Vai offline con l'app Player FM !
Risky Business #753 – Congress and vuln researchers maul Microsoft
Manage episode 424385203 series 3234705
On this week’s retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week’s security news:
- Microsoft recalls Recall, but why did it have to be such a mess
- And a Windows kernel wifi code-exec, really?
- Passkeys and identity are hard
- Scattered Spider bigwig arrested in Spain
- The pentagon runs a deeply flawed info-op
- Is it time E2E crypto nerds accept their place in the world?
- And much, much more.
This week’s show is brought to you by Corelight… Corelight’s CEO Brian Dye will be along in this week’s sponsor interview to make a really compelling case for something that shouldn’t exist… which is NDR in cloud environments.
Show notes
- Microsoft shelves Recall feature release after security uproar
- Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop
- Microsoft’s cybersecurity vulnerabilities endanger America
- US lawmakers grill Microsoft president over China ties, hacks | Reuters
- Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica
- CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability
- Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
- Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week’s show and I’ll tell you all exactly how I was wrong in next week’s show"
- Passkeys in Microsoft Authenticator and Entra ID
- Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
- MFA plays a rising role in major attacks, research finds | Cybersecurity Dive
- Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·…
- Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security
- EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com
- Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica
- Windows flaw may have been exploited with Black Basta ransomware before it was patched
- Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World
- City governments in Michigan, New York face shutdowns after ransomware attacks
- Cleveland confirms ransomware attack as City Hall remains closed
- Authorities investigating extended ‘network outage’ at organization that runs TheBus
- Pentagon ran secret anti-vax campaign to incite fear of China vaccines
- Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz"
- Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel"
- Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material
129 episodi
Manage episode 424385203 series 3234705
On this week’s retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week’s security news:
- Microsoft recalls Recall, but why did it have to be such a mess
- And a Windows kernel wifi code-exec, really?
- Passkeys and identity are hard
- Scattered Spider bigwig arrested in Spain
- The pentagon runs a deeply flawed info-op
- Is it time E2E crypto nerds accept their place in the world?
- And much, much more.
This week’s show is brought to you by Corelight… Corelight’s CEO Brian Dye will be along in this week’s sponsor interview to make a really compelling case for something that shouldn’t exist… which is NDR in cloud environments.
Show notes
- Microsoft shelves Recall feature release after security uproar
- Microsoft’s Recall puts the Biden administration’s cyber credibility on the line | CyberScoop
- Microsoft’s cybersecurity vulnerabilities endanger America
- US lawmakers grill Microsoft president over China ties, hacks | Reuters
- Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica
- CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability
- Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
- Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week’s show and I’ll tell you all exactly how I was wrong in next week’s show"
- Passkeys in Microsoft Authenticator and Entra ID
- Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED
- MFA plays a rising role in major attacks, research finds | Cybersecurity Dive
- Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·…
- Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security
- EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com
- Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica
- Windows flaw may have been exploited with Black Basta ransomware before it was patched
- Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World
- City governments in Michigan, New York face shutdowns after ransomware attacks
- Cleveland confirms ransomware attack as City Hall remains closed
- Authorities investigating extended ‘network outage’ at organization that runs TheBus
- Pentagon ran secret anti-vax campaign to incite fear of China vaccines
- Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz"
- Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel"
- Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material
129 episodi
Tutti gli episodi
×Benvenuto su Player FM!
Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.