This week we discuss Salt Typhoon and the terrible idea of backdoors (and I mis-remember the backdoor discussion in 2008 - encryption vs. telcos!) and the Microsoft MFA brute forcing.

Article 1 - Salt Typhoon forces FCC's hand on making telcos secure their networks
Supporting Articles:
China's Salt Typhoon recorded top American officials' calls, says White House
US alleges China hacked calls of 'very senior' political figures, official says
US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
Wyden legislation would mandate FCC cybersecurity rules for telecoms
Wiretap Telecom

Article 2 - Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss an academic paper through Venture in Security talking about how companies will rely more and more on legal reasoning and decision making vs. technical reasoning and decision making, and we quickly hit on ATT&CK v16.

Article 1 - Venture in Security Response - Blessed are the lawyers, for they shall inherit cybersecurity
Supporting Articles:
Original Paper - Blessed Are The Lawyers, For They Shall Inherit Cybersecurity

Article 2 - V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Today we discuss the Detection Engineering Behavior Maturity Model, which is a new Capability Maturity Model for Detection Engineering (surprise!) from Elastic. It seems a little overly complicated to me (M.) but super useful despite that!

Article that we originally saw

Direct link to Elastic Blog Post

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!