Podcasts about email security

LevelBlue's latest Threat Trends Report pulls no punches: phishing, malware, and ransomware attacks are not just continuing—they're accelerating. In this episode of ITSPmagazine's Brand Story podcast, hosts Sean Martin and Marco Ciappelli are joined by Kenneth Ng, a threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team, to unpack the findings and recommendations from the report.Phishing as a Service and the Surge in Email CompromisesOne of the most alarming trends highlighted by Kenneth is the widespread availability of Phishing-as-a-Service (PhaaS) kits, including names like RaccoonO365, Mamba 2FA, and Greatness. These kits allow attackers with little to no technical skill to launch sophisticated campaigns that bypass multi-factor authentication (MFA) by hijacking session tokens. With phishing attacks now leading to full enterprise compromises, often through seemingly innocuous Microsoft 365 access, the threat is more serious than ever.Malware Is Smarter, Simpler—and It's Spreading FastMalware, particularly fake browser updates and credential stealers like Lumma Stealer, is also seeing a rise in usage. Kenneth points out the troubling trend of malware campaigns that rely on basic user interactions—like copying and pasting text—leading to full compromise through PowerShell or command prompt access. Basic group policy configurations (like blocking script execution for non-admin users) are still underutilized defenses.Ransomware: Faster and More Automated Than EverThe speed of ransomware attacks has increased dramatically. Kenneth shares real-world examples where attackers go from initial access to full domain control in under an hour—sometimes in as little as ten minutes—thanks to automation, remote access tools, and credential harvesting. This rapid escalation leaves defenders with very little room to respond unless robust detection and prevention measures are in place ahead of time.Why This Report MattersRather than presenting raw data, LevelBlue focuses on actionable insights. Each major finding comes with recommendations that can be implemented regardless of company size or maturity level. The report is a resource not just for LevelBlue customers, but for any organization looking to strengthen its defenses.Be sure to check out the full conversation and grab the first edition of the Threat Trends Report ahead of LevelBlue's next release this August—and stay tuned for their updated Futures Report launching at RSA Conference on April 28.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Kenneth Ng, threat hunter and lead incident responder on LevelBlue's Managed Detection and Response (MDR) team | On LinkedIn: https://www.linkedin.com/in/ngkencyber/ResourcesDownload the LevelBlue Threat Trends Report | Edition One: https://itspm.ag/levelbyqdpLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Today, I'm sharing something deeply personal and serious—my stalker story. For over a year, Timothy C. (we can share his full name soon if need be) has been physically stalking me, and his digital harassment goes back even further. Law enforcement is now involved, but I wanted to update you all in case anything happens to me—so there's no question about who did it. This episode isn't just about my experience; it's also about the reality of stalking, the dangers of obsession, and the importance of taking threats seriously. Stay aware, stay safe, and let's talk about it all, shall we?—https://noblegoldinvestments.com

Landtrust Title Services and attorneys Mark Herrick and Nick Jaworski break down how to secure funds for a real estate transaction. Wire fraud, Seller Impersonation and how to insure your funds for 2.5 million dollars are covered.https://www.ah-lawyers.com/https://www.vjplawyers.com/nicholas-p-jaworskiIntroduction to the Episode (00:00:00)Speaker Introductions (00:01:32)Cybercrime Statistics (00:02:50)Creating a Value Proposition (00:03:49)Market Trends in Real Estate Fraud (00:05:37)Importance of Email Security (00:06:25)Real Estate Fraud Overview (00:08:29)Red Flags of Seller Impersonation (00:09:20)Urgency in Transactions (00:10:54)Seller Communication Patterns (00:12:00)Identifying Fraudulent Sellers (00:12:21)Power of Attorney in Transactions (00:14:20)Notary Verification Process (00:15:34)Remote Online Notary (00:18:27)Realtor's Human Contact (00:18:33)Realtor-Attorney Partnership (00:19:08)Seller Impersonation Fraud (00:19:31)Verifying Identity (00:20:45)Red Flags of Fraud (00:21:04)First Line of Defense (00:22:18)Minimizing Fraud Steps (00:23:12)Client Education on Fraud (00:23:33)Email Communication Vigilance (00:24:30)Personal Experience with Fraud (00:25:25)Immediate Action on Wire Fraud (00:27:20)Legal Steps for Defrauded Sellers (00:27:52)Potential Liability (00:29:01)Tracking Fraud Attempts (00:30:49)Recent Fraud Case Example (00:32:01)Bank Alertness to Fraud (00:34:26)Soft Spots in Transactions (00:35:02)Clean Title Importance (00:36:08)Red Flags in Real Estate Transactions (00:36:34)Verifying Seller Identity (00:37:39)Estate Sales Challenges (00:38:04)Seller Verification Steps (00:39:17)Escrow Security Team (00:40:29)Payoff Verification Process (00:41:25)Handling Fraudulent Payoffs (00:43:27)Wire Fraud Precautions (00:46:00)Closing Lock Security Features (00:48:25)Transaction Completion and Team Introduction (00:51:28)AI and Fraud (00:52:39)Understanding Foreign Investor Transactions (00:55:01)Title Companies and Holdbacks (00:55:47)Importance of Verification (00:56:09)Role of Title Companies (00:56:49)Closing Remarks and Thanks (00:57:31)Podcast Conclusion (00:58:12)People, Not Titles podcast is hosted by Steve Kaempf and is dedicated to lifting up professionals in the real estate and business community. Our inspiration is to highlight success principles of our colleagues.Our Success Series covers principles of success to help your thrive!IG - https://www.instagram.com/peoplenotti...FB - https://www.facebook.com/peoplenottitlesTwitter - https://twitter.com/sjkaempfSpotify - https://open.spotify.com/show/1uu5kTv...

