Signed, sealed, exploitable. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 21 June 2025

⏱️ 17 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Dustin Childs, Head of Threat Awareness at Trend Micro Zero Day Initiative, joins to discuss their work on "ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains." The research explores two critical vulnerabilities (ZDI-23-1527 and ZDI-23-1528) that could have enabled attackers to hijack the Microsoft PC Manager supply chain via overly permissive SAS tokens in WinGet and official Microsoft domains. While the issues have since been resolved, the findings highlight how misconfigured cloud storage access can put trusted software distribution at risk. The post also includes detection strategies to help defenders identify and mitigate similar threats. The research can be found here: ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	And now a word from our sponsor, SpyCloud. Identity is the new battleground, and attackers are
0:17.9	exploiting stolen identities to infiltrate your organization.
0:21.6	Traditional defenses can't keep up.
0:23.9	SpyCloud's holistic identity threat protection helps security teams uncover and automatically
0:29.3	remediate hidden exposures across your users, from breaches, malware and fishing to neutralize
0:35.6	identity-based threats like account takeover, fraud, and ransomware.
0:40.0	Don't let invisible threats compromise your business.
0:43.0	Get your free corporate darknet exposure report at spycloud.com slash cyberwire and see what
0:49.9	attackers already know. That's spycloud.com slash cyberwire.
0:55.4	Hello everyone and welcome to the CyberWires Research Saturday.
1:10.9	I'm Dave Bittner and this is our weekly conversation with researchers and analysts tracking
1:16.6	down the threats and vulnerabilities, solving some of the hard problems and protecting ourselves
1:22.0	in a rapidly evolving cyberspace.
1:24.8	Thanks for joining us.
1:36.1	So they were looking at PC manager and noticed that the SaaS tokens that allowed access to the cloud resources were overly permissive. So as they dug into it, they found that they
1:42.0	could have allowed attackers to either retrieve sensitive
1:44.8	data in an information disclosure or manipulate sensitive data in kind of a spoofing attack.
1:50.2	That's Dustin Child's head of threat awareness with Trend Micro's Zero Day Initiative.
1:55.6	The research we're discussing today is titled ZDI 231527 and ZDI 231528,
2:02.9	the potential impact of overly permissive SaaS tokens
2:06.5	on PC manager supply chains.
	...

Transcript will be available on the free plan in 13 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.