Risky Business Podcast
September 20, 2023
Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?
Presented by
CEO and Publisher
Technology Editor
On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover:
- Microsoft’s 38TB oopsie
- MGM’s Okta compromised, was this what Okta was warning us about?
- Why we need a cyber knife fight
- Google Authenticator sync abused in the wild
- Much, much more
This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest.
Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.
Brought to you by Push Security
Stop identity attacks
Show notes
Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop
(6) Microsoft's Security Culture Just Isn't up to Scratch
Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive
MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive
I Gambled in MGM's Hacked Casinos
‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail
MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive
Caesars Entertainment says it was also a victim of a cyberattack
Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive
DHS: Ransomware attackers headed for second most profitable year
White House urging dozens of countries to publicly commit to not pay ransoms
Cyberattack on Kansas town affects email, phone, payment systems
Major trucking software provider confirms ransomware incident
Several Colombian government ministries hampered by ransomware attack
Manchester police officers’ data stolen following ransomware attack on supplier
Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack
Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say
How Google Authenticator made one company’s network breach much, much worse | Ars Technica
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Mozilla, CISA urge users to patch Firefox security flaw
UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption
Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian
War crimes tribunal ICC says it has been hacked | Reuters
XINTRA - Cybersecurity Training
CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube
SaaS attack matrix: The shadow workflow’s evil twin
SaaS Attack: How to SAMLjack a poisoned tenant
SAMLjacking a poisoned tenant demo - YouTube
SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube