Risky Business #821 -- Wiz researchers could have owned every AWS customer
21 January 2026

Risky Business #821 -- Wiz researchers could have owned every AWS customer

Risky Business

About

In this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, joined by a special guest. BBC World Cyber Correspondent Joe Tidy is a long time listener and he pops in for a ride-along in the news segment plus a chat about his new book.



This week news includes:



    Did the US cyber Venezuela’s power grid, or do they just want us to think they coulda?
    US govt might boycott the RSAC Conference ‘cause Jen Easterly being CEO makes them mad
    MS Patch Tuesday fixes CVSS5.5 bug and … stops you shutting down
    Wiz pulls off cloud stunt hack that ends with control of everyone’s AWS console
    Millions of Bluetooth devices that use Google’s Fast Pairing will pair with anyone, any time
    GNU inet-tools’ telnetd parties like it’s 2007, and brings -f root unauthed remote login back


Thinkst is this week’s sponsor, and long time friend of the show Haroon Meer joins. As always they’re polishing their Canary tokens - adding breadcrumbs to lead you to them - but they’re also a bunch of giant nerds who now run South Africa’s Computer Olympiad.



This episode is also available on Youtube.





Show notes


    Cyberattack in Venezuela Demonstrated Precision of U.S. Capabilities - The New York Times

    Why I’m withholding certainty that “precise” US cyber-op disrupted Venezuelan electricity - Ars Technica

    Layered Ambiguity: US Cyber Capabilities in the Raid to Extract Maduro from Venezuela | Royal United Services Institute

    Former CISA Director Jen Easterly Will Lead RSAC Conference | WIRED

    Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO - Nextgov/FCW

    Federal agencies ordered to patch Microsoft Desktop Windows Manager bug | The Record from Recorded Future News

    Windows 11 shutdown bug forces Microsoft into damage control • The Register

    CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog

    Critical flaw in AWS Console risked compromise of build environment | Cybersecurity Dive

    Never-before-seen Linux malware is “far more advanced than typical” - Ars Technica

    VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun - Check Point Research

    Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking | WIRED

    Critical flaw in Fortinet FortiSIEM targeted in exploitation threat | Cybersecurity Dive

    CVE-2025-64155: 3 Years of Remotely Rooting the FortiSIEM

    A single click mounted a covert, multistage attack against Copilot - Ars Technica

    Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader | The Record from Recorded Future News

    Jordanian initial access broker pleads guilty to helping target 50 companies | The Record from Recorded Future News

    Supreme Court hacker posted stolen government data on Instagram | TechCrunch

    oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd

    How crypto criminals stole $700 million from people - often using age-old tricks

    Ctrl + Alt + Chaos: How Teenage Hackers Hijack the Internet