On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Cyber firms agree to deconflict and cross-reference hacker group names
Russian nuclear facility blueprints gathered from public procurement websites
Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
Germany identifies the Trickbot kingpin
Google spots China’s MSS using Calendar events for malware C2
Meta apps abuse localhost listeners to track web sessions.
This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.
This episode is also available on Youtube.
All content for Risky Business is the property of Patrick Gray and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Cyber firms agree to deconflict and cross-reference hacker group names
Russian nuclear facility blueprints gathered from public procurement websites
Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
Germany identifies the Trickbot kingpin
Google spots China’s MSS using Calendar events for malware C2
Meta apps abuse localhost listeners to track web sessions.
This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.
This episode is also available on Youtube.
Risky Biz Soap Box: Push Security's browser-first twist on identity security
Risky Business
34 minutes
1 week ago
Risky Biz Soap Box: Push Security's browser-first twist on identity security
In this wholly sponsored Soap Box edition of the show, Patrick Gray chats with Adam Bateman and Luke Jennings from Push Security.
Push has built an identity security platform that collects identity information and events from your users’ browsers. It can detect phish kits and shut down phishing attempts, protect SSO credentials, and find shadow/personal account that a user has spun up.
It’s extremely difficult to bypass. That’s because when you’re in the browser it doesn’t matter how a phishing link arrives, or how a threat actor has concealed it from your detection stack – if the user sees it, Push sees it.
There are solutions for protecting your users SSO credentials, like passkeys. But what about all the SaaS in your environment? Even if it’s enrolled into your SSO, are you sure that’s how your users are authenticating to it? What about the automation platforms your developers and admins use? What about data platforms like Snowflake? Are your using setting up passkeys for those accounts? How would you know, and what problems can it cause if those accounts are vulnerable?
This is a fun one!
This episode is also available on Youtube.
Risky Business
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
Cyber firms agree to deconflict and cross-reference hacker group names
Russian nuclear facility blueprints gathered from public procurement websites
Someone audio deepfaked the White House Chief of Staff, but for the dumbest reasons
Germany identifies the Trickbot kingpin
Google spots China’s MSS using Calendar events for malware C2
Meta apps abuse localhost listeners to track web sessions.
This week’s episode is sponsored by automation vendor Tines. Its Field CISO, Matt Muller, joins the show to discuss an open letter penned by JP Morgan Chase’s CISO that pleads with Software as a Service suppliers to try to suck less at security.
This episode is also available on Youtube.