Josh Kamdjou is CEO and Founder of Sublime Security. Josh started Sublime after realizing just how easy it was for him to break into companies with phishing emails. He wanted to build a solution that better addressed the tailored environment of each organization such as historical data. Now the company has raised over $80 million from leading VCs such as IVP, Index Ventures, and Decibel. Before Sublime, Josh worked as a DoD hacker for 9 years.In the episode we discuss his emphasis on leveraging the attacker perspective, the fundamental difficulties of email security, his conviction in product-led growth, and more.Website: https://sublime.security/Sponsor: VulnCheck

In this week's episode we dive deep into both the psychological and privacy implications of social media apps. I reflect on my observations during recent travels, and explore how social media platforms are distorting human connections while simultaneously collecting vast amounts of personal data.The episode also tackles the technical aspects of email systems to the limitations of encrypted messaging apps, providing practical advice for maintaining privacy.In this week's episode:Listener Questions - Deep dive into pfSense vs OPNsense, mobile VPN usage, and dealing with license plate readersSocial Media Privacy - Analysis of social media's psychological impact and privacy issues with data collection practicesProper Account Deletion - Step-by-step guide for securely deleting social media accountsSock Puppet Accounts - Maintaining anonymous online identitiesEmail Privacy - Historical perspective and current state of email securityWhatsApp Security - A discussion on encryption and device securityShow Links:Support the Show on Patreon - https://patreon.com/TheLockdownGrapheneOS - https://grapheneos.orgThe Neuroscience of Engagement - https://medium.com/design-bootcamp/the-neuroscience-of-engagement-b50531a9313b"The right information at the right time is deadlier than any weapon."- Dolores Abernathy (Westworld)

Send us a textIn this episode, Joey Pinz talks with Ben Hathaway, who shares insights on the launch of Shield, an innovative email security solution employing a Zero Trust framework. Ben emphasizes the critical role of email as a primary attack vector, with about 90% of cyberattacks originating through this channel. Shield aims to secure email communications proactively, preventing threats at the frontline and reducing the need for excessive post-attack measures. Ben likens Shield to “noise-canceling headphones” for email, balancing security without disrupting communication.

In this edition of the Risky Business Soap Box we're talking all about email security with Sublime Security co-founder Josh Kamdjou. Email security is one of the oldest product categories in security, but as you'll hear, Josh thinks the incumbents are just doing it wrong. He joins Risky Business host Patrick Gray for this interview about Sublime's origin story and its new approach to email security.

This episode delves into the ongoing remote work debate, particularly focusing on Amazon's recent mandate requiring employees to return to the office five days a week starting in 2025. This decision has sparked significant backlash, with a Newsweek study indicating that a majority of remote workers would consider resigning if forced back into the office. The dissatisfaction is echoed in a poll revealing that 91% of Amazon employees are unhappy with the policy, and many express concerns about its impact on work-life balance and flexibility.The episode also highlights the evolving landscape of managed service providers (MSPs) and help desk operations, showcasing new technological advancements. Moovilla's integration with Autotask PSA aims to enhance project management for MSPs, while PIA introduces features to streamline ticket handling. Additionally, Cohesity's new visual data exploration capability addresses the challenges of unstructured data, and Cisco unveils AI-powered innovations for its Webex Contact Center, promising to improve customer satisfaction and operational efficiency.Host Dave Sobel further discusses the surge in email security adoption, particularly the implementation of DMARC (Domain-Based Message Authentication Reporting and Conformance). Despite nearly 6.8 million domains utilizing email sender authentication, many businesses remain hesitant to enforce stricter policies. The episode raises concerns about the effectiveness of email authentication and the slow pace of adoption, particularly in industries like non-profits, where DMARC usage is notably low.Finally, the episode touches on the competitive dynamics in the AI market, particularly the strained partnership between OpenAI and Microsoft amid financial pressures. Sobel reflects on Intel's struggles to keep pace with the booming AI sector, contrasting its market value with that of NVIDIA. The discussion concludes with a sobering look at the challenges faced by law enforcement in combating cybercrime, emphasizing the growing sophistication of cyber gangs and the need for a reevaluation of security strategies in the tech industry. Four things to know today 00:00 Remote Work Debate Intensifies: Amazon Faces Pushback on Office Mandate, While Surveys Highlight Hybrid Work's Benefits03:49 AI Transformations in Helpdesk and MSP Operations: Cisco, Fixify, and Cohesity Roll Out New Capabilities for Smarter Workflows07:12 Email Security Adoption Surges as DMARC Implementation Increases, Yet Full Enforcement Remains Distant08:56 Will AI Deliver Financial Returns? Examining Profit Challenges in Big Tech's AI Race  Supported by: https://mspradio.com/engage/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

In this episode, Jonathan Steele, a Chicago-based divorce attorney and partner at Behrman LLP, shares crucial insights on cybersecurity tailored for law firms. The discussion covers prevalent digital threats like phishing attacks, business email compromises, and domain security issues. Jonathan stresses the importance of identifying suspicious emails, employing preventive measures such as DMARC, DKIM, and SPF records, and the vital role of modern techniques like pen testing. The conversation highlights the generational challenges in adopting security practices such as zero trust and multi-factor authentication, emphasizing the need for constant vigilance, updated security systems, and proper training. Practical advice on protecting sensitive client data and personal information from identity theft and data brokers is offered, alongside a recommendation for Michael Basil's 'Extreme Privacy' book. This episode provides a well-rounded approach to maintaining robust cybersecurity in the evolving digital landscape.Jonathan gives listeners actionable tips on: 00:00 Intro 01:50 Common Cyber Threats to Law Firms 02:59 Recognizing and Handling Phishing Attempts 08:18 Email Security and Domain Protection 12:47 Updating IT Practices for Modern Security 14:07 Challenges with Legacy IT Systems 17:34 Legal Implications of Cybersecurity 18:15 Personal vs. Business Cybersecurity 19:04 Reputation and Legal Risks 21:25 Evolving Threat Landscape 23:34 Book Recommendation 29:58 Ongoing Cybersecurity Practices 31:17 Final Takeaways and Conclusion Resources mentioned in this episode:Extreme Privacy by Michael BazzellConnect with Jonathan here: Instagram Twitter LinkedIn Facebook https://steelefamlaw.com Connect with me Instagram Pinterest Facebook Twitter Karin on Twitter Karin on LinkedIn Conroy Creative Counsel on Facebook https://conroycreativecounsel.com 

