Risky Business

By: Patrick Gray
Listen for free

  • Summary

  • Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
    Copyright Risky Business Media 2007-2025
    Show More Show Less
Politics & Government
Show More Show Less
Episodes
  • Risky Business #787 -- Trump fires NSA director, CISA cuts inbound

    Risky Business #787 -- Trump fires NSA director, CISA cuts inbound
    Apr 9 2025
    On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Oracle quietly cops to being hacked, but immediately pivots into pretending it didn’t matterNSA and CyberCom leaders fired for not being MAGA enoughUS Treasury had some dusty corners it hadn’t found China in yet, looked, found China in them…which is a great time to discuss slashing CISA’s staffingRansomware crews and bullet proof hosting providers are getting rekt, and we love itAnd Microsoft patches yet another logging 0-day being used in the wild. This episode is sponsored by Yubico, makers of Yubikey hardware authentication tokens. Yubico’s Vice President of Solutions Architecture and Alliances Derek Hanson joins to discuss how the consumer-centric passkey ecosystem has become a real challenge for enterprises. One that Yubico is actually ideally positioned to solve. This episode is also available on Youtube. Show notes Oracle privately confirms Cloud breach to customersOracle have finally issued a written notification to customers about their cybersecurity incident.Head of NSA and US Cyber Command reportedly fired | Cybersecurity DiveTrump fires numerous National Security Council staff - The Washington PostTrump administration under scrutiny as it puts major round of CISA cuts on the table | Cybersecurity DiveHackers Spied on US Bank Regulators’ Emails for Over a Year - BloombergThis is how Jeffrey Goldberg got added to the Signal chatCybercriminals are trying to loot Australian pension accounts in new campaign | The Record from Recorded Future News$500,000 stolen in Australian super fund data breach | Superannuation | The GuardianAustralian regulator pulls licenses of 95 companies in effort to crack down on investment scams | The Record from Recorded Future NewsEverest ransomware group’s darknet site offline following defacement | The Record from Recorded Future NewsOn March 28, 2025, a threat actor leaked internal data from Medialand, a major bulletproof hosting (BPH) provider long linked to Yalishanda (LARVA-34).There's a ransomware group named DragonForce going around hacking its rivals. After Mamona and BlackLock, the group has now hacked RansomHubThe DragonForce ransomware group hacked two rivals this monthCISA, experts warn of Crush file transfer attacks as ransomware gang makes threats | The Record from Recorded Future NewsKill Security Campaign Targets CrushFTP ServersNational Vulnerability Database | NISTMicrosoft patches zero-day actively exploited in string of ransomware attacks | CyberScoopExploitation of CLFS zero-day leads to ransomware activity | Microsoft Security BlogIs The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)
    Show More Show Less
    53 mins
  • Risky Business #786 -- Oracle is lying

    Risky Business #786 -- Oracle is lying
    Apr 2 2025
    On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Yes, Oracle Health and Oracle Cloud did get hackedThe fallout from Signalgate continuesNorth Korean IT workers pivot to EuropeHoneypot data suggests a storm is brewing for Palo Alto VPNsCanadian Anon gets arrested for hacking Texas GOP This week’s episode is sponsored by Trail of Bits. Tjaden Hess, a Principal Security Engineer at Trail of Bits who specialises in cryptography, joins the show this week to talk about what a responsible crypto-currency exchange cold wallet setup looks like, and … contrasts that with Bybit. This episode is also available on Youtube. Show notes Oracle Health breach compromises patient data at US hospitalsFBI probes Oracle hack tied to healthcare extortion: Report - Becker's Hospital Review | Healthcare News & AnalysisOracle Still Denies Breach as Researchers PersistHacker linked to Oracle Cloud intrusion threatens to sell stolen data | Cybersecurity DivePublius on X: "🚨 SIGNAL SCANDAL: Katherine Maher, the leftist NPR CEO, is currently the Chair of the Board of Signal! WHAT ARE THE ODDS? https://t.co/jWNTeAt3Jz" / XMike Waltz Is Losing Support Inside the White House - WSJWaltz and staff used Gmail for government communications, officials say - The Washington PostPete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online - DER SPIEGELEven More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public | WIREDYou Need to Use Signal's Nickname FeatureSignalGate Is Driving the Most US Downloads of Signal Ever | WIREDWickr - WikipediaWhen Getting Phished Puts You in Mortal Danger – Krebs on SecurityDPRK IT Workers Expanding in Scope and Scale | Google Cloud BlogHow the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino HackDefense contractor to pay $4.6 million over third-party provider’s security weakness | The Record from Recorded Future NewsSurge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming ThreatsCISA warns new malware targeting Ivanti zero-day vulnerability | Cybersecurity DiveCanadian hacker arrested for allegedly stealing data from Texas Republican Party | The Record from Recorded Future NewsBritish intel intern pleads guilty to smuggling top secret data out of protected facility | The Record from Recorded Future News
    Show More Show Less
    55 mins
  • Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access

    Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access
    Mar 26 2025

    In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls.

    Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers??

    You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure.

    Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he’s a founder advisor. He also serves on Knocknoc’s board of directors.

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      31 mins

    What listeners say about Risky Business

    Average customer ratings

    Reviews - Please select the tabs below to change the source of reviews.

    Audible.co.uk reviews

    Amazon reviews
    No Reviews are Available