Risky Business #716 -- This ain't your grandma's cloud

How complexity is biting Azure on its big, blue ass...
09 Aug 2023 » Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

  • Tenable gives Microsoft a spray over Azure bug fix delay, quality
  • Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization
  • Ransomware targets hospitals, special needs schools
  • Japan’s cybersecurity has some catching up to do
  • Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Microsoft resolves vulnerability following criticism from Tenable CEO
New Microsoft Azure AD CTS feature can be abused for lateral movement
Hackers force hospital system to take its national computer system offline
Israeli hospital redirects new patients following ransomware attack
Russia-linked cybercriminals target school for children with learning difficulties
Hackers accessed 16 years of Colorado public school student data in June ransomware attack
Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms
China hacked Japan’s classified defense cyber networks, officials say - The Washington Post
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne
Ukraine says it thwarted attempt to breach military tablets
The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED
Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving
U.K. election regulator says hackers had access for over a year but elections still secure
Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases
Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times
New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED
New Inception attack leaks sensitive data from all AMD Zen CPUs
Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch
‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack
Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features
Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents