POPULARITY
6 episodes with microsoft digital defense report
2 episodes with microsoft digital defense report
2 episodes with microsoft digital defense report
Amy Hogan-Burney, Corporate Vice President of Customer Trust and Security at Microsoft joins Ann on this week's episode of Afternoon Cyber Tea to discuss her unexpected journey into cybersecurity, Microsoft's evolving approach to combating global cybercrime, and the importance of collaboration across the private and public sectors. She reflects on lessons from the latest Microsoft Digital Defense Report, the growing impact of AI on security, and the challenges of regulatory complexity. Amy also shares insights on cyber diplomacy, building strong legal-technical partnerships, and the career advice that's guided her path all while remaining optimistic about the future of cybersecurity. Resources: View Amy Hogan-Burney on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of N2K media network.
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft's Digital Defense Report for 2025. The conversation delves into the critical issues surrounding identity attacks, particularly focusing on the vulnerabilities associated with weak passwords. Andy highlights the prevalence of password spraying in identity attacks and discusses the ClickFix social engineering method, which tricks users into executing malicious commands. The discussion further explores the implications of fileless malware, emphasizing its stealthy nature and the challenges it poses to traditional security measures.----------------------------------------------------YouTube Video Link: https://youtu.be/C4GL-Vmo_8w----------------------------------------------------Documentation:https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/Full Report: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf#page=1Government Executive Summary: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/MDDR-2025-Government-Executive-Summary.pdf#page=1CISO Executive Summary: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/bade/documents/products-and-services/en-us/security/CISO-Executive-Summary-MDDR-2025.pdf----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
This week, we review the Microsoft Digital Defense report 2025. We did the same for 2024 and 2023, so this time we'll look at what's interesting in the report and what to focus on from a security perspective.(00:00) - Intro and catching up.(03:40) - Show content starts.Show links- Microsoft Digital Defense Report 2025- Ctrl+Alt+Azure: Episode 275: Microsoft Digital Defense Report 2024- Ctrl+Alt+Azure: Episode 210: Microsoft Digital Defense Report 2023- HackTheBox- Give us feedback!
När botvirus på mammans dator blir startskottet för en karriär inom cybersäkerhet. I detta avsnitt möter Johan Microsofts National Security Officer för Sverige – Sandra Elvin – en av landets mest inflytelserika röster inom digitalt försvar.De går på djupet i hur cyberkriminalitet, statliga aktörer och AI smälter samman till en ny typ av digitalt slagfält. Sandra delar insikter från Microsoft Digital Defense Report 2025, förklarar varför Zero Trust är mer än ett modeord, och varför säkerhet handlar lika mycket om människor och processer som om teknik.Du får höra varför data är den nya oljan, hur AI används av både försvarare och angripare och varför kvantdatorer redan idag påverkar hur vi bygger framtidens skydd.Ett avsnitt för dig som vill förstå det verkliga säkerhetsläget – bortom rubrikerna – och hur Sverige och Microsoft tillsammans försöker hålla världen snurrande även under attack.Kapitel:00:00 Introduktion till Sandra Elvin och ämnet00:11 Sandras resa in i säkerhetsbranschen01:20 Roll och ansvar som National Security Officer04:23 Microsofts arbete med digitalt skydd09:36 Insikter från Microsoft Digital Defense Report13:22 Utmaningar och strategier för att möta hoten online19:16 AI och kvantdatorers påverkan på framtidens skydd27:46 Hur organisationer kan stärka sitt försvar33:13 Avslutande tankar och råd till nästa generationResurser:Microsoft Digital Defense Report 2025Microsoft Security BlogConnecta på LinkedIn:Sandra Elvin | LinkedInJohan WallquistAdam Palm Hosted on Acast. See acast.com/privacy for more information.
A foreign threat actor breached a key U.S. nuclear weapons manufacturing site. The cyberattack on Jaguar Land Rover is the most financially damaging cyber incident in UK history. A new report from Microsoft' warns that AI is reshaping cybersecurity at an unprecedented pace. The ToolShell vulnerability fuels Chinese cyber operations across four continents. Fake browser updates are spreading RansomHub, LockBit, and data-stealing malware. Hackers deface LA Metro bus stop displays. A Spyware developer is warned by Apple of a mercenary spyware attack. Pwn2Own payouts proceed. Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. When the cloud goes down, beds heat up. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies on a Federal Whistle Blower from the SSA. If you enjoyed Ben's conversation, be sure to check out more from him over on the Caveat Podcast. 2025 Microsoft Digital Defense Report To learn more about the 2025 Microsoft Digital Defense Report, join our partners on The Microsoft Threat Intelligence Podcast. On today's episode, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks. You can listen to new episodes of The Microsoft Threat Intelligence Podcast every other Wednesday on your favorite podcast app. Selected Reading Foreign hackers breached a US nuclear weapons plant via SharePoint flaws (CSO Online) JLR hack is costliest cyber attack in UK history, say analysts (BBC) Microsoft 2025 digital defense report flags rising AI-driven threats, forces rethink of traditional defenses (Industrial Cyber) The New Frontlines of Cybersecurity: Lessons from the 2025 Digital Defense Report (The Microsoft Threat Intelligence Podcast) Sharepoint ToolShell attacks targeted orgs across four continents (Bleeping Computer) SocGholish Malware Using Compromised Sites to gDeliver Ransomware (Hackread) LA Metro digital signs taken over by hackers (KTLA) Apple alerts exploit developer that his iPhone was targeted with government spyware (TechCrunch) Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 (SecurityWeek) AWS crash causes $2,000 Smart Beds to overheat and get stuck upright (Dexerto) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Chloé Messdaghi and Crane Hassold to unpack the key findings of the 2025 Microsoft Digital Defense Report; a comprehensive look at how the cyber threat landscape is accelerating through AI, automation, and industrialized criminal networks. They explore how nation-state operations and cybercrime have fused into a continuous cycle of attack and adaptation, with actors sharing tooling, infrastructure, and even business models. The conversation also examines AI's growing impact, from deepfakes and influence operations to the defensive promise of AI-powered detection, and how identity compromise has become the front door to most intrusions, accounting for over 99% of observed attacks. Listeners will gain perspective on: How AI is shaping both attacker tradecraft and defensive response. Why identity remains the cornerstone of global cyber risk. What Microsoft's telemetry—spanning 600 million daily attacks—reveals about emerging threats and evolving defender strategies. Questions explored: How are threat actors using AI to scale deception and influence operations? What does industrialized cybercrime mean for organizations trying to defend at scale? How can defenders harness AI responsibly without overreliance or exposure? Resources: Download the report and executive summary Register for Microsoft Ignite View Chloé Messdaghi on LinkedIn View Crane Hassold on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
This week, we review the Microsoft Digital Defense report 2024. We did the same previously for 2023, so this time, we'll look at what's interesting in the report and what to focus on with security. Also, Tobi asks Jussi an unexpected question.(00:00) - Intro and catching up.(03:30) - Show content starts.Show links- Microsoft Digital Defense Report 2024- Microsoft blog: Escalating cyber threats- Give us feedback!
Security experts often say there are two kinds of companies. “There are those companies that have been hacked, and those that don't know that they are being hacked – especially when we look at the energy industry,” says Bilal Khursheed executive director of Microsoft's global power & utilities business. Khursheed works with companies to deploy digital technologies to speed up the clean energy transition. And he also focuses heavily on a threat that could derail the transition – cyber attacks. There are two reasons for this. One is the rise of internet-connected devices. There are now 15 billion IOT devices connected around the world, with a huge number of them on power grids. The other reason is sophistication. More attacks are now coming from organized groups, many of them with political motivations. “These aren't just your random hackers. These are highly sophisticated James Bond villain types that are targeting our energy systems,” explains Khursheed. In this episode, produced in partnership with Microsoft, Bilal Khursheed talks with Stephen Lacey about the evolution of cybersecurity threats in energy. They discuss how the threats are changing, their consequences for critical infrastructure, and how solutions are improving in the age of AI. This episode was produced in partnership with Microsoft. After listening to the podcast, you can read about how to navigate NERC CIP compliance in the cloud, learn how energy firms around the world partner with Microsoft on security, and dig into the 2024 Microsoft Digital Defense Report.
Årets upplaga av Microsoft Digital Defense Report är ute. Vi pratar med vår säkerhetsexpert Oscar Kjellgren om innehållet och vilka cyberhot som är snabbast växande just nu. Och hur skiljer sig hoten åt beroende vilket land dom kommer från? https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024 Hosted on Acast. See acast.com/privacy for more information.
Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting duties to Kevin Magee, the Global Director of Cybersecurity Startups at Microsoft to discuss Cyber-entrepreneurship in the age of CyberAI. For a complete reading list and even more information, check out Rick's more detailed essay on the topic. References: Andrew McCarty, Emma Eschweiler, Natalie Fratto, Andrew Pardo, Jake Ledbetter, 2024. The Rise of CyberAI [Analysis]. Silicon Valley Bank. Camille Périssère, 2024. 2024 cybersecurity market trends [Analysis]. AXA Venture Partners. Jeffrey Grabow, 2024. AI continues to drive venture capital activity [Analysis]. EY. Kaloyan Andonov, 2024. Energy companies increase investment in cybersecurity startups [Analysis]. Global Corporate Venturing. Staff, 2024. Cybersecurity Market Size, Share, Analysis Analysis]. Fortune Business Insights. Staff, 2024. RBC FinSec Incubator [Analysis]. Rogers Cybersecure Catalyst. Staff, 2024. Microsoft Digital Defense Report 2024 [White Paper]. Microsoft. Steve Morgan, 2022. Cybercrime To Cost The World 8 Trillion Annually In 2023 [Analysis]. Cybercrime Magazine. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, we dive deep into the newly released Microsoft Digital Defense Report 2024, which offers a comprehensive look at the latest trends in the global cybersecurity landscape. From evolving cyber threats and attack strategies to Microsoft's analysis of the most vulnerable sectors, we break down the key findings and what they mean for businesses, governments, and cybersecurity professionals. Join us as we discuss how threat actors are leveraging new technologies, the role of AI in defense strategies, and what steps organizations can take to bolster their cyber resilience. Whether you're an IT professional or just passionate about cybersecurity, this episode will give you critical insights into defending against tomorrow's threats, today.Microsoft Digital Defense Report 2024Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Microsoft gives an update on the nature of cyber threats facing users every single day. Learn more about your ad choices. Visit megaphone.fm/adchoices
On this week's show Patrick Gray and Adam Boileau discuss the week's infosec news, including: Chinese spooks all up in western telco lawful intercept Jerks ruin the Internet Archive's day Microsoft drops a great report with a bad chart The feds make their own crypto currency and get it pumped Forti-, Palo- and Ivanti-fail And much, much more. This week's episode is sponsored by detection-as-code vendor Panther. Casey Hill, Panther's Director Product Management joins to discuss why the old “just bung it all in a data lake and… ???… “ approach hasn't worked out, and what smart teams do to handle their logs. This episode is also available on [Youtube].(https://youtu.be/86zy6DcwtbE) Show notes White House forms emergency team to deal with China espionage hack - The Washington Post DDoS attacks on Internet Archive continue after data breach impacting 31 million Microsoft Digital Defense Report 2024 Ransomware encryption down amid surge of attacks, Microsoft says | CyberScoop Russian court websites down after breach claimed by pro-Ukraine hackers Ukrainian anti-corruption agency reportedly finds no violations in disclosures of top cyber official Trump campaign turns to secure hardware after hacking incident | Reuters FBI creates its own crypto token to nab suspects in alleged fraud scheme District of Massachusetts | Eighteen Individuals and Entities Charged in International Operation Targeting Widespread Fraud and Manipulation in the Cryptocurrency Markets | United States Department of Justice Critical CVE in 4 Fortinet products actively exploited | Cybersecurity Dive Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024 Palo Alto Expedition: From N-Day to Full Compromise Ivanti up against another attack spree as hackers target its endpoint manager | Cybersecurity Dive 1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies · GitHub Recently-patched Firefox bug exploited against Tor browser users Two never-before-seen tools, from same group, infect air-gapped devices - Ars Technica A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security Opinion | The Cyber Sleuth - Washington Post
Microsoft's Digital Defense Report for 2023 provides insights into the state of cybercrime, critical cybersecurity challenges, and the importance of IoT and OT security. The report highlights Microsoft's investment in security research and innovation, as well as the need for partnerships and collaboration in the cybersecurity community. Key takeaways include the importance of multi-factor authentication, zero trust principles, and vulnerability management. The report also emphasizes the need for comprehensive OT patch management systems and the use of AI-powered security tools and large language models. In this conversation, Adam Brewer and Andy Jaw discuss the capabilities of large language models (LLMs) and their potential applications in cybersecurity. They highlight how LLMs can synthesize and understand human language, making them valuable tools for security analysts. The conversation also touches on the importance of the Digital Defense Report, which provides comprehensive insights into cybercrime and IoT/OT security. The hosts encourage listeners to explore the report for a deeper understanding of the current threat landscape. The episode concludes with closing remarks and well wishes for the holiday season. Takeaways * Invest in multi-factor authentication and zero trust principles for enhanced security. * Implement robust network monitoring and vulnerability management for IoT and OT devices. * Maintain comprehensive OT patch management systems to mitigate risks. * Utilize AI-powered security tools and large language models for threat intelligence and incident response. ------------------------------------------- Youtube Video Link: https://youtu.be/dZtD3dspMLA ------------------------------------------- Documentation: https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
