On this week’s show, Patrick Gray and Adam Boileau discuss the week’s security news including:

• Microsoft did a good thing! Soon all Azure admins will require MFA
• The three billion row National Public Data breach mess, courtesy Florida Man
• US govt confirms that it was Iran that hacked the Trump campaign
• Is TP-Link the next Huawei, or just not very good at computers?
• Major Chinese RFID card maker has hardcoded backdoors
• And much, much more.

This week’s episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they’ve joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface.

Show notes

• Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog
• phishing resistant mfa - Google Search
• Microsoft will require MFA for all Azure users
• NationalPublicData.com Hack Exposes a Nation’s Data – Krebs on Security
• National Public Data Published Its Own Passwords – Krebs on Security
• Bloomberg Law
• How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News
• German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ
• Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI
• Crypto firm says hacker locked all employees out of Google products for four days
• ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X
• Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading
• Routers from China-based TP-Link a national security threat, US lawmakers claim
• Hardware backdoors found in Chinese smart cards
• Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
• Hardware backdoors found in Chinese smart cards
• Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months