Risky Business #722 -- Microsoft embraces Zero Trust... Authentication?

<p>On this week’s show Patrick Gray, Adam Boileau and Lina Lau discuss the week’s security news. They cover:</p> <ul> <li>Microsoft’s 38TB oopsie</li> <li>MGM’s Okta compromised, was this what Okta was warning us about?</li> <li>Why we need a cyber knife fight</li> <li>Google Authenticator sync abused in the wild</li> <li>Much, much more</li> </ul> <p>This week’s show is brought to you by Push Security. Co-founder Adam Bateman is this week’s sponsor guest.</p> <p>Links to everything that we discussed are below and you can follow <a href="https://infosec.exchange/@riskybusiness">Patrick</a> or <a href="https://infosec.exchange/@metlstorm">Adam</a> on Mastodon if that’s your thing.</p> <div class="panel panel-default"> <div class="panel-heading"> <h3 class="panel-title">Show notes</h3> </div> <div class="panel-body"> <ul> <li><a href="https://cyberscoop.com/microsoft-ai-exposed-data-github/">Microsoft AI researchers exposed sensitive signing keys, internal messages | CyberScoop</a></li> <li><a href="https://twitter.com/wiz_io/status/1703759418507026663?s=20">Wiz on X: &quot;🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages. Here&#39;s what you need to know 🧵 https://t.co/2V8u9IekGV&quot; / X</a></li> <li><a href="https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/">Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token | MSRC Blog | Microsoft Security Response Center</a></li> <li><a href="https://srslyriskybiz.substack.com/p/microsofts-security-culture-just">(6