2 Minute Drill: In this episode of the 2 Minute Drill, Drex DeFord dives into the latest cybersecurity revelations involving Microsoft. Discover the shocking details behind the ignored security flaw in ADFS that led to the infamous SolarWinds attack, and learn about a newly discovered bug that allows email impersonation from Outlook accounts. Drex also highlights an innovative AI solution from SoftBank designed to calm angry customer calls. Stay informed and stay secure with these crucial updates.
Remember, Stay a little paranoid.
Subscribe: https://www.thisweekhealth.com/subscribe/
Linkedin: https://www.linkedin.com/company/ThisWeekHealth
Twitter: https://twitter.com/thisweekhealth
Donate: Alex’s Lemonade Stand: Foundation for Childhood Cancer - https://www.alexslemonade.org/mypage/3173454
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey everyone. I'm Drex, and this is the two minute Drill where we do at least three stories at least two times a week. All part of one great community. The 2 29 Cyber and Risk Community. Here at this week, health Order is the exclusive sponsor of the Two Minute Drill. Their latest product Chasm is available now in the AWS marketplace.
It's a great way to find and eliminate blind spots. Check out this week, health.com/order. That's ORDR this week, health.com/order. Thanks for joining me today. Here's some stuff you might want to know about. I feel like there's a lot of bad news lately from Microsoft. On Tuesday's Drill, I talked a lot about them.
And it turns out, there's even more reporting on Microsoft this week from ProPublica. There's two incredible stories I've posted on ThisWeekHealth. com slash news. They outline the story of a former Department of Defense, then Microsoft employee, trying to alert Microsoft from the inside that there was a serious security flaw in Active Directory Federation Services, or ADFS, the product that allows users, all of us, to log into networks and access all the things we need.
The flaw, the employee said, could allow attackers to masquerade as legitimate employees and rummage through the organization's crown jewels, from national security secrets, to corporate IP, to personal emails, without tripping normal security alarms. But reportedly, Microsoft decided to ignore the warning.
he was always rebuffed and in:S. history. The same attack was used to take sensitive data from the National Nuclear Security Administration, the National Institutes of Health, and the U. S. Treasury Department. It turns out much of the U. S. government, including the U. S. military and millions of other companies, relied on this Microsoft product, ADFS, and the built in flaw was letting all of them down from a cyber perspective.
If I had another 30 minutes, I could lay out the rest of the story, but if you want the bloody details, and you should because it's actually a really good story, check out ProPublica's article. If you use Microsoft products, it's kind of a must read. ProPublica, by the way, does a really great job of writing in a mostly non technical, mostly plain English way, which you all know that I love.
And while I'm on the Microsoft path, here's another story you should know about. There's an article in TechCrunch about a researcher who's found a bug that allows anyone to impersonate Microsoft corporate email accounts, which makes phishing attempts look super legit. And that means they're more likely to be opened and the contents The links or the attachments more likely to be clicked on.
At this point, the bug has not been patched. Not only that, the guy who found the bug has kind of been brushed off by Microsoft. So he did what bug finders do. He took the X and he explained the problem, but actually he did a nice work because he did not provide the details so it didn't become an explainer to the bad guys on how to weaponize the bug.
And then he shared examples with the folks at TechCrunch. The bug can only be used when sending email from Outlook accounts. But that's a pool of about 400 million accounts. Hopefully there's more attention on this report now at Microsoft. And last but certainly not least, a Japanese telecommunication company, SoftBank, has been working on an AI powered emotion canceling tech solution that helps make the voices of angry customers sound calmer during calls with a service desk representative.
No, I'm not kidding. Do me a favor and join the 229 cyber and risk community. It's simple. Just check out thisweekhealth. com slash security and then tap the join the community button and I'll keep you up to date on all the latest news and events. Thanks to our partner ORDER, the exclusive sponsor of the two minute drill.
ORDER can help with security hygiene by identifying assets with vulnerabilities. missing critical security controls, or out of date software. Check out ThisWeekHealth. com slash order for more information. That's it for today's two minute drill. Thanks for hanging out, stay a little paranoid, and I'll see you around campus.