X accounts hacked, 23andMe revisited, CA for Entitlement Management
Blue Security - Podcast autorstwa Andy Jaw & Adam Brewer - Wtorki
Kategorie:
Summary This episode of the Blue Security Podcast discusses the recent Twitter account hacks and the importance of multifactor authentication (MFA) in protecting social media accounts. The hosts also explore the lessons learned from 23andMe's credential stuffing attack and emphasize the need for MFA in handling sensitive customer information. They introduce a new feature called entitlement management in conditional access, which allows for more granular control over guest access. The episode concludes with a discussion on streamlining guest access through entitlement management. Takeaways Enable multifactor authentication (MFA) to protect social media accounts from brute force attacks and unauthorized access. Use tools that aggregate social media accounts into one platform and enable single sign-on (SSO) with MFA. Regularly review and update social media account access and permissions, removing phone numbers associated with accounts and storing passwords and MFA tokens in a secure password vault. Consider using entitlement management in conditional access to streamline and govern guest access to applications and resources. ------------------------------------------- Youtube Video Link: https://youtu.be/0pwV2Mn-l_4 ------------------------------------------- Documentation: https://thehackernews.com/2024/01/mandiants-x-account-was-hacked-using.html https://www.engadget.com/senators-want-to-know-why-the-secs-x-account-wasnt-secured-with-mfa-203614701.html https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/ https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users#review-your-conditional-access-policies ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: [email protected] ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: [email protected]