Risky Business News

Follow Risky Business News
Share on
Copy link to clipboard

Regular cybersecurity news updates from the Risky Business team...

risky.biz


    • Oct 1, 2025 LATEST EPISODE
    • weekdays NEW EPISODES
    • 13m AVG DURATION
    • 788 EPISODES


    Search for episodes from Risky Business News with a specific topic:

    Latest episodes from Risky Business News

    Risky Bulletin: Router APIs abused to send SMS spam

    Play Episode Listen Later Oct 1, 2025 6:12


    A Cybercrime group abuses routers to send SMS spam, CISA announces a new collaboration model for state governments, South Korea raises its cyber threat level after a data center fire, and Tile tracking devices expose their location. Show notes Risky Bulletin: Router APIs abused to send SMS spam waves

    Between Two Nerds: The power of cyber

    Play Episode Listen Later Sep 29, 2025 27:45


    In this edition of Between Two Nerds Tom Uren and The Grugq discuss the power of cyber. This episode is also available on Youtube. Show notes Narrow windows of opportunity: the limited utility of cyber operations in war RUSI's UK cyber effects network RUSI call for abstracts The fate of nations BTN discussion UK National Cyber Force's Responsible Cyber Power in Practice Sponsor interview on the importance of resilient IdPs

    Risky Bulletin: UK to bail out Jaguar Land Rover

    Play Episode Listen Later Sep 29, 2025 4:51


    The UK will bail out Jaguar Land Rover following its cyberattack, hackers try to extort a ransom using childrens' photos, Dutch police arrest two teens over sniffing WiFi for Russian spies, and a recent GoAnywhere MFT bug is being exploited. Show notes Risky Bulletin: UK to bail out Jaguar Land Rover

    Sponsored: Why identity is critical

    Play Episode Listen Later Sep 28, 2025 12:47


    In this sponsored interview, Authentik CEO Fletcher Heisler talks to Tom Uren about how identity providers (IdP) are fundamental to everything an organisation does. He explains how organisations are making themselves resilient by managing their redundancy and failover options. Show notes

    identity idp tom uren
    Risky Bulletin: EU users to get free Windows 10 extended security updates

    Play Episode Listen Later Sep 26, 2025 7:30


    European users will get free Windows 10 extended security updates, Cisco patches three zero-days, Microsoft drops an Israeli intel surveillance contract and a UK man is arrested for the EU airport disruptions. Show notes Risky Bulletin: EU users to get free Windows 10 extended security updates

    Srsly Risky Biz: The kids aren't alright

    Play Episode Listen Later Sep 25, 2025 16:27


    Tom Uren and Amberleigh Jack talk about how the funnel that turns kids into cyber criminals has evolved over the last decade. Cybercrime's reach has broadened, it is more lucrative and more violent. They also talk about new thinking about deterring America's cyber adversaries. This episode is also available on YouTube Show notes CSIS's Playbook for Winning the Cyber War Bloomberg reporting on Scattered Spider

    Risky Bulletin: US raids SIM farm in New York

    Play Episode Listen Later Sep 24, 2025 7:14


    The US Secret Service raids a SIM farm in New York, EU airport disruptions were caused by ransomware, thieves steal gold nuggets from a French museum after a cyberattack and SonicWall releases a firmware update to remove SMA rootkits. Show notes Risky Bulletin: US raids SIM farm in New York

    Between Two Nerds: How the US can win the cyber war

    Play Episode Listen Later Sep 22, 2025 31:00


    In this edition of Between Two Nerds Tom Uren and The Grugq look at a new Center for Strategic and International Studies report: A Playbook for Winning the Cyber War. This episode is also available on YouTube. Show notes CSIS Playbook

    Risky Bulletin: Cyberattack disrupts airports across Europe

    Play Episode Listen Later Sep 22, 2025 6:51


    A cyberattack disrupts European airports, a Scattered Spider member turns himself in to US authorities, the Pentagon hires a new cyber policy leader and two Russian APTs work together for the first time. Show notes Risky Bulletin: Cyberattack disrupts airports across Europe

    Sponsored: SpecterOps on identities at rest and identities in transit

    Play Episode Listen Later Sep 21, 2025 19:19


    In this Risky Business News sponsor interview, Catalin Cimpanu talks with Jared Atkinson, CTO at SpecterOps. They discuss how SpecterOps is using classifying identities under two categories, identities at rest and identities in transit, what they are and how they should be treated differently. Show notes Shifting the Paradigm: Managing Identities at Rest vs. Identities in Transit BloodHound OpenGraph

