Risky Business #716 -- This ain't your grandma's cloud

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Tenable gives Microsoft a spray over Azure bug fix delay, quality
• Lateral movement fun via Azure Active Directory Cross-Tenant Synchronization
• Ransomware targets hospitals, special needs schools
• Japan’s cybersecurity has some catching up to do
• Much, much more

This week’s show is brought to you by Corelight. Brian Dye, Corelight’s CEO, is this week’s sponsor guest.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
• Microsoft resolves vulnerability following criticism from Tenable CEO
• New Microsoft Azure AD CTS feature can be abused for lateral movement
• Hackers force hospital system to take its national computer system offline
• Israeli hospital redirects new patients following ransomware attack
• Russia-linked cybercriminals target school for children with learning difficulties
• Hackers accessed 16 years of Colorado public school student data in June ransomware attack
• Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms
• China hacked Japan’s classified defense cyber networks, officials say - The Washington Post
• Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company - SentinelOne
• Ukraine says it thwarted attempt to breach military tablets
• The Mystery of Chernobyl’s Post-Invasion Radiation Spikes | WIRED
• Radiation Spikes at Chernobyl: A Mystery Few Seem Interested in Solving
• U.K. election regulator says hackers had access for over a year but elections still secure
• Exclusive: DHS Used Clearview AI Facial Recognition In Thousands Of Child Exploitation Cold Cases
• Eight Months Pregnant and Arrested After False Facial Recognition Match - The New York Times
• New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips | WIRED
• New Inception attack leaks sensitive data from all AMD Zen CPUs
• Spyware maker LetMeSpy shuts down after hacker deletes server data | TechCrunch
• ‘Crypto couple’ pleads guilty to money laundering, as husband admits to carrying out Bitfinex hack
• Google Online Security Blog: Android 14 introduces first-of-its-kind cellular connectivity security features
• Risky Biz News: Russian bill will hide the PII data of military, police, and intelligence agents