Video Episode: https://youtu.be/2YiTiU75inA
In today’s episode, we discuss Microsoft’s innovative approach to fighting phishing attacks using fake Azure tenants as honeypots to gather intelligence on cybercriminals, as highlighted by Ross Bevington at BSides Exeter. We also cover Cisco’s DevHub portal being taken offline following the leak of non-public data by a hacker, while examining recent exploitation of the Roundcube webmail XSS vulnerability for credential theft. Finally, we delve into critical flaws identified in several end-to-end encrypted cloud storage platforms, including Sync and pCloud, raising concerns over user data security.
Articles referenced:
1. https://www.bleepingcomputer.com/news/security/microsoft-creates-fake-azure-tenants-to-pull-phishers-into-honeypots/
2. https://www.bleepingcomputer.com/news/security/cisco-takes-devhub-portal-offline-after-hacker-publishes-stolen-data/
3. https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html
4. https://www.bleepingcomputer.com/news/security/severe-flaws-in-e2ee-cloud-storage-platforms-used-by-millions/
Timestamps
00:00 – Introduction
00:52 – Microsoft Phishing Honeypots
02:51 – Webmail Roundcube XSS
03:54 – CSP Vulns
05:08 – Cisco’s DevHub portal taken offline
1. What are today’s top cybersecurity news stories?
2. How is Microsoft using honeypots to combat phishing?
3. What happened with Cisco’s DevHub after a data leak?
4. What vulnerabilities have been discovered in Roundcube webmail?
5. What are the security issues found in E2EE cloud storage platforms?
6. How does Microsoft’s Deception Network gather threat intelligence?
7. What data was allegedly leaked from Cisco’s platform?
8. What is the significance of the Roundcube webmail XSS vulnerability?
9. Which platforms were found to have severe flaws in end-to-end encryption?
10. How does Microsoft’s approach to phishing differ from traditional methods?
Azure, phishers, honeypot, cybercriminals, Cisco, DevHub, cyber, data leak, Roundcube, phishing, JavaScript, vulnerability, security, encryption, Sync, vulnerabilities,