On this week’s show, Patrick Gray and Adam Boileau discuss the week’s cybersecurity news including:

• Microsoft did a good thing! Soon all Azure admins will require MFA
• The three billion row National Public Data breach mess, courtesy Florida Man
• US govt confirms that it was Iran that hacked the Trump campaign
• Is TP-Link the next Huawei, or just not very good at computers?
• Major Chinese RFID card maker has hardcoded backdoors -And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.

Microsoft mandates MFA for all Azure users https://azure.microsoft.com/en-us/blog/announcing-mandatory-multi-factor-authentication-for-azure-sign-in/ https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/microsoft-will-require-mfa-for-all-azure-users/ba-p/4140391

NationalPublicData.com Hack Exposes a Nation’s Data – Krebs on Security https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data/ National Public Data Published Its Own Passwords – Krebs on Security https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/

The Slow-Burn Nightmare of the National Public Data Breach | WIRED https://www.wired.com/story/national-public-data-breach-leak/

German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage https://www.wsj.com/articles/german-cyber-agency-wants-changes-in-microsoft-crowdstrike-products-after-tech-outage-05b82c19?st=2etsqluoj7k4c6b&reflink=article_copyURL_share

Palo Alto Networks CEO touts leads from CrowdStrike fallout | Cybersecurity Dive https://www.cybersecuritydive.com/news/palo-alto-networks-talks-customers-crowdstrike/724709/

U.S. confirms Trump campaign claim it was breached by Iranian hackers https://www.nbcnews.com/tech/security/us-confirms-trump-campaign-claim-was-breached-iranian-hackers-rcna167285

Crypto firm says hacker locked all employees out of Google products for four days https://therecord.media/unicoin-cryptocurrency-company-hack-gsuite

Routers from China-based TP-Link a national security threat, US lawmakers claim https://therecord.media/routers-from-tp-link-security-commerce-department

The Fudan RFID backdoor keys https://news.risky.biz/risky-biz-news-hardware-backdoors-found-in-chinese-key-cards/

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/

“US officials have charged a New Jersey man with hacking and extorting his employer at the end of last year” https://news.risky.biz/risky-biz-news-hardware-backdoors-found-in-chinese-key-cards/

Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months https://therecord.media/man-who-hacked-state-registry-to-forge-death-certificate-sentenced