Risky Business Podcast By Patrick Gray cover art

Risky Business

Risky Business

By: Patrick Gray
Listen for free

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2025 Politics & Government
Episodes
  • Risky Business #799 -- Everyone's Sharepoint gets shelled

    Risky Business #799 -- Everyone's Sharepoint gets shelled
    Jul 23 2025
    Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not)She shells Sharepoint by the sea-shore (by ‘she’ we mean ‘China’)Four (alleged) Scattered Spider members arrested (and bailed) in the UKHackers spend $2700 to buy creds for a Brazilian payment system, steal $100MFortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week’s episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD’s cloud servicesMicrosoft to stop using engineers in China for tech support of US military, Hegseth orders reviewA Little-Known Microsoft Program Could Expose the Defense Department to Chinese HackersWhile DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risksMicrosoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on SecurityNational Guard was hacked by China's 'Salt Typhoon' group, DHS saysSuspected contractor for China’s Hafnium group arrested in in Italy | Cybersecurity DiveSingapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future NewsUK Arrests Four in ‘Scattered Spider’ Ransom Group – Krebs on SecurityFour people bailed after arrests over cyber attacks on M&S, Co-op and HarrodsBrazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future NewsAt Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds | WIREDHacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The RecordIndian crypto exchange CoinDCX says $44 million stolen from reserves | The RecordChainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The RecordPoisonSeed bypassing FIDO keys to ‘fetch’ user accountsRisky Bulletin: Browser extensions hijacked for web scraping botnetA Startup is Selling Data Hacked from Peoples’ Computers to Debt CollectorsA surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunchUkrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source saysFile transfer company CrushFTP warns of zero-day exploit seen in the wild | The RecordHPE warns of hardcoded passwords in Aruba access pointsPre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity DiveGoogle finds custom backdoor being installed on SonicWall network devices - Ars TechnicaHackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
    Show more Show less
    1 hr and 14 mins
  • Risky Biz Soap Box: Prowler, the open cloud security platform

    Risky Biz Soap Box: Prowler, the open cloud security platform
    Jul 14 2025

    In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler.

    Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler’s successful transition from an open-source project into a community, and now a growing business with an as-a-service platform.

    This episode is also available on Youtube.

    Show notes
      Show more Show less
      32 mins
    • Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses

      Risky Business #798 -- Mexican cartel surveilled the FBI to identify, kill witnesses
      Jul 2 2025
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ingMicrosoft works towards blunting the next CrowdStrike disasterChanges are coming for Microsoft’s default enterprise app consenting setupSynology downplays hardcoded passwords for its M365 cloud backup agentThe next Citrix Netscaler memory disclosure looks nastyDrug cartels used technical surveillance to find, fix and finish FBI informants and witnesses This week’s episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments. This episode is also available on Youtube. Show notes Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive (384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero AT&T deploys new account lock feature to counter SIM swapping | CyberScoop Iran-linked hackers threaten to release Trump aides' emails | Reuters US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop US, French authorities confirm arrest of BreachForums hackers | TechCrunch Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News
      Show more Show less
      1 hr and 2 mins
    No reviews yet