    Risky Bulletin: Pentagon has more than 70,000 cyber personnel

    Play Episode Listen Later Sep 19, 2025 7:28


    America's Government Accountability Office says the Pentagon employs more than 70,000 cyber personnel, hackers steal SonicWall firewall configs, DeepSeek returns insecure code for groups China doesn't like, and two Scattered Spider members arrested in the UK. Show notes Risky Bulletin: Pentagon has +70K cyber staff, and a lot of overlap

    Srsly Risky Biz: US investment in spyware skyrockets

    Play Episode Listen Later Sep 18, 2025 15:56


    Tom Uren and Amberleigh Jack talk about why it is good news that US investment in spyware vendors has skyrocketed. They also discuss the in-principle agreement for TikTok to remain in the US. It's a win-win: a win for China and a win for TikTok, but not so much a win for US national security. This episode is also available on YouTube. Show notes

    Risky Bulletin: Android switches to risk-based security updates

    Play Episode Listen Later Sep 16, 2025 7:11


    Android will only issue monthly updates for high-risk vulnerabilities, a self-replicating attack hits the npm registry, BreachForums' admin resentenced on appeal, and hackers breach Gucci's parent company. Show notes Risky Bulletin: AI chatbot disinformation doubles in a year

    Between Two Nerds: The limits of cyber power

    Play Episode Listen Later Sep 15, 2025 30:47


    In this edition of Between Two Nerds Tom Uren and The Grugq talk about the limits of a state's cyber power. This episode is also available on YouTube Show notes Dave Aitel's CyberSecPolitics post on cyber power metrics Lawfare Post BTN 117, The fate of nations BTN 120, Should US spies steal Chinese commercial secrets

    chinese limits btn two nerds cyber power grugq dave aitel
    Risky Bulletin: DC sues crypto ATM operator for profiting from scams

    Play Episode Listen Later Sep 15, 2025 6:41


    The US sues a crypto ATM operator for profiting from scams, SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the RaidForums admin, and Samsung patches a zero-day in its phones. Show notes Risky Bulletin: US largest crypto ATM operator sued for profiting from scams

    Sponsored: The challenge of managing browser extensions

    Play Episode Listen Later Sep 14, 2025 19:50


    In this sponsored interview, Casey Ellis chats to David Cottingham and Daniel Schell from Airlock Digital. They discuss the challenge of browser extension management for enterprises, why it's a priority and how Airlock can help. Show notes

    Risky Bulletin: Apple notifies French users of spyware attacks

    Play Episode Listen Later Sep 12, 2025 7:08


    Apple notifies French users of spyware attacks, China will increase fines for data breaches Google pays $1.6mil for cloud bugs at a hackathon event, and no more hacked free laundry for Dutch students Show notes Risky Bulletin: Most UK school hacks are caused by their own students

    Srsly Risky Biz: Exploiting authorisation sprawl is the new black

    Play Episode Listen Later Sep 11, 2025 17:54


    Tom Uren and Amberleigh Jack talk about the Salesloft Drift incident. It is a great example of the sprawling impact that the breach of a single service provider can have. We expect these single-compromise-large-blast-radius attacks will become the new norm. They also talk about Apple's Memory Integrity Enforcement, which promises to be a big step forward for memory safety on Apple devices. This episode is also available on Youtube. Show notes

    Risky Bulletin: White House to keep CyberCom and NSA dual role

    Play Episode Listen Later Sep 10, 2025 8:38


    The White House will keep the CyberCom and NSA dual-hat leadership arrangement, the US charges a major ransomware figure, Apple ships a memory safety protection feature and yet another supply chain attack hits the npm world. Show notes Risky Bulletin: US charges major ransomware figure

    Between Two Nerds: The death of the exploit

    Play Episode Listen Later Sep 8, 2025 25:47


    In this edition of Between Two Nerds Tom Uren and The Grugq talk about the trend toward outrageously complicated exploits and what it means for hacking and cyber espionage. This episode is also available on YouTube Show notes

    Risky Bulletin: New APT group turns out to be a phishing test

    Play Episode Listen Later Sep 8, 2025 7:51


    A new APT group turns out to be a phishing test, Qantas cuts executives' bonuses after a recent breach, Anthropic stops selling AI tools to Chinese firms, and Nepal blocks 26 social media sites. Show notes Risky Bulletin: APT report? No, just a phishing test!

