Cybersecurity Headlines Week in Review: Salt Typhoon saga, Microsoft MFA bypass, Yahoo cuts Paranoids
Dec 13, 2024
This week’s guest is Jimmy Sanders, President of ISSA International, a pivotal figure in cybersecurity with plans for a 40th anniversary celebration. He discusses the intricate Salt Typhoon espionage campaign, exploring its advanced techniques. The conversation shifts to vulnerabilities in multi-factor authentication, specifically the 'AuthQuake' attack, raising concerns about MFA's reliability. Additionally, the impact of layoffs at Yahoo, particularly within the security team, highlights the evolving landscape and challenges in cyber defense.
AI Snips
Chapters
Transcript
Episode notes
Salt Typhoon's Novel Attack
- Salt Typhoon's novel attack method on T-Mobile was surprising to the CSO, raising concerns about zero-day exploits.
- Uncertainty about the adversary's eviction and the targeting of senior U.S. officials add to the gravity of the situation.
Evolving Attack Strategies
- Recognize that bad actors evolve their tactics when old ones fail, as seen with Black Basta's shift to social engineering.
- Continuously improve security measures to counter evolving threats and force attackers to adapt or target easier victims.
Data Broker Lawsuit
- Texas is suing a data broker linked to Allstate for sharing user data without consent, regardless of data sale.
- The core issue is the lack of user consent, highlighting the importance of transparency even if data improves services.