Risky Business

Risky Business #808 -- Insane megabug in Entra left all tenants exposed

51 snips
Sep 24, 2025
Rob Joyce, a former NSA senior official and cybersecurity expert, joins to discuss major security news, including the Secret Service's takedown of a New York SIM farm and MI6's dark web recruitment portal. They dive into a significant vulnerability in Entra ID that could grant unauthorized access across tenants. In a sponsor segment, Josh Kamdjou, CEO of Sublime Security, shares insights on AI-driven email security, emphasizing the trade-offs and strategies for deploying effective detection methods.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Enormous NYC SIM Farm Bust

  • The U.S. Secret Service dismantled a large SIM-farm in NYC with racks, antennas and 100,000+ SIMs used from abandoned apartments.
  • The infrastructure could send 30 million texts per minute and supported encrypted, disposable communications for illicit actors.
INSIGHT

SIMs As Disposable Covert Comms

  • Disposable SIMs can be used like one-time pads to evade surveillance and attribution.
  • Investigators expect the SIM supply chain and activation records will be key to unraveling operators.
INSIGHT

Public Tor Tips Bring Tradecraft Tradeoffs

  • MI6 launched a Tor onion service to receive tips from foreign sources despite operational risks.
  • Publicizing such channels invites noise, disinformation and tradecraft challenges even as it widens access to potential sources.
Get the Snipd Podcast app to discover more snips from this episode
Get the app