Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?

On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover:

• Microsoft’s 38TB oopsie
• MGM’s Okta compromised, was this what Okta was warning us about?
• Why we need a cyber knife fight
• Google Authenticator sync abused in the wild
• Much, much more

This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop
• Wiz on X: "🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here's what you need to know 🧵 https://t.co/2V8u9IekGV" / X
• Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center
• (6) Microsoft's Security Culture Just Isn't up to Scratch
• Threat actors claim to have compromised MGM Resorts’ Okta environment | Cybersecurity Dive
• MGM, Caesars attacks raise new concerns about social engineering tactics | Cybersecurity Dive
• I Gambled in MGM's Hacked Casinos
• ‘Scattered Spider’ group launches ransomware attacks while expanding targets in hospitality, retail
• MGM Resorts disruption linked to recent attacks against hospitality industry | Cybersecurity Dive
• Caesars Entertainment says it was also a victim of a cyberattack
• Clorox warns of product shortages a month after disclosing cyberattack | Cybersecurity Dive
• DHS: Ransomware attackers headed for second most profitable year
• (1) chrisrohlf on X: "I can think of multiple occasions where well respected experts assured the world that taking offensive actions would put an end to this ransomware problem. Unfortunately 1) it won’t end that easily and 2) they’re still seen as experts. This is an economics problem that is enabled…" / X
• White House urging dozens of countries to publicly commit to not pay ransoms
• Cyberattack on Kansas town affects email, phone, payment systems
• Major trucking software provider confirms ransomware incident
• Several Colombian government ministries hampered by ransomware attack
• Manchester police officers’ data stolen following ransomware attack on supplier
• Upstate New York nonprofit hospitals still facing issues after LockBit ransomware attack
• Evidence points to North Korea in CoinEx cryptocurrency hack, analysts say
• How Google Authenticator made one company’s network breach much, much worse | Ars Technica
• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
• Mozilla, CISA urge users to patch Firefox security flaw
• UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption
• Exiled Russian journalist hacked using NSO Group spyware | Hacking | The Guardian
• Три журналиста рассказали, что получали оповещение от Apple о хакерской атаке. Такое же приходило Галине Тимченко, в телефоне которой нашли шпионскую программу Pegasus — Meduza
• War crimes tribunal ICC says it has been hacked | Reuters
• XINTRA - Cybersecurity Training
• CrikeyCon 2022 - Lina Lau - Inside the Persistent Mind of a Chinese APT - YouTube
• SaaS attack techniques
• SaaS attack matrix: The shadow workflow’s evil twin
• SaaS Attack: How to SAMLjack a poisoned tenant
• SAMLjacking a poisoned tenant demo - YouTube
• SaaS Attacks: Shadow workflows + Evil twin integration demo - YouTube