SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps
Feb 26, 2025
A massive botnet is targeting Microsoft 365 accounts using stolen credentials from infostealer malware, highlighting the urgency for better authentication methods. Misconfigurations in OpenID pose significant security risks, allowing private keys to accidentally be exposed. Additionally, patients downloading DICOM image viewers are tricked into installing malware, raising alarms about deceptive practices in the healthcare sector. These discussions emphasize the need for vigilance and improved security measures across digital platforms.
AI Snips
Chapters
Transcript
Episode notes
Botnet Targeting M365 Service Accounts
- A botnet targets Microsoft 365 service accounts with stolen credentials.
- These accounts often lack two-factor authentication and use static credentials, making them vulnerable.
Securing API Access
- Migrate from API keys to OAuth for web service access.
- Separate development and production environments to limit the impact of infostealer malware.
OpenID Private Key Leakage
- Misconfigured OpenID servers can leak private keys due to the flexibility of the standard.
- This allows attackers to forge signatures and potentially compromise single sign-on systems.