This episode of the Security Swarm Podcast dives deep into the psychological landscape of cybersecurity, exploring the driving forces behind different threat actors. Host Andy Syrewicze welcomes first-time guest Angelica Ortega, Founder & CEO of Novify and an active member of the cybersecurity community with a sharp focus on the psychology of cybercriminals.  Together, they unravel the motivations of nation-state actors, hacktivists, and cybercriminals, highlighting the role of narcissism, risk-taking behavior, and ideological beliefs. Angelica shares personal experiences with pig butchering, a devastating form of romance scam, and discusses the emotional toll it took on a friend.   The episode also delves into the mental health challenges facing cybersecurity professionals, including burnout and the need for psychological safety in teams. Through insightful discussions and personal anecdotes, Andy and Angelica emphasize the importance of understanding and addressing the human element in cybersecurity, both on the defensive and offensive sides.   This episode sheds light on the often-overlooked psychological dimensions of cybercrime and cybersecurity, urging listeners to consider the human impact of these activities and the need for greater awareness and support for both professionals and victims.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  Threat actors can be categorized into three main groups: nation-state actors, hacktivists, and cybercriminals, each with distinct psychological motivations.   Narcissism and risk-taking behavior are common traits observed in cybercriminals, while hacktivists are driven by ideological beliefs, and nation-state actors are motivated by political goals.  Cybersecurity professionals, particularly blue teams and ethical hackers can also exhibit narcissistic tendencies due to the psychological stress and pressure of their roles.  The rise of cryptocurrency has enabled cybercriminals to more easily obfuscate illicit payments and profits, further fueling their motivations.   Romance scams and "pig butchering" schemes, where threat actors slowly gain the trust of victims over time, can have devastating psychological and financial consequences for the victims.   Educating the public, especially vulnerable groups like the young and elderly, and providing psychological support for victims of cybercrime are crucial in addressing the psychological aspects of cybersecurity.   The fear of missing out (FOMO) can be a powerful motivator for individuals to engage in risky or unwise financial decisions, which threat actors often exploit, particularly in the cryptocurrency space.   Timestamps:  (04:19) Categorization of threat actors   (07:17) Psychological traits of different threat actor groups   (09:50) Narcissism in cybersecurity professionals   (18:22) Impact of cryptocurrency on cybercrime   (25:16) Romance scams and "pig butchering" schemes   (31:36) Educating the public and providing psychological support for victims   (35:44) The role of FOMO in enabling cybercrime  Episode Resources:  Old Hornetsecurity Roundtable with some Psychology discssions -- Your organization is vulnerable to more than just technical exploits. Hackers target the human element, leveraging emotions like fear, greed, and trust to gain access and compromise systems. Learn how to protect your employees and organization with Hornetsecurity's Security Awareness Service. Hornetsecurity's Security Awareness Service empowers your employees to be your first line of defense against sophisticated attacks.   Don't wait until you've been a victim of a psychological attack. Schedule a demo today to learn about our comprehensive security solutions and protect your organization from the inside out. 

In this episode of the Security Swarm Podcast, the host Andy Syrewicze and the guest Philip Galea discuss the security implications of Microsoft's AI assistant Copilot, which is integrated into the Microsoft 365 suite. They explore how Copilot's ability to surface information from an organization's Microsoft 365 data can create significant security risks, especially for companies that lack the operational maturity to properly manage permissions and access controls.  The discussion also covers Microsoft's reactive approach to security in some of its products, where default settings are often not secure enough, and the company is slow to address these issues. The host and the guest emphasize the need for organizations to take a proactive approach to security, continuously reviewing and updating their security posture to mitigate the risks posed by Copilot and other Microsoft 365 features.   The episode also introduces Hornetsecurity's Tenant Manager tool, which aims to help organizations better manage and enforce their Microsoft 365 security settings, providing a centralized and automated way to ensure that their environments are configured according to best practices.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  Copilot makes it easy for nosy or malicious insiders to quickly surface sensitive information that they may not have proper access to.   Copilot could be abused by threat actors who compromise a user account with an active Copilot license, allowing them to easily gather intelligence and move laterally within the organization.   Microsoft's default security settings and permissions in Microsoft 365 are often too open, creating challenges for organizations to properly secure their data.   Jailbreaking Copilot to bypass its security restrictions is an ongoing concern, as it could allow users to access restricted information.   Solutions like sensitivity labels and disabling search on sensitive SharePoint sites have significant drawbacks and may not be practical for many organizations.   Tools like Hornetsecurity's Permission Manager and Tenant Manager can help organizations better manage and enforce security policies across Microsoft 365.   Continuous security awareness and training for employees is crucial to mitigate the risks posed by Copilot and other AI-powered tools.  Timestamps:  (04:37) Challenges with managing permissions and sharing in Microsoft 365   (11:20) Microsoft's history of security-related missteps and reactive responses   (16:17) Attempts to jailbreak Copilot and bypass its security restrictions   (21:08) Insider threat scenarios enabled by Copilot's data surfacing capabilities   (23:40) Threat actor scenarios and the potential impact of a compromised Copilot-enabled account   (34:16) Hornetsecurity's 365 Permission Manager and 365 Multi-Tenant Manager for MSPs solutions to help manage Microsoft 365 security. Episode Resources:  Andy and Phil’s first Episode on Sharepoint Permissions 365 Multi-Tenant Manager --  As an MSP, managing security and compliance policies across multiple Microsoft 365 tenants can be a complex and time-consuming task. The new 365 Multi-Tenant Manager for MSPs from Hornetsecurity provides a centralized solution to easily configure, enforce and monitor security settings across all your clients' environments.   With 365 Multi-Tenant Manager, you can:   Quickly create and apply security baseline policies to new and existing tenants   Automatically remediate configuration drift to ensure continuous compliance   Monitor policy adherence and receive alerts on risky changes   Streamline Microsoft 365 administration and reduce your clients' security risks   Stop juggling multiple portals and start taking control of your clients' Microsoft 365 security. Try the 365 Multi-Tenant Manager for MSPs today and simplify your Microsoft 365 management. Schedule your demo today and learn more.  --  Streamline your Microsoft 365 security with 365 Permission Manager - the tool that provides visibility, control, and automated remediation of SharePoint, OneDrive, and Teams permissions. Take back control of your data and protect against insider threats and external breaches. 

In this episode of the Security Swarm Podcast, our host Andy Syrewicze and one of our regular guests, Eric Siron discuss the latest quarterly threat report from Hornetsecurity. They dive into data points such as the breakdown of email threats, most common malicious file types, targeted industry verticals, and brand impersonations.  The conversation also covers recent security news, including Microsoft's efforts to address the aftermath of the CrowdStrike incident and a high-severity vulnerability in the Linux CUPS system. The hosts provide valuable insights and analysis, highlighting trends in the threat landscape and the evolving tactics of cybercriminals.  Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  Quarterly threat report data shows an increase in email threats in Q3 compared to Q2, driven by the ending of the summer vacation months.  PDF, archive, and HTML files remain the top malicious file types used by threat actors.  Microsoft is exploring ways to reduce security vendors' kernel-mode access after the Crowdstrike incident.  NIST has updated password guidelines, including recommendations to remove password composition rules and avoid forced password rotations.  A high-severity vulnerability in the Linux CUPS system allows remote code execution, highlighting the need to secure critical services.  The importance of securing the digital supply chain and the risks of supply chain attacks.  The challenges of convincing users to adopt secure practices, such as using password managers.  Timestamps:  (03:33) Breakdown of email threats by category  (06:58) Most common malicious file types  (11:46) Targeted industry verticals  (19:52) Impersonated brands  (22:33) Discussion of Microsoft's efforts after the Crowdstrike incident  (37:19) NIST's updated password guidelines.  Episode Resources:  Hornetsecurity Monthly Threat Reports can be found here -- Protect Your Business from Advanced Threats! Ensure your organization is safeguarded against sophisticated attacks by leveraging Hornetsecurity's Advanced Threat Protection (ATP). Stay secure and informed—discover more here! 

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Michael Posey discuss the new password guidelines and recommendations released by NIST (National Institute of Standards and Technology). They cover a range of topics related to password security, including the importance of password length over complexity, the move away from composition rules and periodic password changes, the risks associated with knowledge-based authentication, the concept of password entropy, and more!   Throughout the conversation, Andy and Michael draw on their extensive experience in the cybersecurity field to offer practical advice and perspectives on the changing landscape of password security.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  NIST recommends a minimum password length of 8 characters, with a suggested length of 15 characters or more.   NIST has recommended removal of the requirement for password composition rules, such as the need for special characters, numbers, and uppercase letters.   NIST states that password providers SHALL NOT require periodic password changes unless there is evidence of a breach, as this can lead to users creating predictable password patterns.   The use of ASCII and Unicode characters is now encouraged, allowing for more diverse and random password options.   Password entropy (randomness) is more important than password complexity, as modern computing power can quickly crack simple but complex-looking passwords.   For mission-critical systems, organizations may still choose to implement more rigorous password policies, even if they deviate from the NIST recommendations.   The industry is exploring new hashing methods and technologies, such as passkeys, to address the challenges posed by GPU-based brute-force attacks.  Timestamps:  (07:40) Credential Service Provider (CSP) Requirements and Recommendations   (10:02) Removing Password Composition Rules   (14:21) Ending Periodic Password Changes   (19:48) The Importance of Password Entropy and Length   (28:30) Phasing Out Knowledge-Based Authentication   (30:30) The Impact of Password Length on Cracking Time  Episode Resources:  NIST Publication 800-63B -- To enhance your organization's security posture, consider implementing Hornetsecurity's Advanced Threat Protection. This solution provides AI-powered defense against sophisticated attacks, ensuring your emails and data remain secure. By adopting best practices in password management and utilizing advanced security features, you can significantly reduce the risk of breaches. Protect your business today and stay one step ahead of cyber threats. Learn more about Advanced Threat Protection here. 

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  Spear phishing attacks have evolved from obvious wire transfer requests to more subtle techniques like initial contact fraud, where threat actors establish a relationship to build credibility.  Tax fraud and W-2 phishing remain prevalent, especially around tax season, as attackers try to obtain personal information like Social Security numbers.  C-suite fraud, where attackers impersonate executives, continues to be a major threat, highlighting the importance of robust processes to verify requests.  Lawyer fraud, targeting enterprises more than smaller businesses, leverages the credibility of legal communications to extort money or gather information.  Gift card fraud has emerged as the top spear phishing attack across enterprises and smaller businesses, as it is less likely to raise red flags than larger financial transactions.  Adaptability and creativity of threat actors are key factors, as they continuously evolve their techniques to bypass security measures and user awareness.  Timestamps:  (03:26) Discussion on initial contact fraud  (07:12) Exploration of tax fraud and W-2 phishing  (13:35) Examination of C-suite fraud and the importance of processes  (19:25) Lawyer Fraud and Enterprise vs. SMB Differences  (23:47) Banking Fraud and Processes   (26:39) Gift Card Fraud  Episode Resources:  Security Lab LinkedIn Group What is a Spear Phishing attack? The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks.

