Forecast = Expect a scorcher 🔥 out there with a high risk of data exposure and authentication vulnerabilities.

In this episode of Storm⚡️Watch, we dive into the main topics of the day, starting with how Microsoft is enhancing privacy and security with its Windows Recall feature and Windows Hello biometric authentication. We'll also cover the recent Snowflake breach, which has impacted several major companies due to stolen credentials, and discuss Microsoft's plans to phase out the NTLM authentication protocol in favor of the more secure Kerberos protocol.

But first: Patrick Garrity!

Patrick joins us to discuss the latest trends in May and then pivot to an engaging conversation about the National Vulnerability Database (NVD) and vulnrichment, highlighting the relevant GitHub project (https://github.com/cisagov/vulnrichment).

Recall Recall - We Did It!

Microsoft has made the Windows Recall feature opt-in and secured it with Windows Hello authentication, addressing privacy concerns. Recall captures snapshots of user activity for productivity assistance and will now only decrypt data when the user authenticates with Windows Hello, adding an extra layer of security. The updated feature with enhanced privacy and security is set to release on June 18. (https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-windows-recall-opt-in-secures-data-with-windows-hello/)

Snowflake Breach - Largest Ever?

Snowflake, the cloud data analytics platform, faces a significant security incident involving unauthorized access to customer accounts using stolen credentials. Hackers targeted accounts without multi-factor authentication (MFA) enabled, affecting companies like Ticketmaster, Santander, Advance Auto Parts, and LendingTree's subsidiary QuoteWizard. Despite claims on BreachForums about selling stolen data, Snowflake asserts no breach in its own systems and attributes the incident to compromised customer credentials. The company has been criticized for its lack of transparency and is planning to roll out MFA by default for all customer accounts, though no specific timeline has been provided. (https://www.wired.com/story/snowflake-breach-advanced-auto-parts-lendingtree/)

Microsoft to Disable NTLM, Transition to Kerberos Authentication

Microsoft is moving away from the NTLM authentication protocol, advising developers to use Negotiate calls that select the most secure protocol, typically Kerberos. The next major Windows and Windows Server release will be the last where NTLM is active by default. NTLM will remain available as a fallback during the transition period, but once its usage drops to an acceptably low level, Microsoft will disable NTLM by default in a future Windows 11 release. No specific timeframe has been provided, but this transition is expected to take several more years after the next major release. (https://cybersecuritynews.com/microsoft-to-disable-ntlm/)

Can't watch? Listen here

Link to GreyNoise Twitter account
Link to GreyNoise Twitter account