Risky Business

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.



Risky Business #630 -- We tried the carrot, it's time for the stick

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including:

  • REvil takes a vacation
  • Kaseya finally patches VSA
  • Morgan Stanley data exposed by third party Accellion hack
  • CISA issues emergency directive on MS print spooler bug
  • Patrick and Adam dream up ways for the US government to pressure vendors
  • MORE

This week’s show is brought to you by Senetas. They’ve traditionally made layer 2 encryption gear but, as you’ll hear, they’re moving with the times! Senetas CTO Julian Fay joins us this week to talk through a bunch of stuff – what they’ve been working on, a really interesting project they had to abandon because of COVID and the latest news on the move to quantum-resistant crypto.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Show notes Ransomware attacks: Pressure grows on Biden to curb costly hacks - The Washington Post Biden tells Putin the U.S. will take ?any necessary action? after latest massive ransomware attack - The Washington Post Russian-speaking ransomware gang goes offline Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software – Krebs on Security (3) Patrick Gray on Twitter: "That’s great! Do they have a time machine, too? Where can we buy tickets?!" / Twitter ACSC: Australian organizations compromised through ForgeRock vulnerability - The Record by Recorded Future Morgan Stanley discloses data breach that resulted from Accellion FTA hacks | Ars Technica Dell Wyse Management Suite subject to database exposure, session hijacking | The Daily Swig Microsoft Issues Emergency Patch for Windows Flaw – Krebs on Security Microsoft Patch Tuesday, July 2021 Edition – Krebs on Security cyber.dhs.gov - Emergency Directive 21-04 Microsoft discovers critical SolarWinds zero-day under active attack | Ars Technica Beyond Kaseya: Everyday IT Tools Can Offer ‘God Mode’ for Hackers | WIRED China tightens control over cybersecurity in data crackdown - ABC News Suspected Chinese hackers return with unusual attacks on domestic gambling companies Microsoft Bug Bounty Programs Year in Review: $13.6M in Rewards – Microsoft Security Response Center Feds indict “The Bull” for allegedly selling insider stock info on the dark web | Ars Technica UK judge gives US a shot to appeal denial of Julian Assange's extradition Over 780,000 email accounts compromised by Emotet have been secured - The Record by Recorded Future Hiltzik: The threat of ransomware - Los Angeles Times Matt Bevan on Twitter: "Wow @youtube @googledownunder this is a full-blown deepfake ad running on your platform... you probably shouldn't have those. https://t.co/S19nQYR9iH" / Twitter Troy Hunt on Twitter: "Huh - what - why?! “Ransomware-hit law firm gets court order asking crooks not to publish the data they stole” https://t.co/ugheahUmgw" / Twitter Ransomware-hit law firm gets court order asking crooks not to publish the data they stole • The Register Migration to Post-Quantum Cryptography


 2021-07-14  n/a