Risky Business

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.




Risky Business #562 -- Two former Twitter staff charged over Saudi spying

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two ex Twitter employees charged with spying for KSA
  • US border device searches now require suspicion after ACLU win
  • Unredacted Corellium lawsuit response drops
  • Ransomware attacks on hospitals increase mortality
  • Much, much more!
This week’s sponsor interview is with Stephan Chenette, the co-founder and CTO of AttackIQ. We talk to him about some CSOs playing Pokemon Go with MITRE ATT&CK (“Gotta catch ‘em all!”) and about recent ATT&CK developments. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Twitter Insiders Allegedly Spied for Saudi Arabia | WIRED Former Trend Micro employee enabled scam calls by stealing customers' personal data Federal Court Rules Suspicionless Searches of Travelers’ Phones and Laptops Unconstitutional | American Civil Liberties Union Corellium claims Apple sued it after acquisition talks fell through U.K.’s Labour Party ‘Hit By Large Cyberattack’ A Month Before Election Cyber Command flags North Korean-linked hackers behind ongoing financial heists Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security As 5G Rolls Out, Troubling New Security Flaws Emerge | WIRED DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition | ZDNet Phones and PCs sold in Russia will have to come pre-installed with Russian apps | ZDNet Capital One replaces security chief after data breach | TechCrunch One of the world’s most advanced hacking groups debuts new Titanium backdoor | Ars Technica Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked | ZDNet Between 200,000 and 240,000 Magento online stores will reach EOL next year | ZDNet Major ASP.NET hosting provider infected by ransomware | ZDNet Mysterious hacker dumps database of infamous IronMarch neo-nazi forum | ZDNet Breaking the law: How 8chan (or “8kun”) got (briefly) back online | Ars Technica Microsoft's Rust experiments are going well, but some features are missing | ZDNet Further enhancing security from Microsoft, not just for Microsoft Microsoft to apply California's privacy law for all US users | ZDNet 'Chronicle Is Dead and Google Killed It' - VICE Google Enlists Outside Help to Clean Up Android's Malware Mess | WIRED Manual code review finds 35 vulnerabilities in 8 enclave SDKs | ZDNet Amid NSA warning, attacks on Confluence have risen in recent weeks Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash | Ars Technica Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago - The New York Times Intel Failed to Fix a Hackable Chip Flaw Despite a Year of Warnings | WIRED Influencers Pay Thousands to Get Back Into Their Hacked Instagram Accounts - VICE