Risky Business #753 – Congress and vuln researchers maul Microsoft

On this week’s retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week’s security news:

• Microsoft recalls Recall, but why did it have to be such a mess
• And a Windows kernel wifi code-exec, really?
• Passkeys and identity are hard
• Scattered Spider bigwig arrested in Spain
• The pentagon runs a deeply flawed info-op
• Is it time E2E crypto nerds accept their place in the world?
• And much, much more.

This week’s show is brought to you by Corelight… Corelight’s CEO Brian Dye will be along in this week’s sponsor interview to make a really compelling case for something that shouldn’t exist… which is NDR in cloud environments.

Show notes

• Microsoft shelves Recall feature release after security uproar
• Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop
• Microsoft’s cybersecurity vulnerabilities endanger America
• US lawmakers grill Microsoft president over China ties, hacks | Reuters
• Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica
• CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability
• Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
• Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week’s show and I’ll tell you all exactly how I was wrong in next week’s show"
• Passkeys in Microsoft Authenticator and Entra ID
• Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
• MFA plays a rising role in major attacks, research finds | Cybersecurity Dive
• Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·…
• Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security
• EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com
• Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica
• Windows flaw may have been exploited with Black Basta ransomware before it was patched
• Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World
• City governments in Michigan, New York face shutdowns after ransomware attacks
• Cleveland confirms ransomware attack as City Hall remains closed
• Authorities investigating extended ‘network outage’ at organization that runs TheBus
• Pentagon ran secret anti-vax campaign to incite fear of China vaccines
• Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz"
• Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel"
• Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material