    Sponsored: Why prompt injection is an intractable problem

    Play Episode Listen Later Sep 7, 2025 16:30


    In this sponsored interview Casey Ellis chats with Keith Hoodlet from Trail of Bits. Keith is Trail of Bits' director of engineering for AI, machine learning and application security and he joined Casey to talk about why prompt injection attack techniques that target AI are an unsolvable problem. Show notes

    Risky Bulletin: Cyberattack disrupts Bridgestone tyre factories across North America

    Play Episode Listen Later Sep 5, 2025 9:00


    A cyberattack disrupts Bridgestone tyre factories in North America, a new infostealer takes your photo while you watch porn, bad certificates for Cloudflare infrastructure went undetected for more than a year, and Brazil deals with another payment system hack. Show notes Risky Bulletin: Chrome 140 comes with new hardened cookies

    Srsly Risky Biz: Google sharpens its cyber knife

    Play Episode Listen Later Sep 4, 2025 17:38


    Tom Uren and Amberleigh Jack talk about Google starting a cyber disruption unit. It's a sign of the times but could also point the way forward for policymakers looking to involve the private sector in government-endorsed efforts to strike back in cyberspace. They also talk about cyber security authorities from 13 different countries pegging Salt Typhoon to three Chinese companies. That's a lot of countries, but Tom wonders whether attribution is just viewed as a cost of doing business for the Chinese government. And it turns out that Apple's dispute with the UK government about encrypted iCloud data has not yet been resolved, despite media reports to the contrary. This episode is also available on Youtube. Show notes

    Risky Bulletin: YouTubers unmask and help dismantle Chinese scam ring

    Play Episode Listen Later Sep 3, 2025 4:24


    Two YouTube channels help dismantle a Chinese scam operation, Cloudflare, Zscaler, and Palo Alto disclose Salesloft-related breaches, a ransomware attack disrupts vehicle production at Jaguar Land Rover, and we have a new record DDoS attack. Show notes Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring

    Between Two Nerds: How threat actors are using AI to run wild

    Play Episode Listen Later Sep 1, 2025 32:17


    In this edition of Between Two Nerds Tom Uren and The Grugq talk about how cyber threat actors are using AI tools to fill in resource and skills gaps that they have. This episode is also available on Youtube. Show notes Anthropic's August 2025 Threat Report BTN episode 50

    Risky Bulletin: Noem fires FEMA IT team over alleged cybersecurity failures

    Play Episode Listen Later Sep 1, 2025 5:54


    FEMA's IT staff fired over an alleged breach, WhatsApp patches a zero-day, the Salesloft breach impacted more than just Salesforce, and a scammer steals $1.5 million dollars from the city of Baltimore. Show notes Risky Bulletin: Noem fires FEMA IT team over alleged cybersecurity failures

    Sponsored: Push Security on the evolution of phishing techniques

    Play Episode Listen Later Aug 31, 2025 18:05


    In this sponsored interview Casey Ellis chats with Push Security co-founder Jacques Louw. Push's browser plugin gives a unique level of visibility into how users interact with the web and the attacks they face. Jacques talks through what they're seeing, and their recently published taxonomy of phishing attacks. It's on Github for everyone to contribute to! Show notes Introducing our guide to phishing detection evasion techniques

    Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys

    Play Episode Listen Later Aug 29, 2025 7:38


    An npm supply chain attack uses AI to steal credentials and crypto-wallet keys, Google establishes a cyber disruption unit, a ransomware attack disrupts more than 200 Swedish municipalities, and Salt Typhoon hacks have now hit more than 80 countries. Show notes Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys

    Srsly Risky Biz: America wants to hack the planet

    Play Episode Listen Later Aug 28, 2025 17:29


    Tom Uren and Amberleigh Jack talk about proposed legislation that would allow the President to license private sector hackers to go after cybercrime groups. The bill won't pass, but letting hackers loose on industrial-scale scam farms actually makes sense. They also talk about Microsoft's blind spot regarding China. It has trusted China-based engineers with sensitive work, and is now only just realising that China's security interests are not compatible with Microsoft's. This episode is also available on Youtube. Show notes

