Risky Business

By: Patrick Gray
  • Summary

  • Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
    Copyright 2007-2025 Patrick Gray
    Show More Show Less
Episodes
  • Risky Biz Soap Box: Run your own open source IDP with Authentik
    Feb 14 2025

    In this SoapBox edition of the show Patrick Gray chats to Fletcher Heisler, the CEO of open-source identity provider Authentik.

    The whole idea of Authentik is you can take control of an essential IT and security function: identity. Because Authentik is open source it’s extremely flexible, and if you’re running it yourself, you get to decide where your IDP should sit in your architecture. You can run it on prem if you’re an emergency call centre or you’re operating an airgapped network, or you can spin it up in your cloud environment if you’re a typical enterprise.

    Fletcher talks through the reasons Authentik users are decoupling themselves from the major SaaS Identity Providers, and the flexibility that comes from being able to assemble exactly what you need.

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      38 mins
    • Risky Business #779 -- DOGE staffer linked to The Com
      Feb 12 2025
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Musk’s DOGE kid has a history with The ComParagon fires Italy as a spyware customerThailand cuts power to scam compounds…… and arrests Phobos/8Base Russian cybercrimsThe CyberCX DFIR report shows non-U2F MFA is well and truly overAnd much, much more. This week’s episode is sponsored by Dropzone.AI. They make an AI SOC analysis platform that relieves your analysts of the necessary but tedious work, so they can focus on the value of human insight. Dropzone’s founder and CEO Edward Wu joins to talk about how they approach the problem. This episode is also available on Youtube. Show notes Teen on Musk’s DOGE Team Graduated from ‘The Com’ – Krebs on SecurityACLU Warns DOGE’s ‘Unchecked’ Access Could Violate Federal Law | WIREDLawsuit accuses Trump administration of violating federal information security law | The Record from Recorded Future NewsThe Recruitment Effort That Helped Build Elon Musk’s DOGE Army | WIREDStates prepare privacy lawsuit against DOGE over access to federal data | The Record from Recorded Future NewsUnion groups sue Treasury over giving DOGE access to sensitive data | The Record from Recorded Future NewsStudent group sues Education Department over reported DOGE access to financial aid databases | The Record from Recorded Future NewsHackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts | The Record from Recorded Future NewsDeepSeek iOS app sends data unencrypted to ByteDance-controlled servers - Ars TechnicaDeepSeek Is a Win for Chinese Hackers - Risky BusinessOwner of spyware used in alleged WhatsApp breach ends contract with Italy | WhatsApp | The GuardianAnother person targeted by Paragon spyware comes forward | TechCrunchApple fixes security flaw allowing third-party access to locked devices | The Record from Recorded Future NewsU.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure | CyberScoopThailand cuts power supply to Myanmar scam hubs | The Record from Recorded Future News8Base ransomware site taken down as Thai authorities arrest 4 connected to operation | The Record from Recorded Future NewsTwo Russian nationals arrested in takedown of Phobos ransomware infrastructure | The Record from Recorded Future NewsThe Company Man: Binance exec detained in Nigeria breaks his silence | The Record from Recorded Future NewsDeloitte pays $5M in connection with breach of Rhode Island benefits site | Cybersecurity DiveDFIR - Threat Report 2025 | CyberCXRequest a Demo | Dropzone AI
      Show More Show Less
      59 mins
    • Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems
      Feb 5 2025
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: DeepSeek leaves an unauthed database on the internetRussia hacked UK prime minister’s personal mailAustralia sanctions a Telegram group… which is more sensible than it soundsMedical device backdoor turns out to be just poorly thought out upgrade featureGoogle abuses weak hashing to patch AMD CPU microcodeAnd much, much more. This week’s episode is sponsored by email security boffins Sublime. Their co-founder and CEO Josh Kamdjou joins to talk about how attackers’ abuse of legitimate services like Docusign is a challenge for email security vendors. This episode is also available on Youtube. Show notes Exclusive: Musk aides lock workers out of OPM computer systems | ReutersWiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz BlogКриптостилер SparkCat в магазинах Google Play и App Store | SecurelistRussian hackers suspected of compromising British PM’s personal email account | The Record from Recorded Future NewsPowerSchool hack: missed basic security step resulted in data breachAustralia sanctions ‘Terrorgram’ white supremacist online group | The Record from Recorded Future News‘Paid actors’ could be behind some antisemitic attacks, Albanese says | Australian security and counter-terrorism | The GuardianInterview with James Glenday, ABC News Breakfast | Australian Minister for Foreign AffairsWhatsApp says spyware company Paragon Solutions targeted journalistsSpyware maker Paragon confirms US government is a customer | TechCrunchFormer Polish justice minister arrested in sprawling spyware probe | The Record from Recorded Future NewsSweden releases suspected ship, says cable break ‘clearly’ not sabotage | The Record from Recorded Future NewsBackdoor found in two healthcare patient monitors, linked to IP in ChinaAttackers exploit zero-day vulnerability in Zyxel CPE devices | Cybersecurity DiveAMD: Microcode Signature Verification Vulnerability · Advisory · google/security-research · GitHub22-year-old math wiz indicted for alleged DeFI hack that stole $65M - Ars TechnicaA method to assess 'forgivable' vs 'unforgivable'... - NCSC.GOV.UKLiving Off the Land: Credential Phishing via Docusign abuseLiving Off the Land: Callback Phishing via Docusign commentB2B freight-forwarding scams on the rise to evade financial fraud crackdownsCallback phishing via invoice abuse and distribution list relaysEnhanced message groups: Improving efficiency in email incident response
      Show More Show Less
      56 mins

    What listeners say about Risky Business

    Average Customer Ratings

    Reviews - Please select the tabs below to change the source of reviews.

    In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.