Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
Similar Podcasts
Thinking Elixir Podcast
The Thinking Elixir podcast is a weekly show where we talk about the Elixir programming language and the community around it. We cover news and interview guests to learn more about projects and developments in the community.
Elixir Outlaws
Elixir Outlaws is an informal discussion about interesting things happening in Elixir. Our goal is to capture the spirit of a conference hallway discussion in a podcast.
Linux For Everyone
A show about the thrilling world of desktop Linux, open-source software, and the community creating it. For beginners and veterans alike! Hosted by Jason Evangelho, Jerry Morrison and Schykle.
Risky Business #686 -- White House to move on spyware industry
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Half of all UK COBRA meetings are ransomware related Ransomware biggest risk to US port security White House to move on spyware industry EU to launch its own Starlink equivalent Much, much more AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future DHS Secretary: Cyberattacks are the most significant threat to port infrastructure - The Record by Recorded Future Michigan school districts reopen after three-day closure due to ransomware attack - The Record by Recorded Future Microsoft: Royal ransomware group using Google Ads in campaign - The Record by Recorded Future Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security Risky Biz News: Cyber Partisans hack and disrupt Kremlin censor US, Estonian authorities arrest two over $575 million cryptocurrency fraud - The Record by Recorded Future New FTX CEO details 'complete failure of corporate controls' at crypto platform OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs EU reaches agreement on new satellite constellation - The Record by Recorded Future Ukraine’s Engineers Dodged Russian Mines To Get Kherson Back Online–With A Little Help From Elon Musk’s Satellites Senate Democrats call on FTC to investigate Twitter's data security 11.17.22 - FTC - Twitter Letter Twitter has a lot of your data. Here's what you can do about it. Mastodon vulnerable to multiple system configuration problems | The Daily Swig System misconfiguration is the number one vulnerability, at least for Mastodon White House expected to issue executive order reining in spyware H20220930-005_Himes-Speier cc's - DocumentCloud A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup | WIRED Risky Biz News: Iranian state hackers breached US government agency and deployed a cryptominer, out of all things India removes ban on VLC media player after cybersecurity concerns addressed - The Record by Recorded Future Amazon addresses vulnerability affecting AWS AppSync - The Record by Recorded Future CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA
Risky Business #686 -- White House to move on spyware industry
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Half of all UK COBRA meetings are ransomware related Ransomware biggest risk to US port security White House to move on spyware industry EU to launch its own Starlink equivalent Much, much more AttackIQ’s Jonathan Reiber will be joining us in this week’s sponsor interview to talk about how companies and their boards are really moving towards outcomes-based security programs. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Ransomware incidents now make up majority of British government’s crisis management COBRA meetings - The Record by Recorded Future DHS Secretary: Cyberattacks are the most significant threat to port infrastructure - The Record by Recorded Future Michigan school districts reopen after three-day closure due to ransomware attack - The Record by Recorded Future Microsoft: Royal ransomware group using Google Ads in campaign - The Record by Recorded Future Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security Risky Biz News: Cyber Partisans hack and disrupt Kremlin censor US, Estonian authorities arrest two over $575 million cryptocurrency fraud - The Record by Recorded Future New FTX CEO details 'complete failure of corporate controls' at crypto platform OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs EU reaches agreement on new satellite constellation - The Record by Recorded Future Ukraine’s Engineers Dodged Russian Mines To Get Kherson Back Online–With A Little Help From Elon Musk’s Satellites Senate Democrats call on FTC to investigate Twitter's data security 11.17.22 - FTC - Twitter Letter Twitter has a lot of your data. Here's what you can do about it. Mastodon vulnerable to multiple system configuration problems | The Daily Swig System misconfiguration is the number one vulnerability, at least for Mastodon White House expected to issue executive order reining in spyware H20220930-005_Himes-Speier cc's - DocumentCloud A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup | WIRED Risky Biz News: Iranian state hackers breached US government agency and deployed a cryptominer, out of all things India removes ban on VLC media player after cybersecurity concerns addressed - The Record by Recorded Future Amazon addresses vulnerability affecting AWS AppSync - The Record by Recorded Future CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA
Risky Biz Soap Box: How to get your developers invested in security
In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code. Show notes The Big Fix | Snyk
Risky Biz Soap Box: How to get your developers invested in security
In this podcast we speak with Randall Degges who leads the Developer Relations & Community team at Snyk. He’s here to talk to us about how to get developers enthusiastic about security, how to get them to use the right tooling, and how this tooling will evolve in the future to actually help developers fix bugs in their code. Show notes The Big Fix | Snyk
