Security Weekly Podcast Network (Audio) Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. - SWN #487
23 snips
Jun 20, 2025 The episode kicks off with a humorous look at donuts and cybersecurity. It dives into the dangers of outdated protocols and the emerging threat of click fix attacks. A serious discussion unfolds about the rise of AI-generated code and the geopolitical tensions affecting cyber warfare. Listeners are cautioned about a critical vulnerability in backup software and the outrageous salaries offered to AI coders. The importance of the 3-2-1 backup strategy is highlighted, reminding everyone to stay vigilant against potential security scams.
AI Snips
Chapters
Transcript
Episode notes
Prepare for Microsoft 365 Auth Changes
- Microsoft 365 will block legacy auth for SharePoint and OneDrive starting July to August 2025.
- Test your apps and enforce admin consent to avoid service disruption from legacy access.
Rise of Click Fix Attacks
- Click fix social engineering attacks are rising as zero-day exploits become less popular.
- Social engineering is easier and more effective because humans are the weakest security link.
Fake Captcha Abuse Growing
- Users click fake captcha boxes due to frustration and habit, enabling attackers to execute malicious code.
- The use of Windows MSHTA executable in attacks jumped from 3.1% to 33% of defense evasion attempts this year.