In this episode, Jonathan Steele, a Chicago-based divorce attorney and partner at Behrman LLP, shares crucial insights on cybersecurity tailored for law firms. The discussion covers prevalent digital threats like phishing attacks, business email compromises, and domain security issues.  Jonathan stresses the importance of identifying suspicious emails, employing preventive measures such as DMARC, DKIM, and SPF records, and the vital role of modern techniques like pen testing. The conversation highlights the generational challenges in adopting security practices such as zero trust and multi-factor authentication, emphasizing the need for constant vigilance, updated security systems, and proper training.  Practical advice on protecting sensitive client data and personal information from identity theft and data brokers is offered, alongside a recommendation for Michael Basil's 'Extreme Privacy' book. This episode provides a well-rounded approach to maintaining robust cybersecurity in the evolving digital landscape. Jonathan gives listeners actionable tips on: 00:00 Intro 01:50 Common Cyber Threats to Law Firms 02:59 Recognizing and Handling Phishing Attempts 08:18 Email Security and Domain Protection 12:47 Updating IT Practices for Modern Security 14:07 Challenges with Legacy IT Systems 17:34 Legal Implications of Cybersecurity 18:15 Personal vs. Business Cybersecurity 19:04 Reputation and Legal Risks 21:25 Evolving Threat Landscape 23:34 Book Recommendation 29:58 Ongoing Cybersecurity Practices 31:17 Final Takeaways and Conclusion Resources mentioned in this episode: Extreme Privacy by Michael Bazzell Connect with Jonathan here: Instagram Twitter LinkedIn Facebook https://steelefamlaw.com Connect with me Instagram Pinterest Facebook Twitter Karin on Twitter Karin on LinkedIn Conroy Creative Counsel on Facebook https://conroycreativecounsel.com 

In this episode, Jonathan Steele, a Chicago-based divorce attorney and partner at Behrman LLP, shares crucial insights on cybersecurity tailored for law firms. The discussion covers prevalent digital threats like phishing attacks, business email compromises, and domain security issues.  Jonathan stresses the importance of identifying suspicious emails, employing preventive measures such as DMARC, DKIM, and SPF records, and the vital role of modern techniques like pen testing. The conversation highlights the generational challenges in adopting security practices such as zero trust and multi-factor authentication, emphasizing the need for constant vigilance, updated security systems, and proper training.  Practical advice on protecting sensitive client data and personal information from identity theft and data brokers is offered, alongside a recommendation for Michael Basil's 'Extreme Privacy' book. This episode provides a well-rounded approach to maintaining robust cybersecurity in the evolving digital landscape. Jonathan gives listeners actionable tips on: 00:00 Intro 01:50 Common Cyber Threats to Law Firms 02:59 Recognizing and Handling Phishing Attempts 08:18 Email Security and Domain Protection 12:47 Updating IT Practices for Modern Security 14:07 Challenges with Legacy IT Systems 17:34 Legal Implications of Cybersecurity 18:15 Personal vs. Business Cybersecurity 19:04 Reputation and Legal Risks 21:25 Evolving Threat Landscape 23:34 Book Recommendation 29:58 Ongoing Cybersecurity Practices 31:17 Final Takeaways and Conclusion Resources mentioned in this episode: Extreme Privacy by Michael Bazzell Connect with Jonathan here: Instagram Twitter LinkedIn Facebook https://steelefamlaw.com Connect with me Instagram Pinterest Facebook Twitter Karin on Twitter Karin on LinkedIn Conroy Creative Counsel on Facebook https://conroycreativecounsel.com 

Alain Ghiai is the founder and CEO at Sekur Private Data Ltd. In this episode of Swiss Made Cybersecurity, Ghiai joins host Paul John Spaulding to discuss election season email security, including how recent hacks have affected campaigns, and more. Sekur is a cybersecurity and internet privacy provider of Swiss hosted solutions for secure and private communications. To learn more about our sponsor, visit https://sekur.com.

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes.   Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!  Key Takeaways:  Spear phishing attacks have evolved from obvious wire transfer requests to more subtle techniques like initial contact fraud, where threat actors establish a relationship to build credibility.  Tax fraud and W-2 phishing remain prevalent, especially around tax season, as attackers try to obtain personal information like Social Security numbers.  C-suite fraud, where attackers impersonate executives, continues to be a major threat, highlighting the importance of robust processes to verify requests.  Lawyer fraud, targeting enterprises more than smaller businesses, leverages the credibility of legal communications to extort money or gather information.  Gift card fraud has emerged as the top spear phishing attack across enterprises and smaller businesses, as it is less likely to raise red flags than larger financial transactions.  Adaptability and creativity of threat actors are key factors, as they continuously evolve their techniques to bypass security measures and user awareness.  Timestamps:  (03:26) Discussion on initial contact fraud  (07:12) Exploration of tax fraud and W-2 phishing  (13:35) Examination of C-suite fraud and the importance of processes  (19:25) Lawyer Fraud and Enterprise vs. SMB Differences  (23:47) Banking Fraud and Processes   (26:39) Gift Card Fraud  Episode Resources:  Security Lab LinkedIn Group What is a Spear Phishing attack? The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks.

In this episode of The Audit, we're joined by Mick Leach from Abnormal to discuss the evolving landscape of email security and how AI is transforming both the threats and defenses in this space.  From QR code phishing to the rise of sophisticated AI-driven attacks, Mick shares insights on how organizations can stay ahead of these challenges, leveraging AI for good. We also touch on the latest trends in SaaS security and what the future of cybersecurity might look like. We'll cover: The rise of AI-driven phishing attacks How CrowdStrike's recent issues tie into broader security concerns The evolving role of security tools like Abnormal in email protection The growing threat of QR code phishing and how to mitigate it Insights on SaaS applications and their vulnerabilities Strategies for organizations to combat AI-generated threats  Stay ahead of emerging email threats and learn how AI can protect your organization by subscribing today! #CyberSecurity #EmailSecurity #EmailCybersecurity #AI #Phishing #Quishing 

In this episode, we talk about how Check Point has shifted the paradigm in Email Security. This is an except from our Paradigm Shift TechTalk back in May.

