Happy Tuesday All,

Monday was a holiday to do NO LABOR! Wait that’s not what that holiday means…oh well. We are back on a Tuesday!

We enjoyed this recent blog post from Microsoft Threat Intel team detailing a threat actors TTPs to compromise cloud-based data storage. What I found interesting is their on-prems to cloud lateral movements. Across multiple domains and across multiple Entra ID tenants within a single customer. A lot of you deal with this due to your business conducting multiple M&As over many years. Just goes to show the basics matter, hygiene matters, full visibility which mean full coverage matters. (off soap box)

Also, had a fun time watching a YouTube video of AzureHound being used to help easily identify relationships and permissions in an Azure environment. For example, to locate a user who had elevated privileges on a non-human identity (Service Principle) which had assigned global admin 🙄😐😑. This was one of the tools the threat actors used for recon.

Hope everyone has a great short work week and enjoys the read! Click Here for Blog

In the meantime, we will occasionally (randomly) post tips, tricks, news and some of our favorite words of wisdom aka “Ed’s Edibles”, Rod Rant’s, Frank’s Fumble’s and Brodie’s Babble’s until our return.

Ed’s Edibles:

• Aim to be effective, but unpredictable. That is, you want to act in a way that AIs have trouble modeling or imitating. That makes you irreplaceable.

Rod Rants:

• If you think someone is normal, you don’t know them very well. Normalcy is a fiction. Your job is to discover their weird genius.

  Brodie Babbles:

• When someone texts you they are running late, double the time they give you. If they say they’ll be there in 5, make that 10; if 10, it’ll be 20; if 20, count on 40.

Frank’s Fumbles:

• You can become the world’s best in something primarily by caring more about it than anyone else.

Other Security Notes and News:

⁠Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier⁠ (The Record)

⁠Google issues emergency warning for all Gmail users⁠ (Geekspin)

⁠TransUnion Data Breach Impacts 4.4 Million⁠ (Security Week)

⁠Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware⁠ (Infosecurity Magazine)

⁠US Senators Call for Details of Aflac Data Breach⁠ (Bank Infosecurity)

⁠Ransomware gang takedowns causing explosion of new, smaller groups⁠ (The Record)

⁠FBI, Dutch cops seize fake ID marketplace, servers ⁠ (The Register)

⁠Florida Considers Rule to Improve Healthcare Data Breach Transparency⁠ (The HIPPA Journal)

⁠Affiliates Flock to ‘Soulless’ Scam Gambling Machine⁠ (Krebs on Security)