Risky Business cover image

Risky Business

Latest episodes

undefined
Apr 2, 2025 • 55min

Risky Business #786 -- Oracle is lying

Tjaden Hess, a Principal Security Engineer at Trail of Bits specializing in cryptography and cryptocurrency exchange security, joins the discussion on recent cybersecurity events. He highlights the alarming breach at Oracle, casting a critical eye on their lack of transparency regarding the exposure of sensitive health data. Hess also emphasizes the essential practices for secure cryptocurrency exchanges, particularly the importance of cold wallets, and contrasts these with the vulnerabilities revealed in the Bybit incident. The conversation paints a vivid picture of the cybersecurity landscape's ongoing challenges.
undefined
8 snips
Mar 26, 2025 • 31min

Soap Box: Knocknoc glues your SSO to your firewalls for Just-in-Time network access

In this engaging conversation, Adam Pointon, CEO of Knocknoc, shares his expertise in innovative network access control solutions. He discusses the importance of securing Single Sign-On services and minimizing exposure by integrating advanced tools like Identity-Aware Proxies. Adam clarifies common misconceptions about SSO vulnerabilities and highlights strategies to isolate critical applications from the internet to enhance security. With a focus on Just-in-Time Network Access Control, he outlines how to streamline access while maintaining robust protection for sensitive environments.
undefined
25 snips
Mar 26, 2025 • 59min

Risky Business #785 -- Signal-gate is actually as bad as it looks

HD Moore, founder of RunZero and a network vulnerability scanning expert, joins to discuss the recent chaos in cybersecurity. He highlights the absurdity of a security breach involving the Trump administration mistakenly including a journalist in sensitive discussions. The conversation also delves into the shortcomings of traditional vulnerability management and what he's doing to revitalize network scanning. Additionally, they explore recent cyber incidents, from GitHub supply chain attacks to Kubernetes vulnerabilities, pushing the urgency for robust security solutions.
undefined
20 snips
Mar 19, 2025 • 57min

Risky Business #784 -- GitHub supply chain attack steals secrets from 23k projects

Aaron Steinke, Head of Infrastructure at La Trobe Financial, shares his insights on implementing Zero Networks' micro-segmentation product, transforming a legacy tech environment. The conversation dives into a significant GitHub supply chain attack that compromised 23,000 projects, revealing sensitive information. They also discuss the complex geopolitical tensions surrounding cyber threats, especially between Taiwan and China, and the rise of malicious hacks involving North Korean groups. Steinke's experience illustrates the challenges and innovations in modernizing cybersecurity practices.
undefined
54 snips
Mar 12, 2025 • 1h 4min

Risky Business #783 -- Evil webcam ransomwares entire Windows network

Rob Joyce, former Special Assistant to the US President and cybersecurity director at the NSA, shares his insights on national security challenges. He discusses groundbreaking cyber threats, including a ransomware attack using a Linux webcam to infiltrate Windows networks. Lee Chagolla-Christensen, Principal Security Researcher at SpecterOps, dives into the vulnerabilities of NTLM authentication in Active Directory and the potential of Bloodhound to address these issues. The conversation highlights the evolving landscape of cybersecurity and the importance of robust defense mechanisms.
undefined
22 snips
Mar 5, 2025 • 50min

Risky Business #782 -- Are the USA and Russia cyber friends now?

Vincent Stouffer, Field CTO at Corelight, brings his expertise in network visibility and attacker detection to the discussion. The conversation covers North Korea's impressive cyber theft tactics, particularly the Bybit hack. They analyze the U.S.'s shifting stance on Russian cyber threats and how that impacts global security. Stouffer emphasizes the importance of monitoring network traffic to uncover hidden threats while underscoring the challenges of credential management. The dialogue also highlights innovative authentication methods evolving in the cybersecurity landscape.
undefined
23 snips
Feb 26, 2025 • 1h 3min

Risky Business #781 -- How Bybit oopsied $1.4bn

This week, a staggering $1.4 billion was stolen from the Bybit cryptocurrency exchange, sparking a deep dive into the security flaws that allowed it to happen. North Korea's sophisticated hacking methods are discussed, alongside the dangers inherent in routine cryptocurrency transfers. The podcast also tackles encryption debates, government surveillance, and the challenges companies like Meta face with account management and automation. There’s a look at advanced techniques used by hackers targeting Cisco devices and vulnerabilities within Windows security solutions.
undefined
Feb 21, 2025 • 41min

Wide World of Cyber: DeepSeek lobs an AI hand grenade

Join Alex Stamos, former CISO for Facebook and Yahoo, and Chris Krebs, ex-director of CISA, as they dive into the intriguing world of AI and its geopolitical implications. They discuss the controversial DeepSeek AI model and its potential impact on cybersecurity. The duo analyzes the skepticism surrounding AI innovations and examines the contrasting regulatory approaches in Europe and the U.S. Don't miss their insights on privacy rights, market dynamics, and the future of AI innovation amidst growing international tensions.
undefined
13 snips
Feb 19, 2025 • 1h 1min

Risky Business #780 -- ASD torched Zservers data while admins were drunk

Braden Rogers, Chief Customer Officer at Island, discusses the pressing challenges of AI data exposure. He dives into the emotional toll recent cyber incidents have had on the tech community. The conversation also highlights the complexities of managing unstructured data in enterprises and the increasing necessity of robust security measures as large language models become ubiquitous. Additionally, Braden critiques existing protections against prompt injection attacks while advocating for smarter data governance strategies.
undefined
8 snips
Feb 14, 2025 • 38min

Risky Biz Soap Box: Run your own open source IDP with Authentik

Fletcher Heisler, CEO of Authentik and a leader in open-source identity solutions, dives into the power of self-hosted identity management. He explains how users are reclaiming control from traditional SaaS providers like Okta. The discussion highlights Authentik's flexibility and adaptability for businesses, whether on-premises or in the cloud. Fletcher emphasizes user-driven development, security through transparency, and the importance of backup strategies, making a strong case for the future of open-source identity solutions.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode