DiscoverSecurity SerengetiSS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing
SS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing

SS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing

Update: 2024-12-16
Share

Description

This week we discuss Salt Typhoon and the terrible idea of backdoors (and I mis-remember the backdoor discussion in 2008 - encryption vs. telcos!) and the Microsoft MFA brute forcing.  


Article 1 - Salt Typhoon forces FCC's hand on making telcos secure their networks
Supporting Articles:
China's Salt Typhoon recorded top American officials' calls, says White House
US alleges China hacked calls of 'very senior' political figures, official says
US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
Wyden legislation would mandate FCC cybersecurity rules for telecoms
Wiretap Telecom


Article 2 - Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts


If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Comments 
In Channel
SS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing

SS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing

2024-12-1642:46

SS-NEWS-153 - Lawyers will Inherit Cyber

SS-NEWS-153 - Lawyers will Inherit Cyber

2024-11-1845:41

SS-DISC-152 - Detection Engineering Behavior Maturity Model

SS-DISC-152 - Detection Engineering Behavior Maturity Model

2024-11-0440:51

SS-NEWS-151: AI Companions Hacked

SS-NEWS-151: AI Companions Hacked

2024-10-2137:07

SS-NEWS-150 - T-Mobile Consent Decree and Kia Hacking

SS-NEWS-150 - T-Mobile Consent Decree and Kia Hacking

2024-10-0749:08

SS-DISC-149 - Does the Security Job Gap Exist?

SS-DISC-149 - Does the Security Job Gap Exist?

2024-09-2335:01

SS-RPRT-148: Picus Blue Report 2024

SS-RPRT-148: Picus Blue Report 2024

2024-09-0954:59

SS-NEWS-147 - Does Phishing Education need to mature like Fire Drills did?

SS-NEWS-147 - Does Phishing Education need to mature like Fire Drills did?

2024-07-2949:14

SS-NEWS-146 - Sysmon usable as EDR?

SS-NEWS-146 - Sysmon usable as EDR?

2024-07-1635:16

SS-NEWS-145 - Snowflakes are not unique, summary of incidents at .gov

SS-NEWS-145 - Snowflakes are not unique, summary of incidents at .gov

2024-06-1744:47

SS-NEWS-144

SS-NEWS-144

2024-06-0351:46

SS-NEWS-143: Minimum Viable SOC Transformation!

SS-NEWS-143: Minimum Viable SOC Transformation!

2024-05-2052:09

SS-NEWS-142: GM Sharing Driving Data, Testing Detections

SS-NEWS-142: GM Sharing Driving Data, Testing Detections

2024-05-0645:37

SS-NEWS-141: American Privacy Rights Act

SS-NEWS-141: American Privacy Rights Act

2024-04-2249:48

SS-RPRT-140: Consolidation and Merging in Cybersecurity

SS-RPRT-140: Consolidation and Merging in Cybersecurity

2024-04-0843:36

SS-NEWS-139: Maximum Overdrive Apocalypse?

SS-NEWS-139: Maximum Overdrive Apocalypse?

2024-03-2529:41

SS-BOOK-138: All Your Face Are Belong To Us

SS-BOOK-138: All Your Face Are Belong To Us

2024-03-1154:52

SS-RPRT-137: The Blue Report

SS-RPRT-137: The Blue Report

2024-02-2650:58

SS-RPRT-136: 2024 Security Predictions

SS-RPRT-136: 2024 Security Predictions

2024-02-1249:58

SS-NEWS-135: Atlas of Surveillance and the MOAB

SS-NEWS-135: Atlas of Surveillance and the MOAB

2024-01-2941:40

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing

SS-NEWS-154 - Salt Typhoon and MS MFA Brute Forcing

David Schwendinger and Matthew Keener