SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps
Feb 26, 2025
A massive botnet is targeting Microsoft 365 accounts using stolen credentials from infostealer malware, highlighting the urgency for better authentication methods. Misconfigurations in OpenID pose significant security risks, allowing private keys to accidentally be exposed. Additionally, patients downloading DICOM image viewers are tricked into installing malware, raising alarms about deceptive practices in the healthcare sector. These discussions emphasize the need for vigilance and improved security measures across digital platforms.
05:59
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- A significant botnet targets M365 accounts using stolen credentials while urging a shift to OAuth for enhanced security practices.
- Healthcare malware pretends to be DICOM viewers, highlighting the need for users to download applications only from official sources to avoid risks.
Deep dives
Botnet Attacks on Microsoft 365 Accounts
Recent botnet activities have targeted Microsoft 365 accounts specifically designed for automated scripts, bypassing standard user accounts. These attacks exploit basic authentication methods, which rely on static usernames and passwords, as well as API keys, making them vulnerable, particularly since recent guidance from NIST advises against using API keys due to their difficult rotation process. The recommendation is to transition to OAuth for better security, although it’s not entirely immune to information-stealer attacks. Developers are urged to maintain a clean separation between development and production environments to minimize the risks of credential theft by these infostealers.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