Risky Business #685 -- Australia releases the hounds, and it might just work
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one) Twitter’s wheels haven’t fallen off yet but they sure are wobbling Hundreds of millions stolen from FTX mid implosion Security researchers start looking at Mastodon and… yeah Much, much more! This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Australia to hack the hackers Australia to consider banning ransomware payments - The Record by Recorded Future Two enormous cyberattacks convince Australia to 'hack the hackers' - The Washington Post Australian Federal Police say cybercriminals in Russia behind Medibank hack - The Record by Recorded Future The Hunt for the FTX Thieves Has Begun | WIRED US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program - The Record by Recorded Future Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff Twitter’s Security And Privacy Leaders Quit Amidst Musk’s Chaotic Takeover FTC tracking developments at Twitter with 'deep concern' after CISO resigns - The Record by Recorded Future Mastodon users vulnerable to password-stealing attacks | The Daily Swig Risky Biz News: Major hack-and-leak info-op unfolding in Moldova All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries | Symantec Enterprise Blogs Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers - The Record by Recorded Future Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Google Pixel screen-lock hack earns researcher $70k | The Daily Swig DJ Zavala & DMNTED - Welcome to Ukraine - YouTube
Risky Business #685 -- Australia releases the hounds, and it might just work
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Australia lets ASD loose on ransomware crews, but will it work? (Tom Uren joins us to chat about this one) Twitter’s wheels haven’t fallen off yet but they sure are wobbling Hundreds of millions stolen from FTX mid implosion Security researchers start looking at Mastodon and… yeah Much, much more! This week’s show is brought to you by Gigamon. George Sandford from Gigamon pops in for this week’s sponsor interview to talk about how to successfully stand up an NDR program. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Australia to hack the hackers Australia to consider banning ransomware payments - The Record by Recorded Future Two enormous cyberattacks convince Australia to 'hack the hackers' - The Washington Post Australian Federal Police say cybercriminals in Russia behind Medibank hack - The Record by Recorded Future The Hunt for the FTX Thieves Has Begun | WIRED US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program - The Record by Recorded Future Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED Is it safe to use Twitter? Security fears rise after Elon Musk drives off staff Twitter’s Security And Privacy Leaders Quit Amidst Musk’s Chaotic Takeover FTC tracking developments at Twitter with 'deep concern' after CISO resigns - The Record by Recorded Future Mastodon users vulnerable to password-stealing attacks | The Daily Swig Risky Biz News: Major hack-and-leak info-op unfolding in Moldova All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks | The Daily Swig Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries | Symantec Enterprise Blogs Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica Cisco: InterPlanetary File System seeing ‘widespread’ abuse by hackers - The Record by Recorded Future Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Google Pixel screen-lock hack earns researcher $70k | The Daily Swig DJ Zavala & DMNTED - Welcome to Ukraine - YouTube
Risky Business #684 -- DoJ seizes 50,000 stolen bitcoins from popcorn tin
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar’s $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week’s sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless’: how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity’ - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK
Risky Business #684 -- DoJ seizes 50,000 stolen bitcoins from popcorn tin
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar’s $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week’s sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless’: how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity’ - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem’ protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK
Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Twitter’s verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica
Risky Business #683 -- OpenSSL bug is a fizzer, ASD responds to Medibank hack
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Twitter bluechecks face phishing barrage Australian government goes berserk on Medibank hack response Former WSJ journalist sues law firm over email hack and info op that got him fired OpenSSL bug lands with a whimper Apple macOS Ventura update breaks security tools Much, much more This week’s show is brought to you by Thinkst Canary. Marco Slaviero, Thinkst’s head of engineering, joins us this week to talk through the company’s latest release, codenamed Quokka. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Twitter’s verification chaos is now a cybersecurity problem | TechCrunch Unconfirmed hack of Liz Truss’ phone prompts calls for “urgent investigation” | Ars Technica Chinese hackers are scanning state political party headquarters, FBI says - The Washington Post Former WSJ reporter says law firm used Indian hackers to sabotage his career | Reuters The source - Columbia Journalism Review Upcoming ‘critical’ OpenSSL update prompts feverish speculation | The Daily Swig OpenSSL vulnerability downgraded to ‘high’ severity | The Daily Swig Medibank says hackers had access to ‘all personal data’ belonging to all customers - The Record by Recorded Future Australia to tighten privacy laws, increase fines after series of data breaches - The Record by Recorded Future Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ - The Record by Recorded Future NY Post confirms hack after website, Twitter feed flooded with threats toward Biden, AOC - The Record by Recorded Future Apple MacOS Ventura Bug Breaks Third-Party Security Tools | WIRED Microsoft ties Vice Society hackers to additional ransomware strains - The Record by Recorded Future How Vice Society Got Away With a Global Ransomware Spree | WIRED FTC seeks action against Drizly — and its CEO — for cybersecurity failures - The Record by Recorded Future Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig Google Play apps with >20M downloads depleted batteries and network bandwidth | Ars Technica Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn – Krebs on Security Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious | Ars Technica Microsoft disputes report on Office 365 Message encryption issue after awarding bug bounty - The Record by Recorded Future Microsoft Office Online Server open to SSRF-to-RCE exploit | The Daily Swig Microsoft's Sociopathic Cybersecurity Pedantry Brazilian police announce arrest of alleged Lapsus$ member - The Record by Recorded Future Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security European gang that sold car hacking tools to thieves arrested - The Record by Recorded Future How a Microsoft blunder opened millions of PCs to potent malware attacks | Ars Technica
Snake Oilers: Truffle Security, KSOC and Snyk
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Truffle Security talks secrets discovery KSOC builds Kubernetes security tools Snyk has a new product to better secure Infrastructure as Code Show notes Unearth Your Secrets - Truffle Security KSOC: Kubernetes Security Operations Center Cloud Security across the SDLC with Policy as Code | Snyk
Snake Oilers: Truffle Security, KSOC and Snyk
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Truffle Security talks secrets discovery KSOC builds Kubernetes security tools Snyk has a new product to better secure Infrastructure as Code Show notes Unearth Your Secrets - Truffle Security KSOC: Kubernetes Security Operations Center Cloud Security across the SDLC with Policy as Code | Snyk
Snake Oilers: Tines, Code42 and Kroll
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Tines, the no code security automation solution that people are going absolutely nuts over Code42, the insider threat detection solution maker Kroll talks about its MDR offering
Snake Oilers: Tines, Code42 and Kroll
Snake Oilers isn’t our regular weekly podcast, it’s a wholly sponsored series we do at Risky.Biz where vendors come on to the show to pitch their products to you, the Risky Business listener. To be clear – everyone you hear in one of these editions, paid to be here. We’ll hear from three vendors in this edition of Snake Oilers: Tines, the no code security automation solution that people are going absolutely nuts over Code42, the insider threat detection solution maker Kroll talks about its MDR offering
Risky Business #682 -- Starlink goes dark on Ukraine's front line
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Why former Uber CISO Joe Sullivan’s guilty verdict shouldn’t worry you United States puts chipmaking restrictions on China, APT activity is coming Elon blinks and Starlink goes dark on Ukraine’s front line Master cyber criminal arrested in Australia Much, much more This week’s show is brought to you by runZero, the asset inventory and network visibility solution. runZero’s founding CTO and industry legend HD Moore is this week’s sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Risky Biz News: Good news for the Capital One hacker, bad news for the former Uber CSO Joe Sullivan guilty in Uber hacking case - The Washington Post Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict - The Record by Recorded Future U.S. imposes foreign direct product rule on China for AI and supercomputing - The Washington Post Popular censorship circumvention tools face fresh blockade by China | TechCrunch 'Fear' driving Chinese state to manipulate tech ecosystem... - GCHQ.GOV.UK Risky Biz News: China blocks several protocols used to bypass the Great Firewall Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_TLPWHITE - DocumentCloud Starlink goes dark Coverage of Killnet DDoS attacks plays into attackers' hands, experts say - The Record by Recorded Future Ukrainian cybersecurity officer killed by Russian missile strike - The Record by Recorded Future Biden signs new US-EU privacy framework, setting up surveillance safeguards - The Record by Recorded Future White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star Australian teen charged with using leaked Optus data to blackmail customers - The Record by Recorded Future Report: Big U.S. Banks Are Stiffing Account Takeover Victims – Krebs on Security Hackers steal at least $100 million from Binance-linked blockchain - The Record by Recorded Future Someone is clogging up the Zcash blockchain with a spam attack Alberto Rodriguez, and Erik Hunstad - Stop writing malware! The Blue team has done it for you - YouTube CVE-2022-34689 - Security Update Guide - Microsoft - Windows CryptoAPI Spoofing Vulnerability Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763) | Worth Doing Badly Risky Biz News: LofyGang runs amok in the npm ecosystem with minimal gains