Microsoft Email Breaches, API Security Concerns, and Irresponsible Vulnerability Disclosure

Summary: The guys discuss a recent privileged account compromise at Microsoft corporate that resulted in an email breach. They speak high-level of API security concerns and what to expect in the future. Finally they cover a recent example of vulnerability disclosure done poorly that left potentially 160,000 WordPress websites being exploited.<br> As always they end with One Cool Thing.<br> <a href="https://podcast.musc.edu/podcast/infosec/e71-infosecicu/" target="_blank" rel="noopener noreferrer">Show Notes</a><br> <br> Resources:<br> Microsoft admits email hack<br> <a href="https://www.darkreading.com/attacks-breaches/microsoft-downplays-scope-of-email-attack-/d/d-id/1334423">https://www.darkreading.com/attacks-breaches/microsoft-downplays-scope-of-email-attack-/d/d-id/1334423</a><br> API Security Concerns<br> <a href="https://www.scmagazine.com/home/opinion/5-things-you-need-to-know-about-api-protection/">https://www.scmagazine.com/home/opinion/5-things-you-need-to-know-about-api-protection/</a><br> Security researcher dropping 0-days<br> <a href="https://arstechnica.com/information-technology/2019/04/a-security-researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users/">https://arstechnica.com/information-technology/2019/04/a-security-researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users/</a><br> One Cool Thing<br> The Data Map:  <a href="https://thedatamap.org/">https://thedatamap.org/</a><br> Monitor Darkly:  <a href="https://www.youtube.com/watch?v=zvP2FEfOSsk">https://www.youtube.com/watch?v=zvP2FEfOSsk</a><br> Contact<br> Email <a href="mailto:infosecicu@musc.edu">infosecicu@musc.edu</a><br> Twitter:<br> <br> * <a href="https://twitter.com/Gerald_Auger" target="_blank" rel="noopener noreferrer">Gerry Auger (@Gerald_Auger)</a><br> * <a href="https://twitter.com/sgcardinal" target="_blank" rel="noopener noreferrer">Steven Cardinal (@sgcardinal)</a><br> <br>