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Eric Siron provide a comprehensive monthly threat review. They cover several major cybersecurity incidents and trends from the past month, including:  The massive data breach at data broker National Public Data exposed over 2.9 billion personal information records. They discuss the risks of this breach, such as increased targeted phishing and social engineering attacks.  A joint government agency warning about the Ransom Hub ransomware has impacted over 200 victims since February 2022, including critical infrastructure and high-profile organizations.  A case study of an IT administrator who held his employer's systems for ransom by deploying logic bombs, highlighting the risks of insider threats even within trusted IT teams.  They also touch on the topics of vendor risk management and the history of election tampering and provide recommendations for organizations to mitigate these threats. In conclusion, EP62 provides valuable insights into the ever-changing cybersecurity landscape and offers practical advice for security professionals. -- Secure your organization against the evolving threat landscape! Discover how Hornetsecurity's Advanced Threat Protection, Security Awareness Service, and 365 Total Protection can safeguard your business from data breaches, insider threats, and more. Learn more and protect your organization today! -- Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  The National Public Data breach exposed a vast amount of personal information, including names, email addresses, phone numbers, Social Security numbers, and more. This creates risks of more targeted phishing and social engineering attacks.  The continued use of easily abused identification methods like Social Security numbers underscores the urgent need to explore more secure alternatives, such as cryptographic key pairs. This is crucial in reducing the risks of identity theft.  Insider threats from trusted IT staff members can pose a significant risk, as evidenced by the case of an IT admin holding their employer's systems for ransom. Implementing practices like just-in-time administration and least-privilege access is crucial to mitigate these potentially devastating threats.  Overreliance on cloud-based services and a single vendor for critical business functions can lead to vendor risk and single points of failure.  Election security remains a significant concern, with the threat of interference and disinformation campaigns continuing. Ensuring robust cybersecurity measures at the state and local levels is crucial for protecting the integrity of elections.  Timestamps:  (03:17) The National Public Data Breach  (12:21) The Issues with Social Security Numbers  (18:02) The Danger of Insider Threats  (27:10) The Risks of Vendor Dependence  (34:12) Recommendations for Protecting Against Threats  Episode Resources:  Security Lab LinkedIn Group - Security Lab LinkedIn Group  September Monthly Threat Report - In-depth analyses from Hornetsecurity’s Security Lab  Joint Government Agency Announcement on RansomHub - #StopRansomware: RansomHub Ransomware | CISA  Security Swarm Passkeys Episode - Passkeys in Microsoft Entra: Benefits, Implementation Tips & More (hornetsecurity.com)  Security Swarm Election Tampering Episode - How Threat Actors Tamper with Elections (hornetsecurity.com) 

In this episode of the Security Swarm Podcast, host Andy Syrewicze and our regular guest, Paul Schnackenburg, provide a comprehensive overview of the Microsoft Defender ecosystem. They cover the various Defender products, including:  Defender for Endpoint - Microsoft's enterprise endpoint security solution with different licensing tiers  Defender for Identity - Cloud-based threat detection for on-premises Active Directory  Defender Vulnerability Management - Inventory and risk assessment of software on endpoints  Defender for IoT - Security for Internet of Things and operational technology environments  Defender for Cloud - Cloud security for Azure, AWS, and GCP resources  And Others!  They also discuss the "Defender adjacent" services like Microsoft Entra (identity), Microsoft Purview (data security/governance), and Microsoft Defender for Cloud Apps (CASB).  A key focus of the discussion is the complexity and management challenges that come with this expansive Defender suite. The host and the guest note the large number of different management portals, the difficulty of adequately configuring and leveraging all the features, and the need for dedicated security teams to utilize these enterprise-grade tools fully.   Further down the line, Andy and Paul explore the significant value that third-party security solutions can provide in augmenting or simplifying the M365 security experience. They highlight how third-party tools can offer easier deployment, management, and specialized capabilities that may be outside the core focus of the broader Defender ecosystem, thereby enhancing the overall security posture of an organization.   Overall, this episode takes a deep dive into the Microsoft Defender landscape, exploring the pros and cons of the comprehensive suite and offering insights on how organizations can optimize their security with a mix of Microsoft and third-party solutions.  CTA: Overwhelmed by the complexity of the Microsoft Defender ecosystem? Simplify your Microsoft 365 security, risk management, governance, compliance, and backup with 365 Total Protection by Hornetsecurity.  Key Takeaways:  The Microsoft Defender ecosystem has grown significantly beyond the basic antivirus/anti-malware solution, now encompassing a wide range of security products and services across endpoints, cloud, identity, and more.  Navigating the Defender suite can be challenging due to the sheer number of products, overlapping features, and disparate management portals, especially for smaller organizations without dedicated security teams.  Licensing for Defender products can be complex, with different SKUs (P1, P2, Business Premium, E3, E5) offering varying levels of functionality and requiring careful evaluation to ensure the right fit.  Third-party security solutions can provide value by offering simplified management, enhanced detection capabilities, and avoiding over-dependence on a single vendor (Microsoft) for an organization's security needs.  Proper configuration and ongoing optimization of Defender tools is difficult and time consuming, leaving the full potential of the suite to enterprises with dedicated security teams.  Microsoft Defender XDR (Extended Detection and Response) aims to integrate Defender products into a more cohesive security platform. Still, it requires significant resources and expertise to implement effectively.  Timestamps:  (02:00) Overview of the Microsoft Defender ecosystem  (07:00) Differences between Microsoft Defender for Endpoint P1, P2, and Business Premium  (13:00) Explanation of Microsoft Defender for Identity and its on-premises vs cloud components  (19:00) Discussion of Microsoft Defender Vulnerability Management and its challenges for small/medium businesses  (32:00) Value that third-party security solutions can provide compared to the Microsoft Defender suite  Episode Resources:  Security Swarm Episode on M365 Security Licensing

In this episode of the Security Swarm Podcast, host Andy and his guest Michael Posey discuss the email authentication protocols of SPF, DKIM, and DMARC. They explain what these protocols are, how they work, and why they are important for protecting against email spoofing and impersonation attacks.  Michael shares his insights from working with MSPs and the channel, noting that while these protocols are not overly complex, they are often overlooked or misunderstood by IT professionals. The hosts dive into the specifics of each protocol - SPF defines which mail servers are allowed to send email for a domain, DKIM adds a cryptographic signature to validate the message's origin and integrity, and DMARC ties the two together to specify how receivers should handle authentication failures.  The discussion covers the benefits of these protocols in improving email security and reputation, as well as the importance of adopting them industry-wide to reduce impersonation tactics used by threat actors. The hosts also touch on the history of cryptography and the need to layer security controls rather than relying on any single solution. Overall, this episode provides a comprehensive overview of these essential email authentication standards.  Key Takeaways:  SPF allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. This helps prevent domain spoofing. DKIM Uses cryptographic digital signatures to verify that an email message was sent by the owner of a given domain and has not been tampered with in transit. This adds an extra layer of authentication.  DMARC Brings SPF and DKIM together, allowing domain owners to specify how the receiving mail server should handle messages that fail authentication checks (e.g. quarantine, reject). This provides a standardized policy for handling unauthenticated emails.  The adoption of these email authentication protocols is increasing, with SPF now used by over 90% of domains. As more organizations implement these standards, it becomes harder for threat actors to successfully impersonate domains through email.  While these protocols are valuable tools, they should not be relied upon as the sole security measure. They are one layer in a comprehensive email security strategy that also includes user education, spam filtering, and other security controls.  Timestamps:  (05:50) SPF (Sender Policy Framework)  (11:23) DKIM (DomainKeys Identified Mail)  (16:11) How DMARC brings SPF and DKIM together  (21:32) Key Protocols for Security and Compliance  (24:11) Defense in Depth  Episode Resources:  DMARC Pro Tips What is SPF?  What is DKIM?

In this episode of the Security Swarm Podcast, host Andy and his regular guest, Eric, talk about the worst workplace security practices they've seen. From weak password policies to unsecured devices and poor data management, they share real-life stories and insights that will make you cringe - and hopefully inspire you to tighten up your organization's security posture. They also discuss the importance of employee security training, the challenges of software patching, and the dangers of "security by personality" - when people make decisions based on gut feelings rather than data. It's a candid, sometimes humorous look at the security nightmares that keep IT pros up at night. Whether you're an infosec professional or just someone who wants to keep your company's data safe, this episode is packed with valuable lessons. Grab a pen and paper - you'll want to take notes on what not to do when it comes to workplace cybersecurity. Key Takeaways: Weak password policies can lead to poor password hygiene, like using predictable patterns or writing down passwords. However, the risk profile should be considered - what may be a security risk for one organization may not be for another. Effective employee security training is crucial, but it needs to be the right amount - too little leaves employees vulnerable, while too much can lead to disengagement. Training should cover both technical security concepts and social engineering awareness. Unsecured devices, especially mobile ones, can create significant security risks through shadow IT and data exposure. Proper device management policies and user education are needed to mitigate these threats. While ignoring software updates is a common security pitfall, the underlying issue is often that patching infrastructure and processes are not well-developed. Vendors need to improve the tools and experience around keeping systems up-to-date. Timestamps: (00:00) Welcome to the Security Swarm Podcast (03:19) Exploring Weak Password Policies (11:26) The Importance of Employee Security Training (19:16) Unsecured Devices: A Dangerous Vulnerability (27:34) Mismanaging Data: Risky Business (37:40) The Perils of Ignoring Software Updates (45:30) Security Decisions Driven by Personality, Not Data Episode Resources: Password Verifiers Security Risks of Always on Remote Access GM shared our driving data with insurers without consent, lawsuit claims

In this episode of the Security Swarm Podcast, host Andy is joined by Umut Alemdar, Head of Security Lab at Hornetsecurity, to explore the escalating threat of election interference by cyber threat actors across the globe. They talk about motivations driving these actors and the various tactics used to infiltrate political parties, target election equipment, and spread misinformation, including the use of deepfakes.   The episode also revisits significant cases of election meddling, from the 2015 German Bundestag hack to the 2020 Iranian hack of U.S. city election websites, highlighting the ongoing risks. Andy and Umut conclude with strategies to combat these threats, emphasizing the importance of policy changes, enhanced public communication, and rigorous cybersecurity training for election officials.  Key Takeaways:  Threat actors use various tactics to meddle in elections, including infiltrating political parties, targeting election equipment, and spreading misinformation/disinformation to sow chaos and mistrust in the democratic process. These attacks have led to significant data breaches, leaks of sensitive information, and an erosion of public trust in the integrity of elections.  Timestamps:  (01:00) Introduction and Categorizing Threat Actors  (08:00) Infiltrating Political Parties and Targeting Election Equipment  (09:44) Consequences of Spreading Misinformation   (14:00) Past Attacks: Germany, France, and Ukraine  (21:32) US-Based Attacks: 2016 Presidential Election and Breaching City Websites    (28:30) What Can Be Done? Policies, Communication, and Monitoring  Episode Resources:  EU Sanctions Russian Hackers for German Bundestag Hack  Webinar containing deep fake materials   Washington Post Article about Local Election Website Hacks 

In today’s episode of the Security Swarm Podcast, Andy and Eric Siron discuss the Monthly Threat Report of August 2024. They cover the aftermath of the CrowdStrike incident, Microsoft's proposed enhancements to improve the security of their ecosystem, as well as the discovery of a vulnerability in AMD processors that could allow persistent malware.  Additionally, they discuss the emergence of new AI jailbreak attacks, which can bypass content restrictions and generate harmful outputs and a VMware ESXi vulnerability that could allow attackers to gain access to virtual machines.  Key Takeaways:  The CrowdStrike incident highlights the need for rigorous software testing. Microsoft is moving forward with some changes and guidance on kernel access as a direct response to the CrowdStrike incident. Researchers have discovered a vulnerability in AMD processors that could allow threat actors to embed persistent malware, underscoring the ongoing battle against advanced threats. The Olympic Games have been the target of dozens of foiled cyberattacks, demonstrating the high-stakes nature of nation-state cyber conflicts. There is a new critical vulnerability in the VMware ESXi Hypervisor that allows authentication bypass. Broadcom has released a patch  Timestamps:  (01:00) CrowdStrike Incident and Lessons Learned   (04:14) Importance of Proper Software Testing and Development Processes  (7:21) Potential Consequences of Rushed Software Updates   (28:18) AI Jailbreak Attacks and Generative AI Risks   (33:43) VMware ESXi Vulnerability and Potential Ransomware Implications   (37:53) Bumblebee Loader and the Threat of Rapid Active Directory Compromise   (39:41) HealthEquity Data Breach and the Normalization of PII Breaches   (40:17) Anonymous Sudan and Their Disruptive DDOS Attacks  (41:54) Cyber Attacks on the Olympic Games and the Role of Nation-State Actors   Episode Resources: Full Monthly Threat Report Podcast episode on Anonymous Sudan AMD CPU Vulnerability Info Webinar where Andy covers the ways threat actors use Generative AI  VMware ESXi Authentication Bypass Exploit Security Swarm Podcast re: threat actor attacks on the Olympic Games

This episode of the Security Swarm podcast features guest Eric Siron, a Microsoft MVP in cloud and data center management. Eric works primarily with healthcare organizations and small-to-medium businesses, helping them navigate security and IT challenges. The episode focuses on the important topic of vetting and selecting third-party software vendors.   Andy and Eric discuss the recent CrowdStrike incident that caused major disruptions for many businesses. They use this as a case study to explore best practices for evaluating vendors, including assessing their security track record, testing their solutions thoroughly, understanding their update and patch management processes, and having contingency plans in place in case of vendor failures.  Key takeaways:  Thoroughly vet third-party vendors before choosing them, looking at factors like their security track record, update/patch processes, and internal testing procedures.  When evaluating vendors, focus not just on features and capabilities, but also on their stability as a company, their customer base, and their ability to handle issues and outages.   Develop contingency plans and mitigation strategies for when a critical third-party vendor experiences issues or outages.   Assume that failures will happen, and be prepared for them.   Timestamps:  (02:20) - CrowdStrike Incident  (04:17) - Vetting Third-Party Vendors  (11:42) - Compliance and Industry-Specific Considerations  (13:46) - Detailed Testing of Solutions  (19:26) - Common Problems with Third-Party Vendors  (22:40) - The CrowdStrike Incident and Vendor Processes  (29:10) - Mitigation Strategies 

Romain Basset is back for another podcast episode. Today, Andy and Romain discuss the notorious threat actor group, Anonymous Sudan. They explore who this group is, their affiliations, motivations, and the tactics, techniques, and procedures (TTPs) they employ.   The discussion includes an overview of various types of threat actor groups, situating Anonymous Sudan within this landscape, and providing a detailed background on the group's emergence, targets, and the significant impact of their attacks.  Key Takeaways:  Anonymous Sudan is a threat actor group that sits between being an activist group and a state-sponsored cyber-criminal group.    The group is known for highly disruptive and visible DDoS attacks, often targeting large organizations and infrastructure like Microsoft's Azure, OneDrive, and Outlook.com.  Anonymous Sudan utilizes a variety of DDoS techniques and tools, including HTTP floods, SYN floods, UDP floods, and ICMP floods, often coordinating with other botnets to amplify the impact. Anonymous Sudan's tactics appear focused on disruption and visibility, aiming to make a public impact and spread their political/religious messaging.    Timestamps:  (02:43) - Categories of Threat Actor Groups  (05:44) - Ties Between Anonymous Sudan and Russia  (10:59) - Tools Used by Anonymous Sudan  (15:47) - Techniques and Procedures of Anonymous Sudan  (24:08) - Typical DDoS Attack Procedure  Episode Resources:  Next-gen Microsoft Security and Compliance Management to meet your Requirements  

In this episode, host Andy is joined by Paul to provide a comprehensive overview of confidential computing - what it is, why it's important, and how it's being implemented in cloud platforms like Microsoft Azure.   Key Takeaways:  Confidential computing aims to protect data while it is being processed by the CPU or stored in memory, supplementing traditional protections like encryption of data at rest and in transit. Confidential computing can enable use cases like confidential AI model training, secure multi-party data sharing, protecting sensitive data in cloud VMs, and securing blockchain/distributed ledger systems. Establishing a root of trust from the hardware up through the software stack is critical for confidential computing.    Timestamps:  (03:00) The Need for Confidential Computing  (06:28) How Confidential Computing Works  (14:38) Trusted Execution Environments and Trusted Computing Base   (21:47) Confidential Computing in Azure and Beyond   (27:58) Confidential Computing in Apple's AI   Episode Resources: The Confidential Computing Consortium NVIDA Confidential Computing Apple's Article Watch: BlueHat IL 2024 - Ben Hania, Yair Netzer - Compromising confidential VMs and then fixing it

In this episode, Andy sits down once again with Paul to continue their conversation about Microsoft’s struggles with security. The episode focuses on a recent report from ProPublica about a Microsoft whistleblower named Andrew Harris. The report alleges that Microsoft was aware of a serious vulnerability in its on-premises Active Directory Federation Services (ADFS) software that could have enabled the SolarWinds supply chain attack, but chose not to fix it or disclose it to customers.  Andy and Paul discuss how Microsoft's focus on new features and cloud growth over security, as well as the desire to win lucrative government contracts, may have contributed to this decision. They also touch on the challenges faced by Microsoft's security response team and the broader issue of security being seen as a cost center rather than a profit driver.    Key Takeaways:  Microsoft ignored a serious ADFS vulnerability that could have enabled widespread attacks. Security is often viewed as a cost center at Microsoft, rather than a profit driver. This mindset led to the ADFS vulnerability being ignored, as fixing it was not seen as a priority compared to delivering new features and products. Microsoft was criticized for not being transparent about the ADFS vulnerability and not giving customers the option to implement mitigations, even if it meant sacrificing some functionality. The ADFS incident is symptomatic of broader security culture problems at Microsoft, where security is not always prioritized, and technical debt or legacy systems are not adequately addressed.  Timestamps:  (02:22) - Explaining the Whistleblower's Allegations and the SolarWinds Attack  (07:32) - Vulnerability in ADFS and Microsoft's "Security Boundaries" Argument  (13:06) - Why Was the Issue Swept Under the Rug?  (19:16) - The Challenges Faced by the Microsoft Security Response Center (MSRC)  (26:24) - Satya Nadella's Comments on Prioritizing Security over New Features  (27:38) - The Controversy Around the "Recall" Feature in Windows 11  Episode Resources:  ProPublica Article

In this episode of the Security Swarm podcast, host Andy is joined by Romain Basset from Hornetsecurity to discuss the cybersecurity implications of the upcoming 2024 Olympic Games in Paris, France. The conversation explores how the geopolitical landscape, with ongoing global tensions and conflicts, creates a high-profile stage that threat actors may target for hacktivism, financial gain, or destabilization.  Throughout the episode, they highlight the increased risks leading up to the 2024 Games, noting that French infrastructure has already been targeted by various threat actor groups, including DDoS attacks. They discuss the blurring lines between cybercrime and geopolitical threats, with many threat actors now engaging in both financially and politically motivated attacks.  Key takeaways:  The Olympics are a prime target for cyber-attacks due to the global attention and geopolitical tensions surrounding the event. Past Olympic games have seen a variety of cyber-attacks, including distributed denial-of-service (DDoS) attacks, malware, and false flag operations to mislead attribution.  Cyber-attacks targeting the Olympics can have far-reaching consequences, including international chaos, disinformation campaigns, and real-world impacts on businesses and infrastructure.   While the threat landscape is complex, the best defense is to focus on cybersecurity basics like user training, multi-factor authentication, and regular backups - rather than getting distracted by the latest "shiny object" threat.   Timestamps:  (01:15) - Why Cybersecurity is Important for the Olympics   (02:25) - Geopolitical Tensions and Threat Actors   (04:31) - Potential Cyber Attacks - Scams, Extortion, Disinformation   (06:50) - The 2018 Pyeongchang Olympics Cyber Attack   (12:48) - False Flags and Attribution Challenges   (16:05) - Overlap Between Cybercrime and Geopolitical Destabilization   (19:13) - Real-World Impacts of Geopolitical Cyber Tensions   (23:08) - Cybersecurity Best Practices and Advice  Episode Resources: Read our blog about Russia’s notorious history of attacking the Olympics Protect your business before it’s too late with 365 Total Protection Train your users to spot phishing emails during the Olympics with Security Awareness Service

For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed.  This is part 2 of a 2-part episode. 

