Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?

How Redmond leaked 38TB with a bad URL...
20 Sep 2023 » Risky Business

On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover:

  • Microsoft’s 38TB oopsie
  • MGM’s Okta compromised, was this what Okta was warning us about?
  • Why we need a cyber knife fight
  • Google Authenticator sync abused in the wild
  • Much, much more

This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop
Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X
Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center
(6) Microsoft's Security Culture Just Isn't up to Scratch
Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive
MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive
I Gambled in MGM's Hacked Casinos
‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail
MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive
Caesars Entertainment says it was also a victim of a cyberattack
Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive
DHS: Ransomware attackers headed for second most profitable year
(1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X
White House urging dozens of countries to publicly commit to not pay ransoms
Cyberattack on Kansas town affects email, phone, payment systems
Major trucking software provider confirms ransomware incident
Several Colombian government ministries hampered by ransomware attack
Manchester police officers’ data stolen following ransomware attack on supplier
Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack
Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say
How Google Authenticator made one company’s network breach much, much worse | Ars Technica
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Mozilla, CISA urge users to patch Firefox security flaw
UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption
Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian
Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza
War crimes tribunal ICC says it has been hacked | Reuters
XINTRA - Cybersecurity Training
CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube
SaaS attack techniques
SaaS attack matrix: The shadow workflow’s evil twin
SaaS Attack: How to SAMLjack a poisoned tenant
SAMLjacking a poisoned tenant demo - YouTube
SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube