

Risky Business #808 -- Insane megabug in Entra left all tenants exposed
51 snips Sep 24, 2025
Rob Joyce, a former NSA senior official and cybersecurity expert, joins to discuss major security news, including the Secret Service's takedown of a New York SIM farm and MI6's dark web recruitment portal. They dive into a significant vulnerability in Entra ID that could grant unauthorized access across tenants. In a sponsor segment, Josh Kamdjou, CEO of Sublime Security, shares insights on AI-driven email security, emphasizing the trade-offs and strategies for deploying effective detection methods.
AI Snips
Chapters
Transcript
Episode notes
Enormous NYC SIM Farm Bust
- The U.S. Secret Service dismantled a large SIM-farm in NYC with racks, antennas and 100,000+ SIMs used from abandoned apartments.
- The infrastructure could send 30 million texts per minute and supported encrypted, disposable communications for illicit actors.
SIMs As Disposable Covert Comms
- Disposable SIMs can be used like one-time pads to evade surveillance and attribution.
- Investigators expect the SIM supply chain and activation records will be key to unraveling operators.
Public Tor Tips Bring Tradecraft Tradeoffs
- MI6 launched a Tor onion service to receive tips from foreign sources despite operational risks.
- Publicizing such channels invites noise, disinformation and tradecraft challenges even as it widens access to potential sources.