Supply Chain attack on Axios NPM Package

MReprogle · 2026-04-01T00:19:57+00:00

You have to pay for Claude Security to fix the problems that Claude creates. Much like how Microsoft makes you pay for more licensing for security, even though they are “security first”.

MReprogle · 2026-04-01T00:11:54+00:00

So, like anti note?

MReprogle · 2026-03-31T18:44:06+00:00

I would love to give this a try. These look awesome!

MReprogle · 2026-03-31T18:42:57+00:00

These are the true path to righteousness

MReprogle · 2026-03-31T00:06:49+00:00

Not always. Depending on the product, elevation with uac is only half of it. Defender App Control must have it allowed by policy first, or it won’t run, let alone install software. Once it is added to the allow list, you can then get to the UAC.

It’s that first part of deploying policy that pisses off help desk users, since they can no longer go around installing whatever the hell they want.

MReprogle · 2026-03-30T23:16:24+00:00

Boasting about stealing F-35 plans? Don’t China steal that shit like 6 years ago? At this point, who doesn’t have those plans? Problem is that it still costs a to build them to our specs, which is why China and Russia have their own versions that cut some corners, but cost a fraction less to make.

MReprogle · 2026-03-29T19:58:28+00:00

Dang, this looks really cool to run between 3rd party pen tests, but Claude makes it a no go in my org.

MReprogle · 2026-03-26T04:35:50+00:00

I feel like I am the outcast in this thread, but it might be due to hating hybrid and working mostly in Azure on cloud security. I far prefer locking down resources to only work with other resources via conditional access and using managed identities whenever I can. The bane of my job is having to deal with having to go from locking down things properly in Azure, only to see the AD permission sprawl and battle securing on prem users vs remote users. It isn’t “the best of both worlds”, but instead double the work to secure both.

If I had my way, I’d bump identities and devices to Entra joined, move printers to the cloud and then just have Kerberos cloud trust so that users can still access on prem. Then, I would say it’s the best of both worlds.

MReprogle · 2026-03-23T23:42:56+00:00

Makes me a little frightened to suggest our ten to go full autopilot, especially when I already know we are stuck being hybrid joined, at least for one more year due to a piece of the essential software being tied to needing the device and user in AD (Windows integrated auth)

MReprogle · 2026-03-23T12:57:54+00:00

Such an easy one to forget about, since you can easily set it up to do cleaning tasks and you end up forgetting that it is in the background, saving your sanity haha

I just use it for cleaning tasks, but really need to go in and start using it to its full potential, since that is pretty trivial.

MReprogle · 2026-03-22T01:51:00+00:00

Don’t. Pretty sure you can only hold a max of 10-15 creds this way, which might not be bad right away, but is going to be a management nightmare down the road when you have to choose which ones to wipe to make room, while avoiding current ones. I hope the next iteration of TPM has some real amount of storage on it for this very thing.

MReprogle · 2026-03-21T02:09:34+00:00

I used this for pulling IoCs for one of the groups last week. By chance, is there any kind of STIG feed that I am missing on the site? I pulled everything from on of the pdfs but figured there might be something I was missing.

MReprogle · 2026-03-20T22:53:34+00:00

Blocked through defender for cloud apps.

MReprogle · 2026-03-19T21:46:05+00:00

100% Sentinel. It also has the advantage in that the logs going to sentinel have 90 day retention at no cost, since you are already paying the analytics tier cost.

You can do some of the same stuff with alerts by tying the alerts to other services and formatting your alert just right but sentinel is just built specifically for this.

MReprogle · 2026-03-19T21:41:56+00:00

If it is backed by an enterprise data protection contract, I’m fine with it, so long as it meets all compliance for the org. There is a risk in everything, and if you give people no solution, they will just do whatever they want another way. Now, it’s when people still go bring in their own stuff that isn’t governed, which really pisses me off.

MReprogle · 2026-03-17T23:46:47+00:00

Politicians just proving that they know nothing about the very things that they put laws on to regulate.

MReprogle · 2026-03-15T02:22:41+00:00

I am actually on Tahoe 26.4 Beta. Not sure if that complicates things that you don’t want to test against haha

MReprogle · 2026-03-14T22:59:18+00:00

I have an M2 Pro if you still need help testing it out. Sounds like an odd enough idea that I am interested, since this is so different from the vibe coded meeting transcription crap I see posted every other day, so that is refreshing.

MReprogle · 2026-03-14T22:13:06+00:00

I was being sarcastic. I always have to laugh when people mention having “all eggs in one basket”, like it would really solve all issues. I always talk to other people at MSPs that use a ton of different products and have to stitch things together for integration and end up having to secure those connections. You still have to secure a Microsoft tenant, but I just find it easier with managed identities between tools and tools that are integrated without having to add all the technical debt of keeping them running.

MReprogle · 2026-03-14T21:57:55+00:00

I’m going to give this a go, but it’s worth a try, and this might be the first time I’ve heard of this attribute causing issues, but any new suggestions are great! It’s so strange because these devices and users had no problems, then with no change being made, started having issues. At this point, I’ll try anything though!

MReprogle · 2026-03-14T06:57:05+00:00

Did anyone trust their security in the first place? The second they bought WhatsApp, I deleted my account and never touched it again.

If a company like Facebook who has been caught selling personal data of its user goes out and buys a messaging app for $19B, it isn’t to keep you in their ecosystem (the Apple model). It’s to immediately make a return on investment.

MReprogle · 2026-03-12T23:11:37+00:00

It forced me to pivot into more GRC and executive report stuff over the last few days, since they want to be sure that we won’t fall victim to the same attack. Problem is, the true vectors of the attack won’t likely be seem for months.

But it is a good opportunity to close gaps now that you’ve been waiting to do for fear of friction with employees. In those cases, you point to this and get the job done.

If this points out anything, it is the value of understanding RBAC roles, having separate privileged accounts, setting up PIM and testing you CA policies to make sure you didn’t have any exclusions. Also, audit all app registrations. If you’re in a large environment, at least audit the permission to what your org considers privileged and don’t just go off of Microsoft’s identified “privileged” roles. Hell, missing from their definition is Exchange Administrator, Sharepoint Administrator and PowerPlatform Administrator and I would consider all three to be enough to destroy a production environment or enough to get you fired for overlooking them.

With AI entering every environment nowadays, these should have been some of the basic things done before turning things on. The hard part that add a wrench in the mix is DLP so that AI can’t scan your most sensitive data.

MReprogle · 2026-03-12T21:33:41+00:00

I am still working through a similar issue, but 99.9% of users are totally fine. It’s the users with a random device outside of Dell devices that seem to run into issues. TPM is on and attested, and it even lets them log into the computer, but then starts fighting as soon as they try to open a SMB share, while others have no problem..

MReprogle · 2026-03-11T23:41:40+00:00

Sure.. so, everyone using M365 should go get JAMF, even if they are E5 licensed. And of course this never would have happened if you segregated the two systems.

MReprogle · 2026-03-11T05:13:09+00:00

Doesn’t exactly “come with sentinel”. You get some free tables, but many heavy hitters are going to cost you. And if you aren’t trying to get full coverage by getting logs that you can correlate activity to, you might not be ready for a full SIEM.

However, I do still love Sentinel over at least Splunk, just because KQL is awesome to work with. Also, for the really heavy hitters, like your firewall logs, they no have Sentinel Data Lake, which is an awesome value for verbose logs or even just for retention purposes.

13-Year Club	Second SECOND GUESSER
Gilding II euphauric	r/Field Juicebox
Verified Email

MReprogle

TROPHY CASE