This episode of the Security Swarm podcast features guest Eric Siron, a Microsoft MVP in cloud and data center management. Eric works primarily with healthcare organizations and small-to-medium businesses, helping them navigate security and IT challenges. The episode focuses on the important topic of vetting and selecting third-party software vendors.   Andy and Eric discuss the recent CrowdStrike incident that caused major disruptions for many businesses. They use this as a case study to explore best practices for evaluating vendors, including assessing their security track record, testing their solutions thoroughly, understanding their update and patch management processes, and having contingency plans in place in case of vendor failures.  Key takeaways:  Thoroughly vet third-party vendors before choosing them, looking at factors like their security track record, update/patch processes, and internal testing procedures.  When evaluating vendors, focus not just on features and capabilities, but also on their stability as a company, their customer base, and their ability to handle issues and outages.   Develop contingency plans and mitigation strategies for when a critical third-party vendor experiences issues or outages.   Assume that failures will happen, and be prepared for them.   Timestamps:  (02:20) - CrowdStrike Incident  (04:17) - Vetting Third-Party Vendors  (11:42) - Compliance and Industry-Specific Considerations  (13:46) - Detailed Testing of Solutions  (19:26) - Common Problems with Third-Party Vendors  (22:40) - The CrowdStrike Incident and Vendor Processes  (29:10) - Mitigation Strategies 

In this episode of Cloud and Clear, your host John Veltri sits down with Abhishek Agarwal, Co-Founder and CEO of Material Security. They dive into the intricacies of cloud security, focusing on Google Workspace, and discuss how Material Security addresses the evolving threats in this space. From email security to sensitive content management and the implications of generative AI, this conversation covers the strategic partnership and innovation driving the industry forward. Don't miss this insightful conversation on the cutting edge of cloud security and AI, and the strategic partnership driving innovation in the space. Join us for more content by liking, sharing, and subscribing! 

In this episode of The Secure Dad Podcast, Andy delves into how important it is to protect your personal email. He discusses the dangers of compromised email addresses, such as phishing and identity theft, and emphasizes the importance of strong, unique passwords and two-factor authentication.  Take control of your data with DeleteMe. Because they sponsor the podcast you can get 20% off a privacy plan from DeleteMe with promo code: DAD.  Defend your home with FlipLok. Listeners get 20% off when using discount code SECUREDAD at checkout. See how Troomi Wireless is making smartphones safe for kids. Use code THESECUREDAD at checkout for $50 off a phone. Connect

Is your business email system secure? What steps did you take to assure it?In this episode of Little Blinking Light, AE Tech Design President Roger Ferworn and Richard Piet discuss the considerations and perhaps lesser-known facts about the security of email.Episode ResourcesAE Tech Design websiteBook an Appointment with AE Tech DesignAE Tech Design, experts in effectively designing technology and managing technology implementation, share that expertise in the Little Blinking Light podcast.This episode is produced by Livemic Communications.

Vivek Ramachandran is a security researcher, author, speaker/trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks. Prior to that, he was the founder of Pentester Academy (acquired), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. He has authored multiple books in cybersecurity and spoken at DEFCON, BlackHat multiple times.  00:00 Introduction  01:04 Our Guest 05:55 Advice from Vivek to those who want to follow a passion 09:19 Ransomware payments have gone down  13:37 Why is this still not addressed? 27:55 Should the CISO report to the board or the CIO?  36:55 Vulnerabilities in Gmail, Outlook, and their counterparts 47:14 SquareX + DEFCON   SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

#SecurityConfidential #DarkRhiinoSecurity Vivek Ramachandran is a security researcher, author, speaker/trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of⁠ SquareX⁠, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks. Prior to that, he was the founder of Pentester Academy (acquired), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. He has authored multiple books in cybersecurity and spoken at DEFCON, BlackHat multiple times.  00:00 Introduction  01:04 Our Guest 05:55 Advice from Vivek to those who want to follow a passion 09:19 Ransomware payments have gone down  13:37 Why is this still not addressed? 27:55 Should the CISO report to the board or the CIO?  36:55 Vulnerabilities in Gmail, Outlook, and their counterparts 47:14 SquareX + DEFCON   ---------------------------------------------------------------------- To learn more about Vivek visit https://www.linkedin.com/in/vivekramachandran/ To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @Darkrhiinosecurity Facebook: @Dark-Rhiino-Security-Inc Twitter: @darkrhiinosec LinkedIn: @dark-rhiino-security Youtube: @DarkRhiinoSecurity ​

In this episode of the Security Swarm Podcast, host Andy and recurring guest Eric Siron discuss the Monthly Threat Review for June 2024.  They explore a new threat campaign distributing the Darkgate Malware using a technique called pastejacking. Additionally, they touch upon the 911 S5 Proxy Botnet takedown and how threat actors are exploiting Stack Overflow to distribute malware.   Key takeaways:  Awareness of common tactics like pacejacking can help prevent falling victim to malware campaigns.  Read the details of the Darkgate attack methods we show in the report and adjust your security posture as needed. If you're in need of powerful, next-gen email security software, we've got you covered.  If your organization is leveraging software from any online, public repository, take the time to review that repository and do a risk assessment. Threat-actors are increasingly using public software repos for malicious purposes.  Timestamps:  (03:15) - Insights into Email Threat Trends and Industry Targeting in Cybersecurity Landscape (13:15) - Unveiling New Cybersecurity Threat Campaign using  Pastejacking (23:31) - Massive Botnet Take Down and Arrest of Operator: A Victory Against Cybercrime (29:29) - Beware of Malicious Packages: A Cautionary Case Study from Stack Overflow  Episode Resources:  Full Monthly Threat Report Enhance Security Awareness by Training Employees

In this conversation, I speak with Abhishek Agrawal, co-founder and CEO of Material Security. We talk about: - Material's Security innovative approach to email security by not just preventing unauthorized access but also containing damage from potential breaches. -Abhishek's background in data infrastructure at Dropbox and how product mangers can become successful CEOs due to their cross-functional expertise.  - The need for customized security measures for different organizations, the role of AI in detecting email threats, the importance of single-tenant environments for sensitive customers and the potential risk of default settings in productivity suites like Google Workspace. Among other topics.  Abhishek's Background and Material Security (00:00:00)Email Security and Productivity Suite (00:01:01)Geographical Connection and Coffee Meetup (00:02:06)Product Managers as CEOs and Co-founders (00:02:59)Empowering Product Managers (00:05:01)Product Management and Marketing Importance (00:08:04)Email as a Content Repository (00:09:39)Securing Email Content (00:11:03)Data Protection for Email (00:12:10)Redacting and Canaries (00:12:57)Email Security vs. Data Security (00:14:53)Abuse Cases and Control Layers (00:17:32)Mailbox Compromise and Lateral Movement (00:17:39)Threat Scenario Analysis (00:20:15)Language Models for Detection (00:22:19)Optimism in AI Tools for Defense (00:24:34)Customized Detection Categories (00:25:52)Security Controls Trend (00:26:20)Security Concerns for Law Firms (00:27:07)Email Copy Distribution (00:27:24)API-Based Integration (00:29:08)Monitoring LM Functionality (00:30:42)Threat Intelligence and Detection (00:32:54)Product Design Philosophy (00:35:56)Data Protection (00:38:01)Flexibility in Deployment (00:39:26)Main Products (00:40:33)Posture Management (00:44:01)Broadening Product Coverage (00:48:49)Google Workspace Threat Detection (00:50:05)Challenges with CSP (00:51:13)Contextual Intelligence (00:52:02)Balancing Depth and Breadth (00:53:15)Learning about Material (00:53:40)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

In this podcast episode, Andy and Paul discuss the upcoming release of Windows Server 2025 and the myriad security enhancements it will bring. They delve into various topics such as improvements to Active Directory, delegated managed service accounts, Kerberos protocol enhancements, SMB enhancements, hot patching, REFS file system for confidential computing, and extended security updates.   Key takeaways:  Windows Server 2025 brings a host of security enhancements.  The release date of Windows Server 2025 is speculated to be in September 2024, coinciding with the release of System Center 2025.  Timestamps:  (07:05) - Enhancements in Active Directory Security and Numa Support: A Deep Dive (13:19) - Revolutionizing Service Accounts: Delegated Managed Service Accounts Explained  (20:28) - Revamping Windows Server Security: Say Goodbye to NTLM and Hello to Kerberos  (28:15) - Revolutionizing SMB with Quick Protocol and Hot Patching in Windows Server 2025  (32:34) - Revolutionizing Patching with Hot Patching in Windows Server and Azure  (36:02) - Revolutionizing Data Protection with Resilient File System and Confidential Computing  (39:34) - Exploring Confidential Compute, Server Upgrades, and Extended Security Updates in Windows Server Environment  (42:37) - Windows Server 2025 Release Date Speculations and Future Episode Teasers  Episode Resources:  What's new in Windows Server 2025 from MS Learn

In this episode of the Security Swarm Podcast, our host Andy and guest speaker Jan Bakker discuss passkeys in the Microsoft ecosystem. They cover topics such as the definition of passkeys, prerequisites, tips for implementation, and the user experience. They also highlight the user-centric enrollment process, the role of conditional access, and the potential challenges and advantages of transitioning to passkeys.  Key takeaways:  Passkeys are a new authentication mechanism using the FIDO2 standard, providing a secure and user-friendly passwordless experience.  Device-bound passkeys are more secure but not transferable between devices, while syncable passkeys offer convenience but may introduce potential security risks.  Passkeys enhance security by being phishing-resistant and replacing traditional passwords and MFA methods.  The enrollment process involves using the Microsoft Authenticator app and ensuring prerequisites like device compatibility and Bluetooth connectivity.  Admins can enforce authentication method policies and conditional access to control user access and enhance security.  User education, interface improvements, and conditional access play crucial roles in a successful transition to passkeys.    Timestamps:  (03:04) - Unlocking the Future of Passkeys and the Evolution of Authentication  (06:18) - Exploring the Security Benefits of Device Bound and Syncable Passkeys  (14:54) - How to Prepare for Passkeys in Microsoft 365  (23:03) - Navigating the Rollout of Passkeys for Enhanced Security: Admins vs End Users  (29:03) - Maximizing Security with Passkeys, Conditional Access, and Authentication Policies  (33:01) - Unveiling the Convenience of Device-Bound Passkeys in Vasquez for Microsoft 365    Episode Resources:  Previous episode on Passkeys Blog post of Jan  

Recently, Trustifi, the premier provider of AI- and cloud-based email cyber security solutions, announced it is launching a new Email Security Awareness training module, a threat simulation tool that MSPs can offer to their end-customers. The module helps train network users to recognize and avoid phishing attacks, then goes a step further to provide actionable strategies, analytics, and reports that help administrators evaluate the module's results and enhance the protection of their networks. The Email Security Awareness tool identifies users who are most vulnerable to phishing attempts, allowing IT administrators to apply warning banners and training strategies to users who fall prey to the program's mock phishing attacks. The module and its campaigns can be conducted by the end-users' IT department, or by the managing MSP itself, depending on the customer/MSP business model. Information on the Email Security Awareness Module can be found here. Zack Schwartz In this podcast, Zack Schwartz, Vice President - Strategic Partnerships, discusses this new tool and opportunity for the MSP community. Trustifi is a cybersecurity firm featuring solutions delivered on a software-as-a-service platform including sophisticated AI-driven tools. Trustifi leads the market with the easiest-to-use and deploy email security products providing both inbound and outbound email security from a single vendor. The most valuable asset to any organization, other than its employees, is the data contained in its email, and Trustifi's key objective is keeping clients' data, reputations, and brands safe from all threats related to email. With Trustifi's Inbound Shield, Data Loss Prevention, Account Takeover Protection, and Email Encryption, clients are always one step ahead of attackers. www.trustifi.com Follow Trustifi: Twitter, LinkedIn, and Facebook.

