DiscoverBlue SecurityApple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard
Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard

Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard

Update: 2023-09-11
Share

Description

On this week's episode, Andy and Adam talk about Apple's no-click zero day, the technical findings of the follow up investigation on Storm-0558, and the new Microsoft Conditional Access Dashboard and Templates.
-------------------------------------------


Youtube Video Link: https://youtu.be/BmHqNkQQx8I


-------------------------------------------


Documentation:


https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/


https://support.apple.com/en-ca/HT212650


https://timmyit.com/2022/08/09/lockdown-mode-in-ios-16-what-happens-if-the-device-is-already-managed/


https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/


https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/conditional-access-overview-and-templates-are-now-generally/ba-p/3888722


https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task


----------------------


Contact Us:


Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Threads: ⁠⁠⁠⁠⁠https://www.threads.net/@bluesecuritypodcast⁠⁠⁠⁠⁠


Linkedin: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Youtube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Twitch: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.twitch.tv/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


-------------------------------------------


Andy Jaw


Mastodon: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://infosec.exchange/@ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


-------------------------------------------


Adam Brewer


Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com



---

Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
Comments 
In Channel
MITRE Engenuity ATT&CK Evaluations and Insider Risk

MITRE Engenuity ATT&CK Evaluations and Insider Risk

2023-09-2624:13

MGM Resorts Security Incident

MGM Resorts Security Incident

2023-09-1835:45

Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard

Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard

2023-09-1133:36

Data Security in Microsoft 365

Data Security in Microsoft 365

2023-09-0433:31

Side channel attack, White House cybersecurity workforce plan, IBM Cost of a Data Breach

Side channel attack, White House cybersecurity workforce plan, IBM Cost of a Data Breach

2023-08-2840:03

Red Teaming with Special Guest 23P

Red Teaming with Special Guest 23P

2023-08-2137:47

Securing Entra External Identities

Securing Entra External Identities

2023-08-1426:55

Educating Defenders with Special Guest Howard Friedman, Ascent Solutions

Educating Defenders with Special Guest Howard Friedman, Ascent Solutions

2023-08-0740:02

New SEC and FCC rules, and Samsung device security

New SEC and FCC rules, and Samsung device security

2023-07-3125:39

Expanded M365 audit logs, Threads, new Entra features

Expanded M365 audit logs, Threads, new Entra features

2023-07-2430:17

Storm-0558 - Attack on Exchange Online

Storm-0558 - Attack on Exchange Online

2023-07-1725:14

Common M365 Misconfigurations

Common M365 Misconfigurations

2023-07-1026:04

What's new with Intune and Entra

What's new with Intune and Entra

2023-07-0325:00

OWASP Top 10 and Top 10 for LLM

OWASP Top 10 and Top 10 for LLM

2023-06-2632:16

Network Security 101

Network Security 101

2023-06-1926:23

MSSP's

MSSP's

2023-06-1228:33

Protecting M365 from on-premise attacks

Protecting M365 from on-premise attacks

2023-06-0530:22

Microsoft Build 2023 Recap

Microsoft Build 2023 Recap

2023-05-3038:45

Limiting Chatgpt

Limiting Chatgpt

2023-05-2231:51

Apple Rapid Security, Data Encryption, Layoffs & Insider Risk

Apple Rapid Security, Data Encryption, Layoffs & Insider Risk

2023-05-1530:37

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard

Apple 0-day's, Storm-0558 follow up, MFST Conditional Access Dashboard

Andy Jaw & Adam Brewer