Risky Business #790 -- Bye bye Signal-gate, hello TeleMessage-gate
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
White House’s off-brand Israeli Signal fork logs cleartext messages with hard coded creds while getting hacked (twice). Just … Wow.
Ransomware attacks on UK retailers are linked, and Marks & Spencer has it extra bad
After six years dormant, a Magento eCommerce platform backdoor comes to life
The North Korean IT worker scam is truly webscale
NSO group owes Meta $168m for hacking WhatsApp
This week’s episode is sponsored by vulnerability management wranglers, Nucleus Security. Aaron Unterberger joins to talk through the complexities of tracking vulnerabilities in cloud components - left to the source, right to the deployments, and …sideways into the sidecars?
This week’s show also features an excerpt from Pat’s interview with Senator Mark Warner - Scoot back one in your podcast feed to check out the full chat, or find it on Youtube.
This episode is available on Youtube too.
Show notes
Mike Waltz Accidentally Reveals Obscure App the Government Is Using to Archive Signal Messages
Despite misleading marketing, Israeli company TeleMessage, used by Trump officials, can access plaintext chat logs
The Signal Clone the Trump Admin Uses Was Hacked
App used by Mike Waltz suspends services after hacking claims
Senator Demands Investigation into Trump Admin Signal Clone After 404 Media Investigation
MG on X: "Looks like TeleMessage was probably procured and rolled out under Biden. There are public records for it. https://t.co/XCuZpi8PL3" / X
Harrods becomes latest retailer to announce attempted cyberattack | The Record from Recorded Future News
Co-op DragonForce cyber attack includes customer data, firm admits
Co-op cyber attack: Staff told to keep cameras on in meetings
Hundreds of e-commerce sites hacked in supply-chain attack - Ars Technica
Microsoft’s new “passwordless by default” is great but comes at a cost - Ars Technica
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technica
North Korean operatives have infiltrated hundreds of Fortune 500 companies | CyberScoop
US wants to cut off key player in Southeast Asian cybercrime industry | The Record from Recorded Future News
Myanmar militia leader sanctioned by US over cyber scam connections | The Record from Recorded Future News
Trump proposes major cut to CISA’s budget, citing false ‘censorship’ claims | Cybersecurity Dive
NSA to cut up to 2,000 civilian roles as part of intel community downsizing | The Record from Recorded Future News
NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says | CyberScoop
--------
56:12
BONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffs
In this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about:
The latest developments in the Signalgate scandal
Why America needs to be more aggressive in responding to Volt Typhoon
How tariffs are affecting American alliances
Why the Five Eyes alliance is sacrosanct
This episode is available on Youtube
Show notes
--------
49:44
Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
British retail stalwart Marks & Spencer gets cybered
South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat
It’s a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups
Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then)
Anti-DOGE whistleblower sure sounds like he has a point
This week’s episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc’s CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems.
Editors Note : Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don’t look at how fresh that AAAA record in the DNS is, friends 😉
This episode is also available on Youtube.
Show notes
British retailer M&S confirms being hit by ‘cyber incident’ amid store delays | The Record from Recorded Future News
M&S cyber-attack linked to hacking group Scattered Spider | Marks & Spencer | The Guardian
Bina Puri shares, Warrant B close sharply lower day after hacking
Bina Puri, Pos Malaysia tumble following hacking incident | FMT
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts | The Record from Recorded Future News
US conducts cyberattacks against major Chinese commercial encryption provider: report - Global Times
Iran says major cyberattack on infrastructure repelled | Iran International
Spain rules out cyber attack - but what could have caused power cut?
South Korea's SK Telecom begins SIM card replacement after data breach
AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security
iOS and Android juice jacking defenses have been trivial to bypass for years - Ars Technica
How Android 16's new security mode will stop USB-based attacks - Android Authority
Researchers warn of critical flaw found in Erlang OTP SSH | Cybersecurity Dive
Critical vulnerability in SAP NetWeaver under threat of active exploitation | Cybersecurity Dive
CVE-2025-31324: Critical SAP Flaw Explained | Strobes
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
Risky Bulletin: NFC card malware keeps evolving in Russia, a bad omen for the future - Risky Business Media
Hegseth had unsecured internet line in Pentagon for Signal, sources say | AP News
Whistleblower: DOGE Siphoned NLRB Case Data – Krebs on Security
2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf
CISA gets a deputy director as it braces for major layoffs | Cybersecurity Dive
Two top cyber officials resign from CISA | The Record from Recorded Future News
Ex-CISA chief Chris Krebs leaving SentinelOne following Trump pressure | Reuters
Former cyber official targeted by Trump speaks out after cuts to digital defense
Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today's Adversaries | SentinelOne
ZachXBT on X: "Nine hours ago a suspicious transfer was made from a potential victim for 3520 BTC ($330.7M)"
--------
1:02:31
Snake Oilers: LimaCharlie, Honeywell Cyber Insights, CobaltStrike and Outflank
In this edition of the Snake Oilers podcast, three sponsors come along to pitch their products:
LimaCharlie: A public cloud for SecOps
Honeywell Cyber Insights: An OT security/discovery solution
Fortra’s CobaltStrike and Outflank: Security tooling for red teamers
This episode is also available on Youtube.
Show notes
--------
38:50
Snake Oilers: Pangea, Cosive and Sysdig
In this edition of Snake Oilers three vendors pitch host Patrick Gray on their tech:
Pangea: Guardrails and security for AI agents and applications (https://pangea.cloud)
Worried about your AI apps going rogue, being mean to your customers or even disclosing sensitive information? Pangea exists to address these risks. Fascinating stuff.
Cosive: A threat intelligence company that can host your MISP server in AWS. CloudMISP! (https://www.cosive.com/snakeoilers)
Are you running a MISP server on some old hardware under a desk in your SOC? There’s a better way! Cosive can run it for you on AWS so you can just use it instead of wrestling with maintaining it. They also do some CTI consulting to help you get better use out of MISP.
Sysdig: A Linux runtime security platform (https://sysdig.com/)
The modern Windows network is an all-singing, all-dancing, perfectly orchestrated, EDR-protected ballet. The modern Linux production environment… isn’t. Find out how Sysdig can help you get some visibility and control over your Linux fleet.
This episode is also available on Youtube.
Show notes
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.