI founder Ed Wu about the role of LLMs in the SOC.

    The debate about whether AI agents are going to wind up in the SOC is over, they’ve already arrived. But what are they good for? What are they NOT good for? And where else will we see AI popping up in security?

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      31 mins
    No reviews yet