For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they’re still relevant, how they’ve changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed.  This is part 1 of a 2-part episode, with part 2 coming next week.  Key Takeaways: AI-powered tools are a double-edged sword, capable of both beneficial and malicious applications.  Botnets and malware continue to be a persistent threat, as attackers adapt and find new ways to circumvent disruptions.  Email-based social engineering remains a significant vulnerability, as human nature makes it a difficult problem to solve.  Immutability and backups are critical for protecting against ransomware and data loss.  Securing cloud-based platforms like Microsoft 365 requires a nuanced approach, as the responsibility is shared between the provider and the customer.  Security awareness training can be challenging to implement effectively, requiring a balance between engagement and cost.  Navigating the relationship between IT administrators and CISOs is crucial for effective security management.  Timestamps: (00:31) Using ChatGPT to create ransomware - still a relevant and evolving topic  (02:22) How tech pros should handle security news and zero-days  (09:09) The re-emergence of Emotet and the challenges of disrupting botnets  (12:04) The persistent problem of social engineering and email attacks  (13:25) The importance of immutability and backups against ransomware  (16:29) The security of Microsoft 365  (19:35) Deep dive on the QuickBot malware  (20:20) The necessity of advanced threat protection (ATP)  (22:58) Guidance on effective security awareness training  (25:41) Tips for IT admins on working with CISOs  (26:07) Microsoft's throttling of legacy on-premises Exchange servers  (28:11) Discussing Episodes 12 and 13, recorded live at InfoSecurity Europe, on compliance and security horror stories   

In this episode of the Security Swarm Podcast, host Andy is joined by Romain Basset, the Director of Technology Strategy at Hornetsecurity. They’re exploring the topic of Open-Source Intelligence (OSINT) - what it is, how threat actors use it to launch effective attacks, and the dangers it poses.   Throughout the episode, they discuss the ease with which OSINT can gather information using AI and other tools and provide examples of how it can be used in phishing, business email compromise, and even deep fake attacks. The conversation also touches on the importance of privacy awareness and security awareness training to mitigate these threats.  Key Takeaways:  OSINT refers to publicly available information that threat actors can easily gather to launch targeted attacks. This includes social media profiles, online forums, data breach databases, and more.    Threat actors are using OSINT to not only target individuals, but also find vulnerabilities in organizations' web-facing software and infrastructure.    Combating OSINT-powered attacks requires a multi-pronged approach of improving privacy awareness and implementing robust security awareness training programs.  Timestamps:  (02:24) - Definition of OSINT  (07:17) - How AI makes OSINT-powered attacks easier  (15:22) - Using OSINT to target organizations  (25:35) - Mitigating OSINT-powered attacks  Episode Resources: Train your users with a personalised Security Awareness Service Business Email Compromise: The $43 Billion Scam  

In this episode of the Security Swarm Podcast, host Andy and recurring guest, Paul, talk about the challenges and opportunities organizations face amidst the Broadcom acquisition of VMware. They discuss the steep price hikes for VMware licenses and the security vulnerabilities recently discovered in VMware products.   This acquisition has prompted many businesses to consider alternative solutions, and the episode provides a comprehensive overview of the available options within the Microsoft ecosystem. They cover a range of migration strategies, including moving to the Microsoft ecosystem through Azure, Azure Stack HCI, and on-premises Hyper-V solutions.  Andy and Paul offer valuable insights into ensuring a secure and seamless transition away from VMware, making this episode essential listening for IT professionals navigating these significant changes.  Key takeaways: Broadcom's Acquisition of VMware is Causing Major Disruption due to massive license cost increases of 300-500% for many organizations.  Microsoft Hyper-V is a Viable Alternative to VMware. It offers a mature, enterprise-ready hypervisor that can be a cost-effective replacement for VMware.  Azure Stack HCI Provides an On-Premises VMware Alternative. It provides a hyperconverged infrastructure solution with Hyper-V at the core, along with integration to Azure services for management and modernization.  Security pitfalls can arise when organizations rush to migrate away from VMware due to the Broadcom situation. Proper planning, understanding the security posture of the new platform, and ensuring critical configurations like backup are in place are essential to mitigate risks.  Timestamps: (02:51) - Vulnerabilities in VMware  (07:30) - Migrating to the Microsoft Ecosystem  (13:38) - On-Premises Microsoft Options  (38:45) - Security Considerations for Migrations  (44:52) - Pragmatic Approach to Platform Selection  Episode Resources: Microsoft and Broadcom to Support License Portability  Paul’s article on options for migrating from VMware to Microsoft  VMware Sandbox Escape Bugs 

In this episode of the Security Swarm Podcast, host Andy and recurring guest Eric Siron discuss the Monthly Threat Review for June 2024.  They explore a new threat campaign distributing the Darkgate Malware using a technique called pastejacking. Additionally, they touch upon the 911 S5 Proxy Botnet takedown and how threat actors are exploiting Stack Overflow to distribute malware.   Key takeaways:  Awareness of common tactics like pacejacking can help prevent falling victim to malware campaigns.  Read the details of the Darkgate attack methods we show in the report and adjust your security posture as needed. If you’re in need of powerful, next-gen email security software, we’ve got you covered.  If your organization is leveraging software from any online, public repository, take the time to review that repository and do a risk assessment. Threat-actors are increasingly using public software repos for malicious purposes.  Timestamps:  (03:15) - Insights into Email Threat Trends and Industry Targeting in Cybersecurity Landscape (13:15) - Unveiling New Cybersecurity Threat Campaign using  Pastejacking (23:31) - Massive Botnet Take Down and Arrest of Operator: A Victory Against Cybercrime (29:29) - Beware of Malicious Packages: A Cautionary Case Study from Stack Overflow  Episode Resources:  Full Monthly Threat Report Enhance Security Awareness by Training Employees

In this podcast episode, Andy and Paul discuss the upcoming release of Windows Server 2025 and the myriad security enhancements it will bring. They delve into various topics such as improvements to Active Directory, delegated managed service accounts, Kerberos protocol enhancements, SMB enhancements, hot patching, REFS file system for confidential computing, and extended security updates.   Key takeaways:  Windows Server 2025 brings a host of security enhancements.  The release date of Windows Server 2025 is speculated to be in September 2024, coinciding with the release of System Center 2025.  Timestamps:  (07:05) - Enhancements in Active Directory Security and Numa Support: A Deep Dive (13:19) - Revolutionizing Service Accounts: Delegated Managed Service Accounts Explained  (20:28) - Revamping Windows Server Security: Say Goodbye to NTLM and Hello to Kerberos  (28:15) - Revolutionizing SMB with Quick Protocol and Hot Patching in Windows Server 2025  (32:34) - Revolutionizing Patching with Hot Patching in Windows Server and Azure  (36:02) - Revolutionizing Data Protection with Resilient File System and Confidential Computing  (39:34) - Exploring Confidential Compute, Server Upgrades, and Extended Security Updates in Windows Server Environment  (42:37) - Windows Server 2025 Release Date Speculations and Future Episode Teasers  Episode Resources:  What’s new in Windows Server 2025 from MS Learn

In this episode of the Security Swarm Podcast, our host Andy and guest speaker Jan Bakker discuss passkeys in the Microsoft ecosystem. They cover topics such as the definition of passkeys, prerequisites, tips for implementation, and the user experience. They also highlight the user-centric enrollment process, the role of conditional access, and the potential challenges and advantages of transitioning to passkeys.  Key takeaways:  Passkeys are a new authentication mechanism using the FIDO2 standard, providing a secure and user-friendly passwordless experience.  Device-bound passkeys are more secure but not transferable between devices, while syncable passkeys offer convenience but may introduce potential security risks.  Passkeys enhance security by being phishing-resistant and replacing traditional passwords and MFA methods.  The enrollment process involves using the Microsoft Authenticator app and ensuring prerequisites like device compatibility and Bluetooth connectivity.  Admins can enforce authentication method policies and conditional access to control user access and enhance security.  User education, interface improvements, and conditional access play crucial roles in a successful transition to passkeys.    Timestamps:  (03:04) - Unlocking the Future of Passkeys and the Evolution of Authentication  (06:18) - Exploring the Security Benefits of Device Bound and Syncable Passkeys  (14:54) - How to Prepare for Passkeys in Microsoft 365  (23:03) - Navigating the Rollout of Passkeys for Enhanced Security: Admins vs End Users  (29:03) - Maximizing Security with Passkeys, Conditional Access, and Authentication Policies  (33:01) - Unveiling the Convenience of Device-Bound Passkeys in Vasquez for Microsoft 365    Episode Resources:  Previous episode on Passkeys Blog post of Jan  

Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB's Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements.   The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft’s proactive stance on security?  Key takeaways:  Microsoft is taking proactive steps to address security vulnerabilities and enhance its security measures following recent incidents.  The focus on protecting identities, enforcing multi-factor authentication, and improving network segmentation are crucial for bolstering security.  Efforts to align security actions with recommendations from the CSRB demonstrate a commitment to addressing criticisms directly.  Timestamps: (06:52)  Key Insights from Charlie Bell’s Blog Post Addressing Cyber Security Concerns (11:22)  Enhancing Security Measures in Response to the CSRB’s Report (21:22) Top Security Practices for Protecting Tenants and Production Systems (24:46)  Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection (30:44)  Challenges and Considerations in Cloud Security Logging and Storage (34:37)  Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting (37:37)  Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments (42:34) Analyzing Microsoft's Response to a Security Incident Episode Resources: The Blog Post from Charlie Bell EP39: Are Passkeys the Future of Authentication? Subcribe to our new YouTube Channel for more

In this week's episode, Andy and guest Eric Siron discuss the cybersecurity landscape based on data from the Monthly Threat Report for May 2024. They cover a range of news items, including Microsoft's recent announcement to expand the Secure Future Initiative, the new PSTI (Product Security and Telecommunications Infrastructure) Act in the UK and a significant brand impersonation campaign targeting the German financial entity Commerzbank. Additionally, they provide updates on the Change Healthcare ransomware attack.  Key takeaways:  Microsoft’s acknowledgement of security issues is crucial for building customer trust.  The PSTI Act in the UK sets standards for consumer device security and compliance.  Payment of ransoms in ransomware attacks needs to be carefully evaluated.  Data breaches in healthcare can have widespread and long-term consequences for patients and organizations.    Timestamps:  (04:02)  Insights from the Latest Monthly Threat Report: Decrease in Email Threats, Top Targeted Industries, and Impersonated Brands (14:02)  Breaking Bad Habits: QR Codes, OAuth, and User Training (15:18) Microsoft's Security Issues and Response to CSRB’s Criticism: Committed to Improve Security (25:23)  New UK Law Mandates Security Standards for Consumer IoT Devices (34:02) Impact of Ransomware Attack on Change Healthcare and the Dilemma of Paying Ransom    Episode Resources: Full Monthly Threat Report May 2024 Sharpen your Instincts with Security Awareness Training  

Today’s episode of the Security Swarm Podcast is a continuation from last week’s episode where Andy and Paul discussed the CSRB’s findings on Microsoft’s Storm-0558 Breach. In their discussion, they continue picking apart the findings and providing their insights.  Episode Resources: Cyber Safety Review Board Report 

In this episode of The Security Swarm Podcast, Andy and Paul discuss the Cyber Safety Review Board's findings of the Microsoft Storm-0558 breach. During the episode, they talk about the implications of the breach and explore Microsoft’s security culture, stressing the need to prioritize robust security measures over rapid feature developments.  Key Takeaways:  Microsoft's security culture requires a significant overhaul to address existing vulnerabilities and prevent future breaches.  Transparency and accurate risk assessments are crucial in understanding and mitigating security threats in cloud environments.  Prioritizing security over rapid feature development is essential to prevent security risks and enhance overall product integrity.  Standardized audit logging practices should be a fundamental offering in cloud services to enable effective intrusion detection and investigation.  Timestamps:  (10:07) - Microsoft's Security Culture: Past, Present, and Future (15:45) - Uncovering Lack of Transparency and Accountability in Major Cloud Vendors (20:09) - Microsoft's Security Standards: A Critical Assessment and Call for Action (28:53) - A Discussion on Cloud Audit Logging  Episode Resources:  Cyber Safety Review Board Report - https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf  Microsoft Trustworty Computing Memo - https://news.microsoft.com/2012/01/11/memo-from-bill-gates/   

In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity’s Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.   In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board's (CSRB) report assessment of the Storm-0558 attack, the FTC’s reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions.  Key takeaways:  The cybersecurity landscape is evolving rapidly with a variety of threats, from supply chain attacks to impersonation scams.  Transparency and security diligence are crucial in preventing and mitigating cyber threats.  End-user training and awareness play a significant role in enhancing overall cybersecurity posture.  Timestamps:  (05:26) - Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) - The Importance of Email Security and Supply Chain Attacks in Today's Cyber Landscape (18:12) - Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) - FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) - Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) - Insights on Cybersecurity Issues and Mitigations  Episode Resources:  The Full Monthly Threat Report for April 2024 Fully automated Security Awareness Training Demo 

In this episode of The Security Swarm Podcast, host Andy Syrewicze is joined by Matt Lee from Pax8 to discuss the risks associated with deploying always on remote access software on managed endpoints.   The conversation spans various topics, including Matt Lee's extensive background in the MSP space, where he shares insights gained from his experience with a mass ransomware event. Together, they explore the risks and implications of constant remote access, emphasizing the need for organizations to adopt a more proactive stance toward cybersecurity.   Key takeaways:  Embrace the journey of continuous improvement in cybersecurity practices, focusing on being reasonable and defensible rather than striving for perfection.  Follow established cybersecurity controls and be willing to adapt and improve security measures over time.  Consider the risks associated with constant remote access and prioritize security measures that reduce exposure to threats.  Take small steps towards improving cybersecurity practices and be open to learning from past failures to enhance security protocols.  Timestamps:  (11:08) - Navigating Remote Access in Highly Regulated Managed Service Provider (MSP) Environments  (14:02) - Maximizing Security with Just in Time, Just Enough Access  (17:41) – The ConnectWise ScreenConnect Vulnerability and the Importance of Communication  (26:32) – The Need for Maturity in the Cybersecurity Space  (31:10) – Don't Let Perfect be the Enemy of Good  Episode Resources:  Matt Lee  Hornetsecurity  

We're thrilled to have Jan Bakker, a seasoned Cloud Consultant with over 10 years of IT experience, joining us from the Netherlands. In this episode, Andy and Jan explore the revolutionary concept of passkeys, a technology that aims to replace traditional passwords and enhance security by providing phishing resistance. The conversation delves into the significance of passkeys and their value in improving user experience and security measures. The guys even discuss what is currently known publicly about passkeys in M365.  Key takeaways  Passkeys offer a more secure and user-friendly alternative to traditional passwords by eliminating the need for storing secrets on the server side.  Public key cryptography forms the foundation of passkeys, ensuring strong authentication without the risk of password breaches.  Passkeys provide phishing resistance and streamline the authentication process for end users, reducing the reliance on complex passwords and additional MFA steps.  While passkeys offer significant security benefits, they are not a standalone solution and should be complemented with other security measures such as phishing prevention and identity protection strategies.  Timestamps:  (00:13) - Unveiling the Power of Pass Keys in Cybersecurity with Jan Bucker  (03:47) - The Rise of MFA Bypass Kits and Adversary in the Middle Attacks  (14:55) - Unlocking the Future of Passwordless Authentication with Passkeys  (24:55) - Addressing Persistent Access in Malicious Apps and OAuth: A Call for Improved Security Practices  (29:59) - Unpacking the Importance of Phishing Resistance and Token Security in Cybersecurity  (33:01) - Enhancing Security with Passkeys and Onboarding Procedures in Public Services  Episode resources:  Passkeys Directory  Jan Bakker’s website  The Security Swarm Podcast - EP24: The Danger of Malicious OAuth Apps in M365  Start your free trial of M365 Total Protection  

In today's fast-paced world, digital transformation has become a necessity for businesses to stay ahead of the game. With the increasing reliance on digital tools, however, there has been a seemingly corresponding rise in security incidents. Coincidence?   The evolving landscape of IT and technology has brought to the forefront the question of whether the latest tech "innovations" are actually accelerating security threats.   In this episode, Andy and Paul delve deeper into this issue, exploring how businesses can balance their need for technological advancements with maintaining robust security measures to protect against cyber threats.  Timestamps:  (2:54) – Commentary on the Rate of Change in Technology  (13:21) – How has Innovation in Microsoft Cloud Services Contributed?  (23:33) – What is the Cost of Innovation on Security Postures?  Episode Resources: Article from Andy Robbins Listen to episode 34 Listen to episode 22 365 Total Protection Free Trial  

Ever wondered what it takes to break into the exciting world of cybersecurity? Join us in our latest podcast episode as we sit down with Grant Collins, an infrastructure security engineer and cybersecurity career coach. From choosing the right degree to navigating the hiring process, acquiring essential skills, and building a robust professional network, Grant and Andy share their personal experiences and insights.  Throughout the episode, they debate on academic vs practical learning by comparing the merits of pursuing a cybersecurity/IT degree versus gaining real-world experience and self-directed training. They discuss the pros and cons of each approach, offering valuable insights to help you chart your own path in the cybersecurity landscape.  Timestamps:  (5:08) – Why Should You Consider a Career in Cybersecurity?  (11:30) – What Educational Pathways Can I Take to Learn Cybersecurity?  (26:15) – How can I Cultivate Practical Skills in Cybersecurity?  (34:13) – What are Some Tips and Tricks for Landing a Job in Cybersecurity?  Episode Resources: Check out Grant’s YouTube Channel cybersecurity (reddit.com) TryHackMe | Cyber Security Training Hack The Box: Hacking Training For The Best | Individuals & Companies

Security headlines have been buzzing with major security events this month. In this podcast episode, Andy and Eric Siron discuss Hornetsecurity's Monthly Threat Report, analyzing recent security incidents and sharing expert insights.   Tune in for more information on Lockbit's takedown and its reemergence days later, the CVSS 10 vulnerability in ConnectWise Screenconnect, and the Change Healthcare cyber-attack that has practically paralyzed prescription refills and is likely contributing to numerous deaths in the US.  Timestamps:  3:32 – Hornetsecurity Industry Data Review for Feb 1st to March 1st   14:10 – The “takedown” and re-emergence of LockBit  18:33 – CVSS 10 Vulnerability in ConnectWise ScreenConnect  31:11 – Optum/Change Healthcare Ransomware Attack  Episode Resources: Read the full report  Lockbit Takedown Notice ScreenConnect Vulnerability – CVE-2024-1709 Ransomware Attack on Optum / Change Healthcare 365 Total Protection

Join host Andy and special guest Philip Galea, R&D Manager at Hornetsecurity, as they explore insider threats within Microsoft 365. In this episode, the focus is on SharePoint Online and OneDrive for Business, shedding light on the nuances of insider threats and offering valuable insights on safeguarding against them.  Tune in for expert analysis and practical tips on fortifying your defenses and protecting your organization's sensitive data in the evolving landscape of cloud-hosted infrastructures.  Episode Resources: Effortlessly manage Microsoft 365 permissions 

During last week’s episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we're delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft's corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls.   Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response.   Timestamps:  (2:00) – What does the attack chain for this breach look like?  (7:11) – Timeline of the Attack  (8:53) – Thoughts on Microsoft’s Response  (18:55) – A Definition of an OAuth App and a Service Principal  (27:36) – What do Admins need to do about this?  (33:20) – Does the speed of change and the scale of Cloud Services negatively impact security?  Episode Resources:  Andy and Paul Discuss Malicious OAuth Apps YouTube Video from Andy Robbins BingBang 

The Monthly Threat Report by Hornetsecurity is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. For this episode, Andy is joined by Hornetsecurity’s CTO – Yvonne Bernard, for an in-depth analysis of major security breaches and ransomware attacks that occurred between January and February 2024.  From the Midnight Blizzard attack on Microsoft to a ransomware attack that cost Johnson Controls 27 million USD, our hosts explore what went wrong and provide expert recommendations from the Security Lab at Hornetsecurity on how to protect your business from similar threats.  Timestamps:  (3:20) – Email Threat Trends from January  (6:51) – What were the Most Targeted Industries for January?  (9:52) – What were the most impersonated brands in January?  (12:30) – A Discussion on the Midnight Blizzard attack on Microsoft  (22:38) – The Recent Breach of AnyDesk  (27:15) – $27 Million Cost of Ransomware attack on Johnson Controls  (32:34) – A C-Suite Look at Microsoft 365 Co-Pilot and the Danger of Misconfigured Permissions  Episode Resources: Episode on Malicious OAuth Applications Microsoft post on Midnight Blizzard Attack Detailed Tactics Post from Microsoft on Midnight Blizzard Attack Any Desk Public Announcement Effortlessly manage Microsoft 365 permissions, enforce compliance policies, and monitor violations with 365 Permission Manager Monthly Threat Report - February 2024

The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today's podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it's a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds.  Amidst discussions about Co-Pilot’s unique features and functionalities, many wonder: How does M365 Co-Pilot differ from other LLMs, and what implications does this hold for data security and privacy? Tune in to learn more! Timestamps: (4:16) – How is Co-Pilot different from other Large Language Models?  (11:40) – How are misconfigured permissions a special danger with Co-Pilot?  (16:53) – How do M365 tenant permission get so “misconfigured”?  (21:53) – How can your organization use Co-Pilot safely?  (26:11) – How can you easily right-size your M365 permissions before enabling Co-Pilot?  Episode Resources: Paul’s article on preparing for Co-Pilot Webinar with demo showcasing the theft of M365 credentials Start your free trial of M365 Total Protection Effortlessly manage your Microsoft 365 permissions  

QR Codes are used everywhere in our society, from reading restaurant menus to accessing Wi-Fi networks and authenticating payments. However, as with any technological advancement, there's a flip side. While QR codes are not malicious in their essence, the landscape has shifted in recent years.   Threat actors have evolved their tactics to exploit QR codes in various ways, posing new cybersecurity challenges. In this episode, host Andy teams up with Microsoft Certified Trainer Paul Schnackenburg to discuss the darker side of QR codes and the different ways in which threat actors are deceiving individuals.  Episode Resources: The Danger of Malicious OAuth Apps in M365 Train your users to spot malicious emails with the Security Awareness Services Demo Safeguard your users from malicious QR codes with Advanced Threat Protection  

In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.  Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.  Episode Resources: Episode 17: On-Prem Security vs. Cloud Security Microsoft’s Announcement Regarding the Secure Future Initiative

In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.  Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.   Stay tuned for part 2!  Timestamps:  (2:55) – An Update on the Microsoft Storm-0558 Breach  (8:40) – The Microsoft Secure Future Initiative (SFI)  (12:12) – Comparison with the 2002 Trustworthy Computing Initiative Memo  (17:39) – The Trustworthiness of On-Prem vs. The Cloud  (23:04) – How Does Microsoft Want to Use AI in Security?    Episode Resources: 365TP Compliance & Awareness Free Trial EP17: On-Prem Security vs Cloud Security EP18: Generative AI in Defensive Tools EP22: Can you trust Microsoft with Security?  

We're kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space.  In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group "Homeland Justice" on the Albanian government, and much more!  Episode Resources: Full Monthly Threat Report for January 2024 Annual Cyber Security Report 2024 Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Our final episode for 2023 is here! To wrap up the year, Andy and Umut Alemdar will be discussing our Monthly Threat Report for December 2023. The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Umut are focusing on data from the month of November.  Tune in to hear about Microsoft’s recent zero-day vulnerabilities, the most common file types used to deliver malicious payloads, M365 brand impersonations and a lot more!  Episode Resources: Full Monthly Threat Report - December 2023 Annual Cyber Security Report 2024 - Free Download

As the year comes to a close, the Security Swarm podcast takes a reflective journey, comparing the landscape of security then and now. In this special episode, Andy and Eric Siron explore the intriguing evolution of cybersecurity from the days of floppy disks and DOS to the complex, interconnected world of today.  Tune in to learn about the significant shifts in security incidents, drawing correlations and highlighting differences. From the era of viruses attempting to one-up each other with floppy disks to the present, where data theft and ransomware dominate the landscape.  Timestamps: (2:56) – What was security like in the early days of IT and how does it compare to now?  (12:18) – Why are threat-actors more persistent now than they used to be?  (23:33) – Security horror stories then vs. now  (44:40) – How has Andy and Eric’s Stances on Security Changed from then vs. now?  Episode Resources: Central African Republic and El Salvador Adopt Cryptocurrency as Legal Tender Download Hornetsecurity’s Annual Cyber Security Report 2024

Remember the days of DNS route-based email security? It's been a steadfast approach, but in recent years, the landscape has shifted towards API-driven solutions, particularly evident in platforms like Microsoft 365 utilizing the Graph API for enhanced security.   In this episode, Umut Alemdar from Hornetsecurity's Security Lab joins Andy once again to discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. Tune in as they compare these two methodologies, weighing the pros and cons, discussing caveats, and navigating the intricacies of email security.   Episode Resources: 365 Total Protection Free Trial

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October.  During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape.   Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike.  Timestamps: (3:07) – What is the general state of email threats during the last month?  (6:31) – What types of files are being used to deliver malicious files?  (9:38) – What industries are being targeted the most throughout the data period?  (14:40) – What are the most impersonated brands during the last month?  (18:52) – An update on the Microsoft Storm-0558 breach  (23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler  (30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO  Episode Resources: Full Monthly Threat Report for November Law Enforcement Shutdown of Qakbot Paul and Andy Discuss Storm-0558 Security Awareness Service - Request Demo Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft's contradictory "no backup needed" guidance. To add to the confusion, Microsoft has introduced its own M365 backup product.  During the episode, we'll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don't miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365!  Episode Resources: Free eBook - Microsoft 365: The Essential Companion Guide 365 Total Backup – Request a Trial VM Backup - Free Trial Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

In today’s episode, we’re delighted to welcome back Eric Siron, who’s no stranger to our show. Andy and Eric will be exploring some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media and application whitelisting. But here's the twist: we're approaching these protective measures from the mindset of a relentless threat actor, someone who's determined to breach your defenses and make your backups their own.  Throughout the episode, we will discuss common misconceptions surrounding these historical solutions, often described as the ultimate ransomware defenses. Do they genuinely live up to the hype? Why do they seem to fall short when used in a vacuum? Tune in to learn more!  Episode Resources:  The Backup Bible by Eric Siron EP22: Can You Trust Microsoft with Security? Immutable Protection Against Ransomware Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Get a glimpse into The Security Swarm Podcast 🎙️ – a weekly conversation of the most critical issues facing the world of cybersecurity today, hosted by Andy Syrewicze, Security Evangelist at Hornetsecurity. From the malicious use of AI tools to social engineering scams, each episode hones in on a pertinent topic dissected by an industry expert and backed up by real-world data from our Security Lab 🔬 The world of cybersecurity should not be taken on alone – it’s time to join the swarm. Check it out 👉

In today's digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks.  In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business.    Timestamps: (3:20) – How important is ransomware protection in terms of IT priorities? (4:41) – How many organizations do NOT have a DR plan in place?  (9:28) – How many organizations protect their backups from ransomware?  (12:10) – What types of tools are organizations using to combat ransomware?  (15:45) – How many organizations have been victims of ransomware?  (18:12) – How many ransomware victims managed to recovery from backup?  (20:50) – What are the most common vectors of attack for ransomware?  (24:00) – How many people see real value from security awareness training?  (27:37) – How many organizations using M365 have a DR plan in place for ransomware?  Episode Resources: Full Ransomware Survey Results EP12: What We Learned by Asking the Community About Compliance

Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed!  In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy!  Timestamps: (1:57) – What are malicious OAuth Applications?  (5:21) – Who can authorize OAuth Applications in a M365 tenant?  (8:25) – How are malicious OAuth Applications getting past Microsoft Review?  (14:56) – An example of a how a malicious OAuth Application might function in an attack  (17:44) – Mitigation and prevention of malicious OAuth Application attacks  (25:35) – The M365 Essential Companion Guide eBook  Episode Resources: M365 Publisher Verification M365 Publisher Attestation M365 App Certification M365 ACAT Tool Free eBook 'Microsoft 365: The Essential Companion Guide' Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.   The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company's security culture and its ability to safeguard its vast user base.  Tune in for more details!  Timestamps: (2:37) – Email Threat Numbers for the data period.  (4:18) – File Types used for the delivery of malicious payloads.  (7:39) – What are the top targeted industry verticals?  (11:19) – What were the most impersonated brands during the last month?  (21:15) – Microsoft’s Continued Security Issues  (31:19) – Vulnerabilities in libwebp  Episode Resources: Full Monthly Threat Report - October 2023 Andy and Paul Discuss Microsoft Security Problems

You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let's face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take.   In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today's ever-changing cybersecurity landscape.  Timestamps: (2:45) - Why is certification important in the Security Space  (7:28) - What are the benefits of getting certified?  (11:45) - Vendor-specific certifications  (16:05) - Are Linux certifications relevant to security professionals?  (22:21) - What are the most important vendor-agnostic security certifications?  Episode Resources: Comptia Security+ GSEC Cisco CCNA CISSP CISM CEH OSCP Careers at Hornetsecurity (We offer training!) Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident.  The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.   Timestamps: (1:55) – There has been a recent string of security issues at Microsoft  (6:42) – Storm-0558  (16:38) – Follow up on the SolarWinds attack from 2020  (20:50) – Multiple Exchange on-prem vulnerabilities over the last several years  (22:55) – Power Platform cross-tenant un-authorized access  (26:61) – Communication seems to be a sore spot across all these issues  (31:21) – Trust is critical for the survival of “the cloud”  Episode Resources: Monthly Threat Report - September 2023 Microsoft 365: The Essential Companion Guide - Free eBook Paul’s recent article on Microsoft’s security issues Results of Microsoft’s Storm-0558 Investigation Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry.  With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape.  Timestamps: (2:13) – What is it like being the CEO of a Cybersecurity Company?  (7:27) – What are the main methods that Daniel uses to keep up to date on the industry?  (10:05) – What was the main driving reason behind founding Hornetsecurity?  (13:26) – Solving security problems with a unique approach.  (18:28) – How is AI changing the cybersecurity industry?  (24:08) – Daniel’s cybersecurity predictions for the future.  Episode Resources: Hornetsecurity’s Advanced Threat Protection Episode 18: Generative AI in Defensive Tools  

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023.  During the episode, Andy and Yvonne explore the overall threat trends including:   The most common malicious file types used to deliver payloads, with HTML files taking the lead  The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.   The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks.  The impact of the FBI’s disruption of Qakbot.  The Storm-0558 breach.  A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors.  Timestamps: (3:22) – General threat trends for this month’s data period  (7:11) – What were the most used file types used for malicious payloads during the data period?  (10:10) – What are the most targeted industries for this data period?  (12:04) – The most impersonated brands from this month’s report  (16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet  (22:54) – An update on the Microsoft Storm-0558 breach  (33:46) – Data breaches account for 14 million lost records  Episode Resources: Full Monthly Threat Report - September 2023 EP07: A Discussion and Analysis of Qakbot  Security Awareness Service Andy on LinkedIn, Twitter, Mastadon  Yvonne on LinkedIn 

