Risky Business

Risky Business #777 -- It's SonicWall's turn

Jan 29, 2025

Luke Jennings, a security researcher at Push Security, dives into the pitfalls of federated authentication, emphasizing how attackers exploit unexpected identity providers. He highlights alarming vulnerabilities in SonicWall devices and a comical DNS mishap involving MasterCard. The discussion also touches upon the risks of using personal Google accounts for corporate access and the complexities of managing multiple identity providers. With an eye on emerging threats, Jennings provides insights into securing user authentication in today's digital landscape.

51:26

Creator website

Episode guests

Luke Jennings

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

SonicWall's critical vulnerability highlights the pressing risks of unaddressed software security in corporate edge devices, inviting increased cyber threats.

The data breach at PowerSchool underscores the dangers associated with centralized data management systems in schools, raising ethical questions about information security.

Lack of rigorous identity verification practices is enabling unauthorized access through cross-platform impersonation, revealing significant gaps in current security measures.

Deep dives

The Risks of Cross IDP Impersonation

Cross IDP impersonation poses a significant threat as individuals register personal accounts on corporate email domains, compromising security. Attackers exploit this by leveraging the simplicity of federated authentication, allowing them to bypass standard Single Sign-On (SSO) protections. These impersonated accounts can access sensitive applications using legitimate access methods, effectively becoming invisible to the organization's security protocols. This often leads to ghost logins, where unauthorized users appear to have legitimate access without the organization realizing the security breach.

Intro

2min

Cybersecurity Vulnerabilities and Corporate Pitfalls

14min

Cyber Allegiances: Imitation and Intrigue in Cyber Operations

2min

Cybersecurity Challenges and Internet Vulnerabilities

14min

Exploring API Vulnerabilities and Authentication Challenges in Software Security

10min

Cybersecurity Challenges with Personal Accounts

10min

Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. They talk through:

Sonicwall firewalls hand out remote code exec like candy
Mastercard make a slapstick-grade mistake with their DNS
The data breach at PowerSchool and other niche SaaS providers
Academic research proposes taking down Europe’s power grid
Apple CPUs get a new speculative execution side channel
And much, much more.

This week’s episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps.

This episode is also available on Youtube.

Show notes

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Risky Business

Risky Business #777 -- It's SonicWall's turn

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Risks of Cross IDP Impersonation

Recent Cybersecurity Disasters and Vulnerabilities

Implications of Centralized Data Breaches

Challenges of Identity Verification Practices

Concerns Around Specialized Cloud Services

Show notes

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Risky Business

Risky Business #777 -- It's SonicWall's turn

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Risks of Cross IDP Impersonation

Recent Cybersecurity Disasters and Vulnerabilities

Implications of Centralized Data Breaches

Challenges of Identity Verification Practices

Concerns Around Specialized Cloud Services

Show notes

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights