Notices by G :donor: :Tick: (cirriustech@infosec.exchange)

I uncovered a trivial to execute bypass of Conditional Access via Microsoft Intune - if you are using device filters, you need to read this now!

#Microsoft #Entra #Intune #ConditionalAccess #SecurityFeatureBypass #SecurityVulnerability #MSRC

https://cirriustech.co.uk/blog/outtatune-vulnerability/

This is kinda cool - my #Azure #VaultRecon vulnerability (that #Microsoft say is by design and is not a vulnerability) is now listed in the #CloudVulnDB 🤩 #SecurityResearch —#CloudSecurity #KeyVault #Enumeration #SharingIsSecuring #WeAllWinTogether 🤘🏻💪🏻

https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration

@fellows @GossiTheDog It’s being sunsetted on December 1st 2025 BTW: https://help.clearbit.com/hc/en-us/articles/6987867587607-Legacy-Logo-API-I-FAQ

@patrickcmiller Viber doesn’t have passwords, it is device and phone number linked

Red pill or blue pill?

😂😂

@thomasfuchs Those are usually called dating apps… 😏

Router & Mesh firmware updates time

Monday this week = my last therapy session. On the one hand, it’s a huge milestone that therapist and I both believe I don’t need any more sessions at this time. On the other hand, will miss these sessions - have a good rapport with my therapist and enjoy talking to her. Progress though - huge progress from where I was!

I love/hate powershell. Same as it ever was!

New Years Resolution : Not to make any.

Same as every other year. Once again I’m smashing it.

*** Home security reminder ***

A lot of people are going away for Xmas which makes their homes easy pickings for burglars.

For security reasons, I strongly recommend leaving one of your children behind to construct a series of elaborate booby traps to defend your interests.

@alyssam_infosec @SwiftOnSecurity I also think we need to stop calling them the basics or 101 and instead refer to them as foundational. Might sound silly, but some of them are not necessarily simple, but they are the foundations of a strong security posture. Basics/101 can downplay their value.

@C0redump 4 - I didn’t get the spring booster in March, didn’t qualify but my wife did.

Ugh. Boost-whacked.

That’s every single COVID vaccine that has walloped me.

@hacks4pancakes @mttaggart @siliconshecky World you want this in our curated hashtags we are planning to formalise and share? Intention was to encourage visibility of toots for certain a topics.