Risky Business #760 – Microsoft to make MFA mandatory
Aug 21, 2024
auto_awesome
This week dives into significant security news, starting with Microsoft's impressive move to make multi-factor authentication mandatory for Azure admins. A massive public data breach reveals shocking vulnerabilities, linked to a certain 'Florida Man.' The US government points fingers at Iran for hacking the Trump campaign, raising tensions in cyberspace. Tech blunders abound as TP-Link faces scrutiny and a major Chinese RFID maker is exposed for hardcoded backdoors. Tune in for insights on hybrid cybersecurity challenges and bizarre cybercrimes that keep the hosts entertained!
Microsoft's new policy will mandate multi-factor authentication for all Azure admins, enhancing cloud security against phishing attacks.
The alarming National Public Data breach reveals severe vulnerabilities and raises significant privacy concerns in the US data broker ecosystem.
The Australian government's Trust Exchange identity service aims to improve privacy by allowing identity verification without disclosing sensitive information.
Deep dives
Integration of Bloodhound Tools for Enhanced Security
The episode discusses the integration of Bloodhound and Bloodhound Enterprise tools, enabling organizations to track attack paths within their directories. This integration allows for the enumeration of vulnerabilities across both Active Directory and Azure environments, which is a significant advancement, especially for hybrid setups. Organizations can now discern what percentage of user accounts have potentially dangerous configurations and permissions, addressing a common security concern among enterprises with mixed environments. This collaboration helps in recognizing and mitigating security gaps that could be exploited by attackers.
Mandatory Multi-Factor Authentication for Azure Admins
Microsoft has made headlines by announcing that multi-factor authentication (MFA) will become mandatory for administrative users of Azure, marking a significant security enhancement. This enforcement requires that those accessing the Azure portal use phishing-resistant MFA methods, aiming to bolster security in the cloud. Despite some initial confusion regarding the announcement and its parameters, clarity has since emerged regarding the exact user groups affected, which includes any person conducting business in Azure, regardless of their administrator status. The phased roll-out is set to start in October, reflecting the importance of stringent security measures in today's digital landscape.
Revelations from the National Public Data Hack
A discussion centers on a major hack involving a database of billions of social security numbers, which has emerged slowly but has now been confirmed as legitimate data. Initial reports suggested that a data broker was attempting to sell a massive dataset containing personal information, raising serious privacy concerns. Research into this incident revealed that the source company had significant vulnerabilities, allowing sensitive data to be mismanaged and leaked. The episode underscores the alarming state of data privacy and the vulnerabilities present within the US data broker ecosystem.
Emerging National Identity Services in Australia
The Australian government is initiating the Trust Exchange identity service, designed to allow individuals to prove their identity without disclosing private information. This initiative aims to enhance privacy and security while reducing the risks associated with extensive data storage. Past attempts at similar identity services faced significant hurdles, indicating that execution details will be crucial for success. A robust identity system could positively transform how personal data is handled in society, provided potential pitfalls are adequately managed throughout development.
Security Vulnerabilities in Chinese Technology
Concerns surrounding the security of Chinese-manufactured technology are highlighted by recent investigations into TP-Link and Shanghai Fudan Microelectronics. The former is facing scrutiny due to a series of bugs and the potential risks they pose, while the latter presented a more serious issue with a hard-coded backdoor within their smart cards, leading to serious implications for security within access control systems. The discourse raises significant questions about perceived vulnerabilities versus actual technical shortcomings within these products, ultimately calling for heightened caution and evaluation of technology used in sensitive infrastructures. This ongoing narrative reflects broader geopolitical tensions and the complexities of ensuring digital security in a globally interconnected world.
On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:
Microsoft did a good thing! Soon all Azure admins will require MFA
The three billion row National Public Data breach mess, courtesy Florida Man
US govt confirms that it was Iran that hacked the Trump campaign
Is TP-Link the next Huawei, or just not very good at computers?
Major Chinese RFID card maker has hardcoded backdoors
And much, much more.
This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.