In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity's Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.   In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board's (CSRB) report assessment of the Storm-0558 attack, the FTC's reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions.  Key takeaways:  The cybersecurity landscape is evolving rapidly with a variety of threats, from supply chain attacks to impersonation scams.  Transparency and security diligence are crucial in preventing and mitigating cyber threats.  End-user training and awareness play a significant role in enhancing overall cybersecurity posture.  Timestamps:  (05:26) - Rising Trends in Email Threats and Cybersecurity Impersonation Tactics (15:26) - The Importance of Email Security and Supply Chain Attacks in Today's Cyber Landscape (18:12) - Uncovering the Storm-0558 Breach: Analysis and Recommendations (27:33) - FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity (34:25) - Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions (40:22) - Insights on Cybersecurity Issues and Mitigations  Episode Resources:  The Full Monthly Threat Report for April 2024 Fully automated Security Awareness Training Demo 

In this episode of The Security Swarm Podcast, host Andy Syrewicze is joined by Matt Lee from Pax8 to discuss the risks associated with deploying always on remote access software on managed endpoints.   The conversation spans various topics, including Matt Lee's extensive background in the MSP space, where he shares insights gained from his experience with a mass ransomware event. Together, they explore the risks and implications of constant remote access, emphasizing the need for organizations to adopt a more proactive stance toward cybersecurity.   Key takeaways:  Embrace the journey of continuous improvement in cybersecurity practices, focusing on being reasonable and defensible rather than striving for perfection.  Follow established cybersecurity controls and be willing to adapt and improve security measures over time.  Consider the risks associated with constant remote access and prioritize security measures that reduce exposure to threats.  Take small steps towards improving cybersecurity practices and be open to learning from past failures to enhance security protocols.  Timestamps:  (11:08) - Navigating Remote Access in Highly Regulated Managed Service Provider (MSP) Environments  (14:02) - Maximizing Security with Just in Time, Just Enough Access  (17:41) – The ConnectWise ScreenConnect Vulnerability and the Importance of Communication  (26:32) – The Need for Maturity in the Cybersecurity Space  (31:10) – Don't Let Perfect be the Enemy of Good  Episode Resources:  Matt Lee  Hornetsecurity  

Lets talk about the Evolution of Email Security. We have been speaking about Email Security for years but why has it not been solved? We spoke to Abhishek Agrawal, Co-founder of Material Security about the fact that despite of decades of advancements, email security remains a critical concern, with sophisticated attacks continually bypassing traditional controls. We explored the fascinating landscape of productivity suites like Microsoft 365 and Google Workspace, underscoring their importance beyond just communication tools. What are the critical aspects of threat management, posture management, and the necessity of a focused approach towards securing this often-overlooked segment of our digital infrastructure management. Guest Socials: ⁠⁠⁠⁠⁠⁠⁠Abhishek's Linkedin Abhishek's Twitter Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions (00:00) Introduction (03:57) A bit about Abhishek (04:49) What is a Productivity Suite? (05:48) Why Email Security is still a focus in 2024? (11:43) Where to start with Productivity Suite Security? (15:03) The role of Cloud Native Tools in Productivity Suite Security (19:38) Where can security leaders start with Productivity Suite Security (24:39) Where can people learn more about Productivity Suite Security (26:44) Fun Questions

SECURITY MEASURESWhat security measures do you have in place to protect your email messages?We assume our emails are secure. But what if they're not? How do we make sure our messages stay confidential?Those are a few of the topics we'll explore with our cybersecurity expert, Stephen Jordan, when we come back.What You'll Discover About Security Measures:* Why the security measures of email addresses provided by domain name providers are not enough* 5 easy protocols you can configure right now that can improve email security measures* Where to get the biggest return on investment in adding security measures to your email* How to find a cybersecurity expert you can trust* And much more.Guest: Stephen JordanStephen has spent over 33 years providing computer related products and services to small businesses, working as a Technician, System Administrator, System Engineer, and I.T. Manager, with 30 of those years running his own business.Stephen experienced the evolution of the industry as it changed from being the sales driven computer industry, to the more balanced sales and service I.T. industry, and then to the managed services industry, and has seen many new industries created, including cybersecurity.Stephen sold his I.T. and managed services business in October of 2021 so he could just focus on matters of cybersecurity for small businesses, which brought him to start his latest business venture called Sound Cybersecurity.Related Resources:If you liked this interview, you might also enjoy our other Risk Management episodes.Contact Stephen and connect with him on LinkedIn. And check out his informative blog.Join, Rate and Review:Rating and reviewing the show helps us grow our audience and allows us to bring you more of the rich information you need to succeed from our high powered guests. Leave a review at Lovethepodcast.com/BusinessConfidential.Joining the Business Confidential Now family is easy and lets you have instant access to the latest tactics, strategies and tips to make your business more successful.Follow on your favorite podcast app here as well as on Facebook, YouTube, and LinkedIn.Download ♥ Follow ♥ Listen ♥ Learn ♥ Share ♥ Review ♥ Comment ♥ Enjoy

We're thrilled to have Jan Bakker, a seasoned Cloud Consultant with over 10 years of IT experience, joining us from the Netherlands. In this episode, Andy and Jan explore the revolutionary concept of passkeys, a technology that aims to replace traditional passwords and enhance security by providing phishing resistance. The conversation delves into the significance of passkeys and their value in improving user experience and security measures. The guys even discuss what is currently known publicly about passkeys in M365.  Key takeaways  Passkeys offer a more secure and user-friendly alternative to traditional passwords by eliminating the need for storing secrets on the server side.  Public key cryptography forms the foundation of passkeys, ensuring strong authentication without the risk of password breaches.  Passkeys provide phishing resistance and streamline the authentication process for end users, reducing the reliance on complex passwords and additional MFA steps.  While passkeys offer significant security benefits, they are not a standalone solution and should be complemented with other security measures such as phishing prevention and identity protection strategies.  Timestamps:  (00:13) - Unveiling the Power of Pass Keys in Cybersecurity with Jan Bucker  (03:47) - The Rise of MFA Bypass Kits and Adversary in the Middle Attacks  (14:55) - Unlocking the Future of Passwordless Authentication with Passkeys  (24:55) - Addressing Persistent Access in Malicious Apps and OAuth: A Call for Improved Security Practices  (29:59) - Unpacking the Importance of Phishing Resistance and Token Security in Cybersecurity  (33:01) - Enhancing Security with Passkeys and Onboarding Procedures in Public Services  Episode resources:  Passkeys Directory  Jan Bakker's website  The Security Swarm Podcast - EP24: The Danger of Malicious OAuth Apps in M365  Start your free trial of M365 Total Protection  

Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure. (00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-821

We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure. (00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained Show Notes: https://securityweekly.com/psw-821

Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the industry, like Daniel from the curl project, striking a chord with the significance of cybersecurity vulnerabilities compared to environmental pollution. We tackle the challenges of vulnerability prioritization and the importance of a comprehensive approach to managing the ever-evolving threats that target our digital infrastructure. (00:01) Security Practices and Flipper Zero (07:01) Technology and Privacy Concerns in Cars (17:33) Undersea Cables and NVD Issues (27:45) Government Oversight and Funding for Cybersecurity (33:33) Improving Vulnerability Prioritization in Cybersecurity (45:37) Risk Management and CVE Implementation (58:06) Cybersecurity Budget and Risk Management (01:10:48) Unique Challenges in Cybersecurity Industry (01:16:41) Discussion on Open Source and CNAs (01:26:44) Bluetooth Vulnerabilities and Exploits Discussed (01:39:46) Email Security and Compromised Accounts (01:46:23) Cybersecurity Threats and Vulnerabilities (01:52:06) GPU Security Vulnerabilities Explained Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-821

With a B.Sc., in Physics and Computer Science and M.Sc., in Computer Science, Face Recognition in Infrared Images, and achieving Magna Cum Laude in both, my guest on Episode 57 is a brilliant entrepreneur and the Co-Founder of revolutionary email security vendor, Avanan (Now part of Check Point Software). Hear how they put NLP and AI to work to create the world's top-rated API-based cloud email security solution. 

Join host Andy and special guest Philip Galea, R&D Manager at Hornetsecurity, as they explore insider threats within Microsoft 365. In this episode, the focus is on SharePoint Online and OneDrive for Business, shedding light on the nuances of insider threats and offering valuable insights on safeguarding against them.  Tune in for expert analysis and practical tips on fortifying your defenses and protecting your organization's sensitive data in the evolving landscape of cloud-hosted infrastructures.  Episode Resources: Effortlessly manage Microsoft 365 permissions 

In this episode, Host Ron Eddings is joined by Vishal Dixit, Co-founder & CTO at Graphus Inc., and Sven Bechmann, Senior Product Manager of Email Security at Kaseya to dig into how phishing attacks are evolving and how you can keep your business safe.   Get the ultimate email security software and stop phishing attacks that others miss! Request a demo from our friends at Graphus, today! -- and don't miss their 5-minute guide to phishing attacks and prevention.    Impactful Moments: 00:00 - Welcome 01:37 - Introducing guests Vishal & Sven 02:50 - The Current State of Phishing 06:40 - Phishing & Career Path 10:47 - From our Sponsor, Graphus Inc 12:07 - Phishing & Email Security 14:27 - “Security Is an Afterthought” 17:29 - What are Hackers Doing with AI? 23:08 - AI & Phishing Detection 31:30 - Phishing Evolution 35:30 - One Step Better…   Links: Connect with our guests: Vishal Dixit: https://www.linkedin.com/in/dixitvishal/ Sven Bechmann: https://www.linkedin.com/in/sven-bechmann-product-management/ Learn more from Graphus.ai: https://www.graphus.ai/hackervalley Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

The Hop-Ons Podcast is an Arrested Development/Twin Peaks/Community review show. Support the podcast by becoming a patron through Patreon.  Buy merchandise at our Threadless page. The Hop-Ons Podcast is produced by Nice Marmot Productions with assistance from The Cluttered Desk Podcast. If you have thoughts on this episode, we'd love to hear them! Email us at hoponspod@gmail.com or find us on Twitter @HopOnsPodcast. You can now find new episodes on our YouTube channel, The Hop-Ons Podcast, so please subscribe and leave comments!  Jon's production company, Nice Marmot Productions, has an amazing YouTube Page. Jon's podcast, Big Arms Podcast, is available here through Apple Podcasts. Jon's new podcast, Ride Along, is available here through Apple Podcasts. Jon is also on Threads @wrasslinwithbears. The Cluttered Desk Podcast is available here through Apple Podcasts, on Twitter @TheCDPodcast, and on Facebook. Colin is also on Twitter @ColinAshleyCox. We would like to thank Perry Ritter for creating the Hop-Ons logo for Season 2. You can find Perry on Twitter @pritter1492, and you can email him at thisismybourbonshop@gmail.com. Finally, we would like to thank Test Dream for providing The Hop-Ons Podcast's theme music. You can find Test Dream at their website, testdream.bandcamp.com, on Facebook, and on Twitter @testdream.

The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today's podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it's a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds.  Amidst discussions about Co-Pilot's unique features and functionalities, many wonder: How does M365 Co-Pilot differ from other LLMs, and what implications does this hold for data security and privacy? Tune in to learn more! Timestamps: (4:16) – How is Co-Pilot different from other Large Language Models?  (11:40) – How are misconfigured permissions a special danger with Co-Pilot?  (16:53) – How do M365 tenant permission get so “misconfigured”?  (21:53) – How can your organization use Co-Pilot safely?  (26:11) – How can you easily right-size your M365 permissions before enabling Co-Pilot?  Episode Resources: Paul's article on preparing for Co-Pilot Webinar with demo showcasing the theft of M365 credentials Start your free trial of M365 Total Protection Effortlessly manage your Microsoft 365 permissions  

QR Codes are used everywhere in our society, from reading restaurant menus to accessing Wi-Fi networks and authenticating payments. However, as with any technological advancement, there's a flip side. While QR codes are not malicious in their essence, the landscape has shifted in recent years.   Threat actors have evolved their tactics to exploit QR codes in various ways, posing new cybersecurity challenges. In this episode, host Andy teams up with Microsoft Certified Trainer Paul Schnackenburg to discuss the darker side of QR codes and the different ways in which threat actors are deceiving individuals.  Episode Resources: The Danger of Malicious OAuth Apps in M365 Train your users to spot malicious emails with the Security Awareness Services Demo Safeguard your users from malicious QR codes with Advanced Threat Protection  

In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft's recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.  Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.   Stay tuned for part 2!  Timestamps:  (2:55) – An Update on the Microsoft Storm-0558 Breach  (8:40) – The Microsoft Secure Future Initiative (SFI)  (12:12) – Comparison with the 2002 Trustworthy Computing Initiative Memo  (17:39) – The Trustworthiness of On-Prem vs. The Cloud  (23:04) – How Does Microsoft Want to Use AI in Security?    Episode Resources: 365TP Compliance & Awareness Free Trial EP17: On-Prem Security vs Cloud Security EP18: Generative AI in Defensive Tools EP22: Can you trust Microsoft with Security?  

Free, ungated access to all 300+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

Last week in security news: Using AWS role session tags for GitHub Actions, A summary of the Okta hack is pretty damning, IAM Roles Anywhere with an external certificate authority, and more!Links: I like this writeup of using AWS role session tags for GitHub Actions but I hate that I have to use Cognito to pull it off. This summary of the Okta hack is pretty damning. AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe  IAM Roles Anywhere with an external certificate authority  The key line from this 2018 post remains true: access to the root email and phone number is equivalent, if not more powerful, than the root password and MFA! 

In an era where global spending on cybersecurity solutions is forecasted to surpass $200 billion in 2023, and nearly $300 billion by 2026, the persistence of cyberattacks is a baffling paradox. More perplexing is the fact that phishing attacks constitute more than 90% of these cyber incursions. To dissect the reasons behind this incongruity and chart a viable way forward, I spoke with Max Gannon, Vice President of Threat Research at Cofense, a company that stands at the forefront of anti-phishing solutions. Max Gannon offers an eye-opening perspective that challenges conventional cybersecurity wisdom. He argues that the overreliance on technology to solve phishing problems is a fundamental flaw in how organizations approach security. Despite the sophistication of machine learning algorithms and threat detection systems, technology alone is unable to fully understand the human behaviors and decision-making processes that often lead to successful phishing attacks. This brings us to another pivotal point made by Max: the underestimated value of Security Awareness Training (SAT). In a digital culture where checking boxes often substitutes for comprehensive understanding, SAT programs can sometimes be reduced to a perfunctory exercise. Max emphasizes the necessity of evolving these programs into continuous educational experiences that adapt to ever-changing threat landscapes. Integrating human intelligence into cybersecurity strategy is not just an add-on; it's imperative. According to Max, human intelligence can catch the nuances and intricacies that often evade machine-led security measures. Organizations can leverage both human and machine capabilities with a more foolproof defense mechanism by having a more integrative approach. During our conversation, we also explored the current state of the cyber threat landscape, highlighting the limitations of current email security measures. Max notes that even the most advanced technologies can fall prey to sophisticated social engineering attacks, making up 98% of social engineering attacks according to some statistics. We also delved into the future of cybersecurity, examining potential strategies and solutions that organizations can adopt to stay one step ahead of increasingly inventive and aggressive cyber adversaries. This engaging dialogue with Max Gannon is a conversation and a call to organizations to rethink their cybersecurity strategies. As phishing remains a ubiquitous threat, the insights from Max offer a robust framework for reinforcing organizational cybersecurity measures. I highly recommend tuning into this enlightening discussion to learn how to fortify your defenses in an ever-volatile cyber world.

Last week in security news: When It Comes to Email Security, The Cloud You Pick Matters, Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere, How AWS threat intelligence deters threat actors, and more!Links: When It Comes to Email Security, The Cloud You Pick Matters Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere Get the full benefits of IMDSv2 and disable IMDSv1 across your AWS infrastructure  How AWS threat intelligence deters threat actors Overhauling AWS Account Access with Terraform

In this episode of Cut to the Chase: Podcast [Hosted by Gregg Goldfarb], Jonathan Singer explores the importance of protecting digital assets and the role of cyber liability insurance in mitigating the risks associated with cyber threats. He highlights the recent increase in cyber-attacks on law firms and emphasizes the need for companies to prioritize cybersecurity. Jonathan discusses the vulnerabilities exploited by hackers, such as sight challenges and hearing issues, and the assistance features built into web programs to aid individuals with disabilities. He also emphasizes the need for small businesses to invest in cyber liability insurance, as ransomware attacks and data breaches pose significant risks. Jonathan shares a personal experience of a cyber attack and how cyber liability insurance could have provided relief during the ordeal. So, Let's Cut to the Chase! Here are 10 Key Takeaways you will hear from Gregg and Jonathan's Conversation: Digital assets, including personal identifiable information, must be protected from cyber threats. Cyber liability insurance can assist businesses in handling the financial and negotiation aspects of a cyber attack. Companies need to prioritize cybersecurity, regardless of their size or industry. Remote work has increased the importance of personal computer and email security. Small businesses should consider investing in cyber liability insurance to protect against ransomware attacks and data breaches. Compliance and proactive measures are crucial to prevent reactive situations and minimize cyber risks. Cyber liability insurance coverage is evolving to address emerging cyber threats. The healthcare industry and public entities face complex challenges related to cyber threats. Cyber liability insurance negotiates ransom payments and provides relief during cyber attacks. The constant evolution of cyber threats requires continuous awareness and preparedness. Thank you, Jonathan Singer, for sharing your expertise on cyber liability insurance and the evolving cyber threat landscape. As businesses navigate the digital realm, it is essential to prioritize cybersecurity and consider the benefits of protection through cyber liability insurance.  

In this episode of Email After Hours, spam slayer extraordinaire Sridhar Chandran, Anti-spam Consultant at the Spamhaus Project, shares the secrets to staying on Spamhaus' good side. He'll cover the importance of consent, best practices, and proper list management to maintain a good reputation. Plus, he'll reveal emerging trends in the online threat landscape, like subscription bombing and the use of AI in email.

This week, Jess and Josh chat about Season 6 Episode 6, "Basic Email Security," with special guest, Chloe.

Traffers and the threat to credentials. A newly discovered WiFi protocol flaw. Cross-chain bridge attacks. A shift in Russian cyber operations. Ann Johnson from Afternoon Cyber Tea chats with EY principal Adam Malone. Our guest is Toni Buhrke from Mimecast with a look at the State of Email Security. And is piracy patriotic? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/60 Selected reading. Traffers and the growing threat against credentials (Outpost24 blog)  WiFi protocol flaw allows attackers to hijack network traffic (BleepingComputer)  Cross-chain bridge attacks. (CyberWire)  2023 Annual State of Email Security Report (Cofense) From Ukraine to the whole of Europe:cyber conflict reaches a turning point (Thales Group)  Russia Ramps Up Cyberattacks On Ukraine Allies: Analysts (Barron's)  Pro-Russian hackers shift focus from Ukraine to EU countries (Radio Sweden)  Russian hackers attack Slovak governmental websites after country supplies Mig-29s to Ukraine (Ukrainska Pravda) Ukraine's Defense Ministry says Russia is encouraging online piracy (The Jerusalem Post)