Research Saturday

Signed, sealed, exploitable.

Listen Later

Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains.

While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats.

The research can be found here:

  • ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains

    • Learn more about your ad choices. Visit megaphone.fm/adchoices

    ...more
    View all episodesView all episodes
    Download on the App Store
    Research SaturdayBy N2K Networks
    • 4.4
    • 4.4
    • 4.4
    • 4.4
    • 4.4

    4.4

    8 ratings

    More shows like Research Saturday

    View all
    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    638 Listeners

    CyberWire Daily by N2K Networks

    CyberWire Daily

    1,023 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    322 Listeners

    Click Here by Recorded Future News

    Click Here

    415 Listeners

    Cybersecurity Today by Jim Love

    Cybersecurity Today

    174 Listeners

    Hacking Humans by N2K Networks

    Hacking Humans

    314 Listeners

    CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

    CISO Series Podcast

    189 Listeners

    Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

    Defense in Depth

    73 Listeners

    Caveat by N2K Networks

    Caveat

    94 Listeners

    Career Notes by N2K Networks

    Career Notes

    15 Listeners

    Word Notes by N2K Networks

    Word Notes

    19 Listeners

    Cyber Security Headlines by CISO Series

    Cyber Security Headlines

    134 Listeners

    Hacker And The Fed by Chris Tarbell & Hector Monsegur

    Hacker And The Fed

    169 Listeners

    Passwort - der Podcast von heise security by Dr. Christopher Kunz, Sylvester Tremmel

    Passwort - der Podcast von heise security

    3 Listeners

    The AI Fix by Graham Cluley and Mark Stockley

    The AI Fix

    33 Listeners