    Risky Bulletin: FCC removes 1,200 voice providers from US phone network

    Play Episode Listen Later Aug 27, 2025 6:36


    The FCC removes 1,200 voice providers from the US phone network, a cyberattack shuts down Nevada's state government services; hackers breach Salesloft and pivot into Salesforce accounts, and Citrix patches yet another zero-day. Show notes Risky Bulletin: FCC removes 1,200 voice providers from US phone network

    Between Two Nerds: Teenage hackers are like goldfish

    Play Episode Listen Later Aug 25, 2025 29:25


    In this edition of Between Two Nerds, Tom Uren and The Grugq talk about how the teenage hacking groups Scattered Spider, Lapsus$ and Shiny Hunters are collaborating. They examine whether this is bad news and what will it take to slow these wrecking crews down. Plus, how teenage hackers are like goldfish. This episode is also available on Youtube. Show notes The Register, Three notorious cybercrime gangs appear to be collaborating Between Two Nerds episode 103 Sponsor interview with Brett Winterford from Okta

    Risky Bulletin: Hackers sabotage Iranian ships at sea, again

    Play Episode Listen Later Aug 25, 2025 6:12


    Hackers sabotage Iranian ships for a second time this year, mass cybercrime arrests across Africa, South Korea extradites a Chinese man behind celebrity hacks, and a French supermarket chain discloses a data breach. Show notes Risky Bulletin: Hackers sabotage Iranian ships at sea, again

    Sponsored: Why threat actors hate Okta FastPass

    Play Episode Listen Later Aug 25, 2025 14:26


    In this Risky Business News sponsor interview Tom Uren talks to Brett Winterford, Okta's VP of Threat Intelligence about FastPass. Brett explains what it is, how Okta uses it and why threat actors avoid it. Show notes

    Risky Bulletin: Microsoft restricts Chinese firms' access to MAPP

    Play Episode Listen Later Aug 21, 2025 8:04


    Microsoft restricts Chinese firms' access to its MAPP program, Apple patches a zero-day used in the wild, a Scattered Spider member gets 10 years in prison, and a new exploit broker pops up in the UAE. Show notes Risky Bulletin: A decade later, Russian hackers are still using SYNful Knock, and it's still working

    Srsly Risky Biz: Russian cyber security picked a side

    Play Episode Listen Later Aug 21, 2025 19:17


    Tom Uren and Amberleigh Jack talk about a new report that looks at how Russian cyber security firms have adapted since the country's invasion of Ukraine. These firms are doing surprisingly well financially. It turns out that in an era of great power competition, picking sides is not just necessary, it is also a winning strategy. They also discuss Russia effectively killing foreign messenger services to promote its own WeChat-like service and claims that the UK has backed down on its Apple encryption order. This episode is also available on Youtube. Show notes

    Risky Bulletin: Child sextortion cases linked to scam compounds

    Play Episode Listen Later Aug 20, 2025 7:16


    Almost 500 child sextortion cases have been linked to scam compounds, Oracle's CSO departs after 37 years, Europol offers a reward for the Qilin ransomware group, and the UK drops its demand for an Apple backdoor. Show notes Risky Bulletin: NIST releases face-morphing detection guideline

    Between Two Nerds: Cyber myopia

    Play Episode Listen Later Aug 18, 2025 26:21


    In this edition of Between Two Nerds Tom Uren and The Grugq talk about whether the cyber industry and intelligence agencies focus too much on technical details and ignore the bigger picture. This episode is also available on Youtube. Show notes Director-General ASIO speech on Counting the Cost of Espionage

    Risky Bulletin: Academics pull off novel 5G attack

    Play Episode Listen Later Aug 17, 2025 7:36


    Academics develop a 5G downgrade attack, ransomware hits car salvage yards across North America, multiple VPN apps share the same hardcoded password, and Bangladesh spent $190 million on hacking and surveillance tools. Show notes Risky Bulletin: Academics pull off novel 5G attack

    Risky Bulletin: HTTP2 flaw enables massive DDoS attacks

    Play Episode Listen Later Aug 15, 2025 8:03


    An HTTP-2 vulnerability enables DDoS attacks, Russia blocks Telegram and WhatsApp voice calls, attackers abuse a zero-day in N-able servers, and the US government is adding trackers to chip shipments. Show notes Risky Bulletin: MadeYouReset vulnerability enables unlimited HTTP/2 DDoS attacks

