Recent searches

No recent searches

Search options

Not available on photog.social.
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

242
active users

photog.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#zerotrust

2 posts2 participants0 posts today
G :donor: :Tick:

🚨 𝗢𝘂𝘁𝘁𝗮𝗧𝘂𝗻𝗲: 𝗧𝗵𝗲 𝘀𝗼𝗿𝘁𝗮, 𝗻𝗼𝘁-𝗿𝗲𝗮𝗹𝗹𝘆, 𝗳𝗶𝘅

Earlier this year, I disclosed a security flaw in Microsoft Intune’s Conditional Access device filtering — where attackers with local admin rights could 𝙨𝙥𝙤𝙤𝙛 𝙙𝙚𝙫𝙞𝙘𝙚 𝙥𝙧𝙤𝙥𝙚𝙧𝙩𝙞𝙚𝙨 like device.model to 𝙗𝙮𝙥𝙖𝙨𝙨 𝙥𝙤𝙡𝙞𝙘𝙮 𝙚𝙣𝙛𝙤𝙧𝙘𝙚𝙢𝙚𝙣𝙩.

At first, it was marked “𝘽𝙮 𝘿𝙚𝙨𝙞𝙜𝙣.”
Then “𝙈𝙤𝙙𝙚𝙧𝙖𝙩𝙚 𝙨𝙚𝙫𝙚𝙧𝙞𝙩𝙮.”
Now, Microsoft says it’s “𝙛𝙞𝙭𝙚𝙙.”

🩹 𝗪𝗵𝗮𝘁 𝗰𝗵𝗮𝗻𝗴𝗲𝗱?
• Documentation now warns that 𝙨𝙤𝙢𝙚 𝙙𝙚𝙫𝙞𝙘𝙚 𝙥𝙧𝙤𝙥𝙚𝙧𝙩𝙞𝙚𝙨 𝙖𝙧𝙚 𝙪𝙣𝙩𝙧𝙪𝙨𝙩𝙚𝙙
• UX nudges were added in the CA policy editor and dashboard
• My name will appear in the MSRC researcher acknowledgements

🔐 𝗪𝗵𝗮𝘁 𝗱𝗶𝗱𝗻’𝘁 𝗰𝗵𝗮𝗻𝗴𝗲?
• 𝙉𝙤 𝙩𝙚𝙘𝙝𝙣𝙞𝙘𝙖𝙡 𝙘𝙤𝙣𝙩𝙧𝙤𝙡𝙨 prevent tampering
• Attackers can still 𝙢𝙤𝙙𝙞𝙛𝙮 𝙧𝙚𝙜𝙞𝙨𝙩𝙧𝙮 𝙫𝙖𝙡𝙪𝙚𝙨 and pass Conditional Access checks
• 𝘿𝙚𝙫𝙞𝙘𝙚 𝙩𝙧𝙪𝙨𝙩 𝙞𝙨 𝙨𝙩𝙞𝙡𝙡 𝙬𝙧𝙞𝙩𝙖𝙗𝙡𝙚 𝙗𝙮 𝙩𝙝𝙚 𝙙𝙚𝙫𝙞𝙘𝙚

New blog post here →
🔗 cirriustech.co.uk/blog/outtatu

If you rely on Intune or Entra for Zero Trust enforcement, 𝗿𝗲𝗮𝗱 𝘁𝗵𝗶𝘀.
And maybe… stop trusting the registry.

CirriusTech | Serious About Tech · Turn On, Tune In, Cop Out: The sorta, not-really, fix for OuttaTune from MicrosoftHighlighting Microsoft’s documentation and UX tweaks--and the remaining unfixed vulnerability
#Microsoft#Intune#Entra
G :donor: :Tick:

🚨 OuttaTune — The Microsoft Intune Conditional Access bypass I reported is now officially closed by MSRC (again).

It began as “By Design”… then was reclassified as a Moderate severity vulnerability… led to a product group meeting… and ultimately forced Microsoft to revise their official Conditional Access guidance.

Yet now it’s closed - with no fix timeline, no CVE, and no researcher credit. 🤷‍♂️
Let’s unpack it. 👇

🔍 The Issue
Intune lets you apply Conditional Access policies using device filters - say, “block access to Office 365 from DevBox VMs.”

But that device model? It’s just a registry key.
A local admin can change one line, sync the device, and suddenly it’s not a DevBox anymore. It’s “Compliant.” It’s trusted. It’s in.

🧪 Microsoft’s Initial Response

“This is by design.”
“Assignment filters should be used sparingly.”
“Intune cannot accurately lock down a device if an admin on the machine is actively working against management.”

Wait - imagine Microsoft saying that about Defender for Endpoint:

“Sorry, if someone has admin, Defender just gives up.”

Of course they wouldn’t say that. Because security controls must assume hostile actors. Why should Intune be any different?

🛠️ The Outcome
• I pushed back, published my findings, and spoke directly with Microsoft’s product teams.
• They reclassified the issue as a Moderate security vulnerability.
• They changed official documentation to warn against using properties like device.model in isolation.
“Microsoft recommends using at least one system defined or admin configurable device property…”

That change exists because of this research.

📉 But the Case Is Now Closed

MSRC insists that:

“This requires admin and knowledge of policy filters, so it remains Moderate.”

But attackers don’t need to know your exact filters - they can just trial different registry values and sync until they’re in. No alerts. No resistance. No risk of detection unless you’ve layered in custom EDR rules.

And admin access is table stakes. We can’t keep pretending that post-exploitation scenarios don’t matter.

💬 Final Thoughts

Conditional Access isn’t just about who you are - it’s supposed to account for where and what you’re accessing from.

But when enforcement relies on unverified local data, the door isn’t locked. It’s not even shut.
We’ve just convinced ourselves that it is.

🔐 Trust nothing. Validate everything.
Even the registry keys your policies depend on.

Blog link: cirriustech.co.uk/blog/outtatu

CirriusTech | Serious About Tech · OuttaTune: Bypassing Conditional Access in Microsoft IntuneExposing how Microsoft Intune's device filtering can be trivially bypassed to evade Conditional Access controls.
#Intune#Microsoft365#ConditionalAccess
Simple Nomad

Ok for some reason when I mentioned non-human identities and tracking them, a number of people assumed aliens or something, or just AI agents. What I am looking for are some insights into authentication actions on computer systems - using tokens, APIs, stored secrets, and so on - where a human is not directly involved in the interaction. Yes, AI could be involved, think MCP especially. I know there are tools out there to manage this, just wondering. Think using Okta SSO etc but not human users at all. Thoughts? Opinions? To me this is the next step in zero trust, in that one should have the same principles in place between any and all systems be they human or automated in that are they who or what they claim to be and are they authorized to do go forward and do what they are trying to do. #infosec #security #zerotrust

BGDon

Salt Typhoon , a People’s Republic of China (PRC) state-backed cyber attack group is accelerating efforts to probe weaknesses in U.S. cyber infrastructure, while the US Administration dithers and is actively undermining U.S.Cyber Defenses. Examples:

1) FY26 budget includes a $177.4M cut to CISA’s “Cyber Operations,” including its Threat Hunting team which provides technical support to local governments and critical infrastructure operators.

2) FY26 budget includes a $14M cut to the Joint Cyber Defense Collaborative (JCDC), a hub for cyber threat intelligence and coordinating public-private cyber incident responses.

3) June 6 EO removed requirements for federal software vendors to submit proof that their products met secure development standards.

The Homeland Security Secretary recently testified that the administration “still [does not] necessarily know how to stop the next Salt Typhoon.” WIKES! justsecurity.org/116896/what-i #CyberSecurity #SaltTyphoon #CyberEspionage #Hackers #Security #ZeroTrust

*
LMG Security

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

In June 2025, a quiet executive order from the White House eliminated several key cybersecurity requirements for federal systems. In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down what’s changing and why it matters for your organization.

We'll share:
▪ Which cybersecurity rules were rolled back (and which ones remain)
▪ What the removal of secure software attestations means for vendors
▪ Why post-quantum encryption and the FTC Cyber Trust Mark still matter
▪ How this moment echoes past compliance gaps like PCI
▪ What security leaders should prioritize right now

▶ Watch the video: youtu.be/GIWBHKwydMA
🎧 Listen to the podcast: chatcyberside.com/e/executive-

#FederalCybersecurity#CyberExecutiveOrder#CybersecurityPolicy
LMG Security

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: darkreading.com/endpoint-secur

#CyberSecurity#PenetrationTesting#Pentest
LMG Security

What Happens When AI Goes Rogue?

From blackmail to whistleblowing to strategic deception, today's AI isn't just hallucinating — it's scheming.

In our new Cyberside Chats episode, LMG Security’s @sherridavidoff and @MDurrin share new AI developments, including:

• Scheming behavior in Apollo’s LLM experiments
• Claude Opus 4 acting as a whistleblower
• AI blackmailing users to avoid shutdown
• Strategic self-preservation and resistance to being replaced
• What this means for your data integrity, confidentiality, and availability

📺 Watch the video: youtu.be/k9h2-lEf9ZM
🎧 Listen to the podcast: chatcyberside.com/e/ai-gone-ro

YouTubeWhen AI Goes Rogue: Blackmail, Shutdowns, and the Rise of High-Agency MachinesBy LMG Security
#AIsecurity#RogueAI#ZeroTrust
LMG Security

New NIST Zero Trust Guidance Alert!

Looking to implement zero-trust architecture (ZTA) but unsure where to start? NIST just released SP 1800-35, offering 19 real-world examples of zero-trust implementations using commercial, off-the-shelf tech.

Built with 24 industry collaborators over four years, this detailed playbook bridges the gap between theory and practice.

Key takeaways for your organization:
• Map your ZTA to the NIST Cybersecurity Framework
• Start with what you have — identify existing tech
• Roll out incrementally: identity, MFA, access controls
• Validate and monitor continuously
• Treat ZTA as a journey, not a one-and-done project

Read the article for advice on your zero-trust journey: darkreading.com/endpoint-secur

#ZeroTrust#Cybersecurity#NIST
LMG Security

Non-Human Identities: The Hidden Risk in Your Stack

Non-human identities (NHIs)—like API keys, service accounts, and OAuth tokens—now outnumber human accounts in many enterprises. But are you managing them securely? With 46% of organizations reporting compromises of NHI credentials just this year, it’s clear: these powerful, often-overlooked accounts are the next cybersecurity frontier.

Read The Hacker News article for more details: thehackernews.com/2025/06/the-

#IdentitySecurity#CyberRisk#APIsecurity
Alex Vranas

Big news: I’ve joined @tailscale as a Customer Support Engineer!

As a homelabber and self-hoster, I fell in love with Tailscale for how effortlessly it makes private networking just work. Now I get to be part of the team building the new internet—one that’s secure by default, peer-to-peer, and built around people, not infrastructure.

I’m beyond excited to be part of this team.

#tailscale#job#opensource
Bogomil Shopov - Бого

I decided to share some of my observations that would benefit you if you are building applications: a deep dive session into the archetypes of attackers.

This session is for people who are developing software of any kind. It could be an API endpoint, a blog, or a complex application used by millions.

Join in or share with smart people.

Let me help you!

talkweb.eu/whos-attacking-you/
#cybersecurity #threatmodeling #zerotrust

talkweb.euA deep dive session into the archetypes of the attackers. – Bogomil Shopov – Бого
Walker

When can we declare IP Geo location / country code blocking practically dead as a mitigation strategy?

Sure it is still useful blocking script kiddies from Iran and other low hanging fruit, but do any serious APT crews actually launch attacks from their home country anymore?

With the use of zero trust, distributed attack and delivery networks (looking at you Cloudflare), and VPN usage country blocking feels less useful than in the past.

#zerotrust#geoblocking#apt
Live feeds
About