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Azure Entra, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Azure AD is/was and its crucial role in the Microsoft Cloud ecosystem.   Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform's functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same. Timestamps: 2:03 – Azure AD is Now Microsoft Entra  9:35 – Relevant Acronyms for the Identity Space  13:49 – Entra Internet Access  21:28 – Entra Private Access  26:44 – M365 / Entra ID Tenant Restrictions  30:23 – How Do These Features Factor Into the Storm-0558 Breach?  Episode resources: Hornetsecurity 365 Total Protection Podcast episode: Licensing Security Features in M365 Microsoft Entra Azure Active Directory Domain Services Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point.   This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy!  Timestamps: 2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle  15:50 – Compliance and Similar Issues Often Drives C-Suite Attention  26:05 – An Example - What Would Daniel Look for When Having to Make a C-Suite Decision?  Episode Resources: 365 Total Protection  Email Encryption  Andy on LinkedIn, Twitter or Mastodon  Daniel on LinkedIn 

In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI's darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity's suite of products leverages AI to display a concrete example in the industry.  Join us as we shift the narrative from AI's potential for malicious use to how defensive toolsets and security experts are harnessing its power.   Timestamps:  3:12 – How has AI changed the threat landscape?  6:10 – How can AI help blue teams?  16:08 – An example of AI used defensively in a software stack  26:24 – What advancements in AI in the security space are we likely to see in the future?  Episode Resources: EP08: Advanced Threat Protection: A Must Have in Today's Ecosystem? EP03: The Reemergence of Emotet and Why Botnets Continue to Return Advanced Threat Protection Security Awareness Service OpenAI Cybersecurity Grant Program AI can steal data by listening to keystrokes with 95% accuracy Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today’s episode we have Eric Siron, Microsoft MVP, joining Andy for a discussion on the debated topic of On-Prem Security versus Cloud Security from a security standpoint. The digital landscape has transformed, raising questions about securing multiple cloud services, APIs, and the scattered user base. We explore how defenses have evolved and although default protections have strengthened, attack vectors have grown smarter with the growth of ransomware. Join us as we dissect these changes and their impact on modern security paradigms in an era where protection and adaptation are paramount.  Disclaimer: This episode was recorded just before news of the Microsoft breach hit the headlines. Thus, while some of the perspectives may seem momentarily misaligned due to the unfolding events, the core insights and conclusions drawn remain the same.   Timestamps: 3:50 – What is the current state of on-premises infrastructure in terms of security?   12:37 – How does compliance factor into on-premises security?  21:12 – Is Infrastructure in the cloud more secure?  33:12 – Is “The Cloud” or “On-Premises” more secure?  Episode Resources: Monthly Threat Report - August 2023  Andy and Paul Discuss M365 Security Andy and Paul Discuss the Difficulty of Licensing Security Features in M365 Hornetsecurity Ransomware Survey Findings The Backup Bible Hornetsecurity's Security Awareness Service Information on Recent SEC Announcement

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. Every month, Andy will be hosting an episode to dive into the key takeaways from the report.  In today’s episode, Andy and Umut will be sharing a threat overview based on data from the Security Lab throughout July 2023. From the changing tactics in email attacks, to new brand impersonations and the impact of dark-web generative AI (Artificial Intelligence) tools like WormGPT, we will equip you with the right information to help you stay ahead of these new emerging threats.   Episode Resources: Monthly Threat Report - August 2023  EP 01 - We Used ChatGPT to Create Ransomware Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today's episode, Andy has a special guest from our product development team at Hornetsecurity - Jean Paul (JP) Callus. The episode goes into an insightful discussion on how threats have morphed over the years. Andy and Jean Paul recount the days when backup primarily served as a safety net against accidental data loss and hardware failures. Fast forward to today, and backups have become a key weapon in the fight against ransomware and other sophisticated attacks.  Tune in to discover the power of modern backups in the ever-evolving world of cybersecurity and how organizations can establish seamless data protection measures, ensuring minimal data loss and downtime in the face of cyber threats.  Timestamps: (2:16) – Ransomware continues to drive backup and recovery decisions. (10:10) – How has the industry traditionally mitigated ransomware and how are things done now?  (14:13) – Revisiting the 3-2-1 backup strategy and adding an extra “1”  (16:10) – Cloud backups and WORM (Write Once Read Many) states.  (19:10) – What other backup technologies play a role in security?  (23:43) – Deduplication, Immutability, and Backup  Episode resources: Podcast EP01: We Used ChatGPT to Create Ransomware Podcast EP05: What is Immutability and Why Do Ransomware Gangs Hate it? Hornetsecurity Ransomware Attack Survey VM Backup V9 The Backup Bible  Find Andy on LinkedIn, Twitter or Mastadon Find Jean Paul on LinkedIn This SysAdmin Day, win with Hornetsecurity!  If you are a System/IT Admin and use Hyper-V or VMware, celebrate with us by signing up & trialling VM Backup V9 for a chance to win a Pixel Tablet! Find out more information here. 

Join us for an insightful discussion on the topic of licensing Microsoft 365 security features. Microsoft Certified Trainer, Paul Schnackenburg, joins us once again to share his valuable insights on how M365 licensing practices have evolved and why they’ve become so complex.  In this episode Andy and Paul look at all the different ways native security features in M365 are licensed, what challenges come along with that process, how the process is confusing and more! This includes some discussion around how M365 licensing in general is flawed as well as how third-party software vendors help plug-in and do what they can to simplify this mess.  Timestamps: 2:22 – O365 licensing vs M365 licensing  5:06 – Is the complexity in M365 licensing deliberate?  7:09 – Licensing and security with M365 business  13:30 – Licensing and security in the M365 Enterprise SKUs  19:30 – What about the EMS Suite?  21:42 – What are E5 Compliance and E5 Security?  28:05 – How can a 3rd party vendor help make licensing security features easier?  Episode Resources: SysAdmin Dojo Podcast Episode on General M365 Licensing  Andy and Paul’s M365 Compliance Webinar Defender for Endpoint Hornetsecurity Services Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

We’re back for another episode with Philip Galea, R&D Manager at Hornetsecurity. In today’s episode, Andy and Philip discuss the frustrations and challenges IT admins face when managing permissions and sharing effectively in SharePoint Online.   As more organizations embrace remote work, collaborate with external freelancers, and rely on tools like Microsoft Teams and emails for sharing files, the need to manage permissions has become crucial. Tune in to this episode to learn about the complexities of SharePoint and discover ways to regain control over your access management.  Timestamps: 4:44 – The problems with managing permissions in SharePoint Online  8:34 – The ease of file sharing in M365 has created a problem.  11:16 – Have SharePoint security capabilities just been “lifted and shifted” to the cloud?  14:43 – The egregious problem with duplicate named SharePoint custom roles.  23:32 – What should M365 admins be doing about this problem?   27:10 – Behind the scenes with M365 Permission Manager by Hornetsecurity  Episode Resources: 365 Permission Manager Introducing 365 Permission Manager – Webinar Find Andy on LinkedIn, Twitter or Mastadon Find Philip on LinkedIn

Join host Andy and special guest Martin Tanner from ADM Computing as they discuss real-life security horror stories. This fun and engaging episode was recorded live at Infosecurity Europe in London. Expect to hear interesting stories which both Andy and Martin have experienced first-hand.  With a mix of humor and valuable insights, this episode is a must-listen for anyone interested in the fascinating, and at times terrifying, world of real-life security horror stories.  Timestamps:  2:28 – The Dangers of Unmanaged IOT devices  5:30 – Hacked Video Conferencing Unit and Premium Rate Numbers  8:18 – Email Forwarding Rules and Data Leakage  11:59 – The Need for Proper Backup and Archival + Scheduled Payment Woes  15:40 – Rogue Admin and Embezzlement  18:17 – A Flattened Network and Ransomware Infection  22:16 – The Publicly Accessible Hypervisor  Episode Resources: Security Awareness Service Email Encryption from Hornetsecurity Email Encryption Fact Sheet Find Andy on LinkedIn, Twitter or Mastadon Find Martin on LinkedIn

Get ready for an eye-opening episode recorded live at Infosecurity Europe in London. In this episode, Andy and Matt Frye dissect the results of a comprehensive IT compliance survey conducted by Hornetsecurity. In the rapidly evolving digital landscape, maintaining IT compliance has become a pressing concern for businesses worldwide.   Tune in to explore the key findings from this survey, featuring insights from over 200 IT professionals representing diverse roles, regions, industries, and experience levels.  Timestamps: 02:32 – Compliance is a growing concern  03:52 – Do businesses see compliance as important?  06:24 – The burden of compliance on IT teams 12:08 – How are businesses verifying compliance?  14:46 – Trust in the cloud continues to be a problem for some organizations  17:00 – M365 administrators are struggling with compliance tools  20:57 – The cost of non-compliance  Episode Resources: IT Cybersecurity Compliance Survey  365 Permission Manager  Find Andy on LinkedIn, Twitter or Mastadon Find Matt on LinkedIn

Microsoft's recent decision to throttle traffic from old and outdated versions of On-Premises Exchange has sent shockwaves through the tech community. In today's episode, Andy and Paul Schnackenburg delve into the details of Microsoft's plans to protect Exchange Online against persistently vulnerable on-premises Exchange Servers by throttling and blocking emails from these unsupported servers.  Tune in to understand the reasoning behind Microsoft's strategy with this change, how organizations can keep themselves protected through process, and where third-party vendors can plug in and provide value.  Timestamps: 4:00 – Microsoft’s plan details and communication  10:50 – Paul and Andy’s thoughts on why Microsoft is making this change  18:40 – Is it “Ethical” for Microsoft to block on-prem Exchange traffic?  26:31 – What should affected organizations do?  Episode Resources: Microsoft's Announcement SMB1 Changes at Microsoft Hornetsecurity's 365 Total Protection Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

We’re back for another episode with Lia Fey, Customer Success Lead at Hornetsecurity. In today’s episode, Lia brings her wealth of experience working closely with CISOs on a daily basis to share valuable insights and strategies for effectively collaborating with them.   CISOs face a unique set of challenges as they operate in high-pressure environments and navigate the intersection of compliance requirements as well as the security needs of an organization.   Join us as we explore the multifaceted nature of working with CISOs on security awareness and discover tips and tricks for fostering effective partnerships in the ever-evolving security and compliance landscape.  Timestamps: 3:25 – Initial Impressions and responsibilities of CISOs?  5:47 – CISOs and Interactions with the Rest of the Organization  8:47 – Responsibilities of CISOs  15:59 – What is the Most Effective Way to Communicate with CISOs  21:40 – How can we help CISOs solve difficult business challenges?  Episode Resources: EP09: Real World Guidance on Security Awareness Service Security Awareness Service Andy on LinkedIn, Twitter or Mastodon  Lia on LinkedIn 