    Srsly Risky Biz: Drug cartels are the new APTs

    Play Episode Listen Later Aug 14, 2025 16:41


    Tom Uren and Amberleigh Jack talk about a recent hack of the US courts document management system. It's about as bad as can be, with multiple threat actors including states and possibly even drug cartels rummaging around in there, possibly for years. They also discuss Microsoft's involvement in an Israeli surveillance system and the head of Australia's security organisation's blunt warning about espionage. This episode is also available on Youtube. Show notes

    Risky Bulletin: Russia suspected of US Courts hack

    Play Episode Listen Later Aug 13, 2025 8:18


    Russia suspected of hacking a US Court system, researchers break the DarkBit ransomware's encryption, a new attack can leak sensitive data from AMD processors, and a brute-force campaign targets Fortinet devices. Show notes Risky Bulletin: Crypto-thieves turn their sights to Open VSX

    Risky Bulletin: Researcher scores $250,000 for Chrome bug

    Play Episode Listen Later Aug 11, 2025 7:22


    A security researcher scores $250,000 for a Chrome bug, WinRAR patches another zero-day, new vulnerabilities found in the Tetra communications protocol, and a researcher gains access to Microsoft's internal network for fun… and no profit. Show notes Risky Bulletin: Researcher scores $250,000 for Chrome bug

    Sponsored: The phishing-resistant employee

    Play Episode Listen Later Aug 10, 2025 15:54


    In this Risky Business News sponsor interview Tom Uren talks to Derek Hanson, Yubico's Field CTO about making account recovery and onboarding for employees phishing-resistant. They also discuss the problems and opportunities of syncable passkeys. Show notes

    Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack

    Play Episode Listen Later Aug 8, 2025 8:27


    Federal agencies told to patch a new Exchange flaw, millions of sites are vulnerable to HTTP desync attacks, Trend Micro patches a zero-day, and the Salesforce data breaches continue. Show notes Risky Bulletin: CISA tells federal agencies to mitigate on-prem-to-cloud Exchange attack

    Risky Bulletin: Russia's war on foreign software continues

    Play Episode Listen Later Aug 6, 2025 7:37


    Russian companies must migrate to domestic ERP systems, Ohio's public sector will have to approve ransom payments in public, Chanel and Cisco disclose data breaches, and a Thai hospital gets fined over the the dumbest data breach ever. Show notes Risky Bulletin: Russia to designate ERPs as "critical information infrastructure"

    Between Two Nerds: The Aeroflot hack

    Play Episode Listen Later Aug 4, 2025 29:28


    In this edition of Between Two Nerds Tom Uren and The Grugq dissect the Belarusian Cyber Partisans hack of Russian airline Aeroflot. Despite the short-term impact, the airline will likely bounce back quite quickly. But it is still a big win for the Cyber Partisans. This episode is also available on Youtube. Show notes The Belarusian Cyber Partisans post on the hack Meduza's analysis of the hack's aftermath

    Risky Bulletin: China with the accusations again

    Play Episode Listen Later Aug 4, 2025 6:35


    China accuses the US of new cyberattacks, a $14.5b crypto hack discovered five years later, the US National Cyber Director is named, and Lovense considers legal action over a security flaw disclosure. Show notes Risky Bulletin: China with the accusations again

    Sponsored: Tines shines at solving interesting problems

    Play Episode Listen Later Aug 3, 2025 12:40


    In this week's sponsor interview, Tines' Field CISO, Matt Muller, chats to Casey Ellis about the interesting and out-of-the-box ways they've seen people using the platform. Tines is a platform designed to automate repetitive tasks for IT and security teams. And, as it turns out, it can be used to … gamify shift handover? Show notes

    Risky Bulletin: Russia spies on local embassies via ISPs

    Play Episode Listen Later Aug 1, 2025 8:05


    Russia spies on local embassies via ISPs, a Canadian man jailed for stealing Internet Apes, Signal threatens to leave Australia, and Russian pharmacies go down after a cyberattack. Show notes Risky Bulletin: Russia spies on foreign embassies using local ISPs

    Srsly Risky Biz: The West's tepid China deterrence is not working

    Play Episode Listen Later Jul 31, 2025 17:07


    Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn't deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes

    Claim Risky Business News

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel