Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec Defensive Security Podcast Episode 318
Aug 26, 2025
This installment dives into the latest cybersecurity threats, including a downgrade attack that circumvents FIDO authentication in Microsoft Entra ID. There's a deep exploration of vulnerabilities in Docker Hub and the rising danger of ransomware such as Charon. The concept of vibe coding is introduced, discussing how AI can assist novice coders while also raising security concerns. Additionally, the podcast highlights the market for initial access brokers, revealing how compromised access is sold on the dark web. Tune in for practical security tips and a fun teaser about an upcoming live event!
AI Snips
Chapters
Transcript
Episode notes
Prevent Authentication Downgrades
- Disable authentication downgrade paths so FIDO/passkeys cannot be bypassed via a proxy spoofing older browsers.
- Audit clients and block non-FIDO-capable browsers where possible to avoid fallback to weaker MFA.
Attackers Target Surrounding Logic
- This attack highlights that adversaries focus on surrounding implementation and fallback logic, not the core FIDO protocol itself.
- Treat FIDO as strong but monitor and harden the surrounding authentication flows and proxies.
Treat Public Images As Untrusted
- Avoid running unvetted public container images and treat Docker Hub images like unknown USB drives.
- Use image scanning, SCA, and short-lived container redeploys to reduce exposure to embedded vulnerabilities like the XZ backdoor.