In today’s episode, our host Andy sits down with Lia Fey, Customer Success Lead at Hornetsecurity, to discuss why employees need to be trained on security awareness and what type of training works best. In addition, they explore the challenges businesses face when trying to train their employees in today’s digital landscape.   Lia Fey brings her expertise to the table and sheds light on real-world scenarios where organizations have successfully prevented attacks because an end user possessed the knowledge and ability to react appropriately.  Timestamps: 2:32 – What is a security awareness service?  9:38 – Why is security awareness training so effective?  12:45 – Measuring end-user success and right-sizing training  20:11 – What is the right kind of end-user security training?  24:22 – Some real-world scenarios  28:35 – Do security awareness services help spot threats outside of email?  Episode Resources: Security Awareness Service Cyber Security Report 2023 Andy on LinkedIn, Twitter or Mastodon  Lia on LinkedIn 

We’re back for another episode with Umut Alemdar - Head of Security Lab here at Hornetsecurity. Today, we’re discussing Advanced Threat Protection (ATP) and its crucial role in detecting, preventing, and responding to increasingly sophisticated cyber threats.  Throughout the episode, Andy and Umut discuss common ATP techniques such as sandboxing, time of click protection, and spam filters, all of which are critical in fortifying defenses against malicious actors. Furthermore, they emphasize the vital function of the natural language understanding module in ATP in detecting sophisticated social engineering attacks.   While this episode focuses on ATP in general, Andy and Umut draw concrete examples from our own ATP scanning methods here at Hornetsecurity.   Timestamps: 2:05 – What is Advanced Threat Protection  5:50 – What are common scanning techniques used by ATP technologies  10:35 – How does Sandboxing work in ATP scanning techniques?  13:07 – What is the role of AI within ATP scanning?  18:09 – Concrete example of where ATP saves the day  20:11 – Scanning for malicious QR codes  Episode Resources:  Advanced Threat Protection We used ChatGPT to Create Ransomware Bit.ly QR Code Index Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today’s episode, Andy and Umut Alemdar explore one of the most malicious botnets in today’s digital threat landscape: Qakbot. What makes Qakbot so dangerous?  Qakbot originally started out as an information stealer back in 2007. Over the years, it has undergone significant transformations, evolving into a multi-modular malware that poses a severe threat to businesses. In our discussion and analysis, we uncover its attack chain from infecting a system to downloading malicious payload.  Timestamps: 3:24 – What is Qakbot?  5:18 – An overview of Qakbot’s attack chain and capabilities  14:38 – Mitigation and defence strategies for Qakbot   19:48 – What does the future look like for Qakbot?  Episode Resources: The Reemergence of Emotet and Why Botnets Continue to Return Security Awareness Service Advanced Threat Protection Find Andy on LinkedIn, Twitter or Mastadon Find Umut on LinkedIn 

In this episode, Andy and Paul Schnackenburg, Microsoft Certified Trainer, investigate the burning question on everyone's mind: Is Microsoft 365 a secure platform? As we discuss the intricate details and inner workings of Microsoft 365 security, we leave no stone unturned.   Tune in to learn valuable insights and expert analysis on the subject, as well as how Microsoft 365 holds up in today's ever-changing threat landscape.  Timestamps: 2:30 – Is Microsoft 365 secure?  6:32 – Management portal and configuration creep in M365  13:28 – Does file sharing in M365 create a security problem?  20:07 – Lack of transparency in regards to internal cloud infrastructure CVEs  25:36 – The mentality of security – just because it’s in “the cloud”  29:38 – Ultimately it’s the “customer’s” responsibility to stay safe  Episode Resources: Microsoft 365 Security Checklist Azure Blunder left Bing Results Editable  365 Permission Manager Free Trial  Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

In today’s episode, we welcome Philip Galea, an esteemed expert in immutability and backups at Hornetscurity. With ransomware being one of the most pervasive issues in the industry today, immutability emerges as a powerful weapon against ransomware gangs.   The term immutability is thrown around a lot in the cybersecurity community, but what does it mean, and why do ransomware gangs hate it?  This episode provides a fascinating insight into immutability and its vital role in the fight against ransomware.  Timestamps: 4:25 – What is immutability? 9:34 – How ransomware drove the need for immutability 12:30 – Ransomware creation via ChatGPT 18:12 – Are there benefits and use cases for immutability outside of backup? 21:30 – How does immutability really work? 24:57 – What’s to stop a rogue admin from “Tinkering” with immutable storage? Episode resources: EP01: We used ChatGPT to Create Ransomware MITRE ATT&CK DK Hornetsecurity VM Backup

In this episode, we delve into the world of social engineering, phishing, and spam campaigns, exploring modern techniques threat actors are using to trick users into divulging sensitive information through email. Security Evangelist Andy and guest expert Umut Alemdar, head of the Security Lab here at Hornetsecurity, explain how phishing remains the top method of attack for many cybercriminals due to its cost-effectiveness and ability to exploit human vulnerability.  Attackers use excellent context and timing to create convincing email messages that trick even the most savvy users into divulging sensitive information. Despite the prevalence of anti-spam solutions, phishing continues to rise as attackers adapt and evolve their techniques.  Tune in to gain a better understanding of social engineering and how to protect your organization in the modern age.  Timestamps: 1:47 – Social engineering, phishing, and spam campaigns: still a problem in the modern era  6:30 – Why is phishing so effective, even today?  11:43 – What other types of attacks does phishing enable for end users?  16:48 – How does the industry ultimately solve the problem of phishing? Episode resources:  Cyber Security Report 2023         Security Awareness Services    Google and Facebook Accounts Payable Fraud    Find Andy on LinkedIn , Twitter , Mastodon  Find Umut on LinkedIn     

Welcome back to the Security Swarm Podcast! In this episode, our host Andy Syrewicze talks with Umut Alemdar, Head of Security Lab here at Hornetsecurity, about the reemergence of Emotet and the pervasiveness of botnets. Why do they keep coming back?  Emotet, a well-known botnet for spreading malware and stealing personal information, had been dormant since December before reappearing in March 2023 with new tactics and capabilities. The Botnet has a modular architecture that allows threat actors to include any kind of payload that gets executed on the victim’s device.  Tune in to hear Andy and Umut discuss the attack chain of Emotet, how it has evolved and the risks it may pose to your organization. They also explore why botnets such as Emotet persist despite efforts to shut them down.  Timestamps: 1:58 – What is Emotet?  6:25 – Emotet’s Attack Chain  12:20 – How do Botnets continue to return?  14:44 – How can organizations guard against botnets like Emotet?  Episode resources: Hornetsecurity Article Regarding Emotet Hornetsecurity CyberSecurity Roundtable Discussion Advanced Threat Protection Security Awareness Services Andy on LinkedIn, Twitter, Mastadon Umut on LinkedIn

Welcome back for another episode of the Security Swarm Podcast, the podcast that brings you the insights and expertise straight from the Security Lab here at Hornetsecurity. In this episode, we’ll be diving into recent security disclosures with Eric Siron, Microsoft MVP, and discussing how organizations should respond when vulnerabilities are discovered.  We’ll focus on two major incidents as examples throughout this episode; the Outlook Vulnerability CVE-2023-23397, and the re-emergence of Emotet.  In today’s digital landscape, threats are constantly evolving and becoming more sophisticated, making it critical to respond quickly and efficiently minimize the impact of such incidents. Whether you’re a SysAdmin working in a small organization or the CISO of a large business, you have to be more vigilant, and have a plan.  Tune in to learn valuable insights into how tech professionals should handle security news.   Timestamps: 3:16 – A baseline example of a busy security news-cycle  8:00 – Keeping an eye on the security news-cycle and has it always been this way?  17:45 – What should organizations be doing to keep tabs on the security news-cycle?  23:21 – What can vendors be doing better to help SysAdmins handle security news?  Episode resources: CVE-2023-23397 The Re-Emergence of Emotet Hornetsecurity July 2022 Threat Review with Talk of Qakbot White House to Shift Cybersecurity Burden Andy on LinkedIn, Twitter, Mastadon Eric on Twitter

  In our very first episode we welcome Yvonne Bernard to the show for an in depth discussion into the security implications of ChatGPT. There is no doubting that ChatGPT and other recent AI models have brought some very positive change to a number of industries. However, did you know that there is potentially a darker side to AI? Can it be used for malicious purposes? The short answer is yes! In fact, we were able to use ChatGPT here at Hornetsecurity to essentially create ransomware!  In today’s episode we discuss the particulars of that process, the implications as well as other methods threat-actors can use to get ChatGPT to help them with illicit activities!  Timestamps:  2:43 - What is ChatGPT and what are some of it’s general capabilities?  5:51 - What are the benefits of ChatGPT?  10:05 - How is ChatGPT used for malicious use by threat-actors?  17:15 - Does OpenAI have controls in place to prevent malicious use?  20:48 - What are the legal implications that ChatGPT brings to the industry?  23:40 - What does the industry do about the potential security implications of ChatGPT?  Episode Resources:  The DAN Method on Reddit Hornetsecurity Webinar on the Security Implications of ChatGPT  Andy on LinkedIn  Andy on Twitter  Andy on Mastadon  Yvonne on LinkedIn  Security Awareness Service from Hornetsecurity 

We talk Hybrid Cloud Management via Azure Arc with Thomas Maurer from the Azure Advocacy team at Microsoft! This episode features a lot of discussion around Microsoft’s hybrid cloud strategy, planning, and management with Azure Arc. Azure Arc brings together management of different clouds into the same UI. You can even setup your on-prem Azure Stack HCI deployments as “Custom Locations” inside of Arc so they appear as sites within the Azure control plane. This management story is becoming critically important. Many IT Pros see Hybrid Cloud as a destination and not a temporary state. The need for these kinds of management tools is only going to grow. With that said, Andy and Thomas spend a good chunk of the episode talking about Hybrid cloud deployments, technologies, and where Azure Arc fits into it all! We hope you enjoy! In this episode What is Azure Cloud Advocate? - 2:12 The Focus on Hybrid Cloud at Microsoft - 10:40 Examples of Hybrid Cloud Deployments - 12:50 What are the different options for Hybrid Cloud in the Microsoft Stack? - 16:14 How does Azure Arc Fit into Microsoft’s Hybrid Cloud Story? - 24:51 What Azure Stack option fits best where? - 32:34 For someone new to Microsoft Hybrid technologies, what are some resources to get started? - 36:26 Resources for Azure Stack HCI and Azure Arc Learn more about Azure Arc on the DOJO Webinar on Azure Stack HCI IT Pro Resources at the DOJO Azure Stack Products on Microsoft Docs Microsoft Learn Microsoft Cloud Adoption Framework Thomas’s Blog