Risky Business #810 -- Data extortion attacks have a silver lining
In this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
FBI intervenes in Scattered Spider Salesforce leaksite
Clop loots Oracle E-Biz deployments
Plus so much more data extortion.. At least it’s not ransomware … we guess?
The US still can’t decide who’s gonna be in charge of NSA & Cybercom
Cambodian scam compounds get sanctioned and $15b in crypto is seized
NSO gets sold for pocket-lint-grade money
Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!?
This week’s episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow.
This episode is also available on Youtube.
Show notes
FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News
Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
Clop is a Big Fish, But Not Worth Hunting - Risky Business Media
ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security
The company Discord blamed for its recent breach says it wasn't hacked
Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News
Red Hat confirms breach of GitLab instance, which stored company’s consulting data | CyberScoop
Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media
Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News
Acting US Cyber Command, NSA chief won’t be nominated for the job, sources say | The Record from Recorded Future News
Layoffs, reassignments further deplete CISA | Cybersecurity Dive
Trump’s scandalous directive to AG Pam Bondi reached the public by accident
Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News
US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian
Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data | WIRED
Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News
Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED
Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog
SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop
SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive
Issues Affecting CrowdStrike Falcon Sensor for Windows
ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek
Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian
Windows 10 support ends today — here's who's affected and what you need to do
--------
1:03:12
--------
1:03:12
Snake Oilers: Realm Security, Horizon3 and Persona
In this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares:
Realm Security: A security focussed, AI-first data pipeline platform
Horizon3: AI hackers! Pentesting robots!! They’re coming fer yur jerbs!
Persona: Verify customer and staff identities with live capture
This episode is also available on Youtube.
Show notes
--------
45:40
--------
45:40
Risky Business #809 -- Hackers try to pay a journalist for access to the BBC
On this week’s show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week’s cybersecurity news, including:
Hackers learn that trying to coerce a journalist just makes for … a great story?
A man in his 40s gets arrested over the European airport chaos. Yep, we’re surprised, too.
Adam fanboys over Watchtowr Labs while bemoaning Fortra.
Academics pick apart Tile trackers and find them lacking
CISA tells agencies to patch their damn Cisco gear
This episode is also available on YouTube.
Show notes
'You'll never need to work again': Criminals offer reporter money to hack BBC
Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms – Krebs on Security
UK authorities arrest man in connection with cyberattack against aviation vendor | Cybersecurity Dive
Chinese scammer pleads guilty after UK seizes nearly $7 billion in bitcoin
Cyberattack on Japanese beer giant Asahi limits shipping, call center operations | The Record from Recorded Future News
Afghanistan plunged into nationwide internet blackout, disrupting air travel, medical care | The Record from Recorded Future News
Tile trackers are a stalker's dream, say Georgia Tech researchers
Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks - Ars Technica
Supermicro server motherboards can be infected with unremovable malware - Ars Technica
China-linked hackers use ‘BRICKSTORM’ backdoor to steal IP | The Record from Recorded Future News
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
Federal agencies given one day to patch exploited Cisco firewall bugs | The Record from Recorded Future News
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
--------
39:28
--------
39:28
Risky Business #808 -- Insane megabug in Entra left all tenants exposed
On this week’s show Patrick Gray and special guest Rob Joyce discuss the week’s cybersecurity news, including:
Secret Service raids a SIM farm in New York
MI6 launches a dark web portal
Are the 2023 Scattered Spider kids finally getting their comeuppance?
Production halt continues for Jaguar Land Rover
GitHub tightens its security after Shai-Hulud worm
This week’s episode is sponsored by Sublime Security. In this week’s sponsor interview, Sublime founder and CEO Josh Kamdjou joins host Patrick Gray to chat about the pros and cons of using agentic AI in an email security platform.
This episode is also available on YouTube
Show notes
U.S. Secret Service disrupts telecom network that threatened NYC during U.N. General Assembly
MI6 launches darkweb portal to recruit foreign spies | The Record from Recorded Future News
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens | dirkjanm.io
Github npm changes
Flights across Europe delayed after cyberattack targets third-party vendor | Cybersecurity Dive
Major European airports work to restore services after cyberattack on check-in systems | The Record from Recorded Future News
When “Goodbye” isn’t the end: Scattered LAPSUS$ Hunters hack on | DataBreaches.Net
UK arrests 2 more alleged Scattered Spider hackers over London transit system breach | Cybersecurity Dive
Alleged Scattered Spider member turns self in to Las Vegas police | The Record from Recorded Future News
Las Vegas police arrest minor accused of high-profile 2023 casino attacks | CyberScoop
DOJ: Scattered Spider took $115 million in ransoms, breached a US court system | The Record from Recorded Future News
vx-underground on X: "Scattered Spider ransoms company for 964BTC - wtf_thats_alot.jpeg - Document says "Cost of BTC at time was $36M" - $36M / 964BTC = $37.5K - BTC value was $37.5K in November, 2023 - Google "Ransomware, November, 2023" - omfg.exe https://t.co/uv2EzbL5HT" | X
JLR ‘cyber shockwave ripping through UK industry’ as supplier share price plummets by 55% | The Record from Recorded Future News
Jaguar Land Rover to extend production pause into October following cyberattack | Cybersecurity Dive
New plan would give Congress another 18 months to revisit Section 702 surveillance powers | The Record from Recorded Future News
AI-powered vulnerability detection will make things worse, not better, former US cyber official warns | Cybersecurity Dive
--------
52:37
--------
52:37
Risky Business #807 -- Shai-Hulud npm worm wreaks old-school havoc
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Shai-Hulud worm propagates via npm and steals credentials
Jaguar Land Rover attack may put smaller suppliers out of business
Leaked data emerges from the vendor behind the Great Firewall of China
Vastaamo hacker walks free while appeal is underway
Why is a senator so mad about Kerberos?
This week’s episode is sponsored by Knocknoc. Chief exec Adam Pointon joins to talk through the surprising number of customers that are using Knocknoc’s identity-to-firewall glue to protect internal services and networks.
This week’s episode is also available on Youtube.
Show notes
Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security
Jaguar Land Rover: Some suppliers 'face bankruptcy' due to hack crisis
Jaguar Land Rover production shutdown could last until November
U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
U.S. Investors, Trump Close In on TikTok Deal With China - WSJ
How China’s Propaganda and Surveillance Systems Really Operate | WIRED
Mythical Beasts: Diving into the depths of the global spyware market - Atlantic Council
Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal | The Record from Recorded Future News
US national charged in Finnish psychotherapy center extortion | The Record from Recorded Future News
BreachForums administrator given three-year prison stint after resentencing | The Record from Recorded Future News
Microsoft, Cloudflare disrupt RaccoonO365 credential stealing tool run by Nigerian national | The Record from Recorded Future News
Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting” - Ars Technica
Exclusive: US warns hidden radios may be embedded in solar-powered highway infrastructure | Reuters
Israel announces seizure of $1.5M from crypto wallets tied to Iran | TechCrunch
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.