CoreView's approach to least privilege

On this week's show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire's lawn and ends with Grok happily doxxing real people, mapping out stalking "strategies," and handing out revenge-porn tips.

Then we go inside the Louvre heist, where thieves in hi-vis and a hire van waltzed off with the French crown jewels in broad daylight, exploiting our assumptions about what "looks normal" - the same kind of bias we’re now baking into security AIs.

Plus, Graham chats with Rob Edmondson from CoreView about why misconfigurations and over-privileged accounts can make Microsoft 365 dangerously vulnerable.

All this, and more, in episode 447 of the "Smashing Security" podcast with Graham Cluley, and special guest Jenny Radcliffe.

EPISODE LINKS:

• Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware - The Record.
• US Posts $10 Million Bounty for Iranian Hackers - Security Week.
• Infostealer has entered the chat - Kaspersky.
• Dave Portnoy posts a photo of his lawn (including a manatee-shaped mailbox) - Twitter.
• Elon Musk’s Grok AI Is Doxxing Home Addresses of Everyday People - Futurism.
• Elon Musk’s Grok Is Providing Extremely Detailed and Creepy Instructions for Stalking - Futurism.
• How the Louvre thieves exploited human psychology to avoid suspicion – and what it reveals about AI - The Conversation.
• Outrageous (TV series) - Wikipedia.
• Outrageous trailer - YouTube.
• Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store - The Guardian.
• Free Microsoft 365 Tenant Security Scanner - CoreView.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Horizon3.ai - Get an autonomous pentest demo and see your network the way attackers do. Visit Horizon3.ai.
• CoreView - Benchmark your Microsoft 365 tenant security against the Center for Internet Security (CIS) controls. 

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

ENJOYED THE SHOW?

Make sure to check out our sister podcast, "The AI Fix".