Free, ungated access to all 295+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to
Almost half of organisations in Ireland have encountered cyber incidents (46%), while 1 in 5 have suffered resulting financial loss, according to new research released by Microsoft Ireland. Organisations in Ireland have maintained their spend on IT security protections and on building strong cybersecurity resilience, while providing regular training internally (57%). However, more than a quarter of organisations (26%) have indicated they won't be investing in their IT security infrastructure in the coming year, despite the increasing number and intensity of cyber threats. The study, carried out by Amárach Research among 200 top decision-makers across all industry sectors in Ireland, investigated the prevalence and nature of cyber incidents, as well as organisational preparedness for significant EU cybersecurity legislation - namely NIS2 - which is coming into effect in October 2024. While it is positive to see the continued investment in cybersecurity and in training employees over the last three years, the research points to a sense of complacency setting in, with many claiming to have no plan to invest in cybersecurity in the coming year. Just 44% of organisations have risk assessments to identify vulnerabilities, while only 38% have a multi-layered strategy that includes prevention, detection, and response and recovery. Only 31% have a practiced IT continuity plan in place, with training and drilling. Added to this is the fact that many leaders in Ireland are unaware of recent EU legislation, NIS2 which directly affects both multi-national organisations and large swathes of the SME sector in Ireland. Just one quarter (25%) of respondents were aware of the legislation, and of those, 31% have indicated they have an investment plan for their IT strategy to ensure compliance. With increases in cyber-attacks that have greater sophistication and intensity, the report by Microsoft calls on leaders to not be complacent. It states that in just two years, the number of password attacks detected by Microsoft globally had risen from 579 per second to more than 4,000 per second (Microsoft Digital Defense Report 2023). Also according to the Microsoft Digital Defense Report, 80-90% of all compromises originate through unmanaged devices. In Ireland, we can see from our research that just 14% of organisations are currently using AI technology as part of their cybersecurity strategy. However, 30% of leaders in Ireland say they are unsure if they are in fact using AI technologies for their security defence. Microsoft Ireland National Technology Officer Kieran McCorry said: "Every day, Irish organisations are susceptible to and vulnerable to attack - as is evidenced by this latest piece of research. What is clear from this study is that cyber defences in Ireland are being compromised by the lack of a comprehensive cyber defence strategy, that is lived and owned by all decision-makers within organisations. "While it is positive to see that organisations are adopting training and cyber defence skills, true resilience requires continuous focus and investment in multi-layered strategic processes such as risk assessments and continuity planning. New EU laws such as NIS2 have been introduced to fast track such cyber defences across EU countries and it is imperative that Irish organisations are aware of and investing in the right infrastructure to ensure compliance. "Equally, it is clear from the research that executives in Ireland should be prioritising protection rather than managing their security reactively when an attack hits. Leaders can use new technologies to provide end-to-end security, while also weaving security into the fabric of everything they do, with a collective responsibility across all roles within the organisation." See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subsc...
MONEY FM 89.3 - Prime Time with Howie Lim, Bernard Lim & Finance Presenter JP Ong
According to Microsoft's fourth annual Digital Defense Report, in the past year, cyberattacks have touched 120 countries, fueled by government-sponsored spying and with influence operations (IO) also rising. Dennis Chung, Chief Security Officer, Microsoft Singapore shares more with us the findings from this report and the company's role in fighting cyber criminals. See omnystudio.com/listener for privacy information.
In this episode, we delve into the annual Microsoft Digital Defense Report, the 2023 edition. We dive into some of the findings and reflect a bit on what this means. Some surprises here, but also some known threat angles.(00:00) - Intro and catching up.(02:40) - Community highlights.(04:07) - Show content starts.Community Highlights- Gregor Reimling: The new Azure Update Center is GA Part 1 – three big reasons to migrate to Update Center and forget the classic Update Management Center Show links- Microsoft Digital Defense Report 2023 (Microsoft)- What is the Cybercrime Atlas? (Tobias Zimmergren)- Give us feedback!
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 35 · TOP 3% what is this?)Episode: A look at a Whole-of-State cybersecurity strategy.Pub date: 2023-10-18Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos' Director of Intelligence Services.Control Loop News Brief.Microsoft on the state of OT security.Microsoft Digital Defense Report 2023 (Microsoft)Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus)Zero-days affect industrial routers.10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos)Israeli and Palestinian hacktivists target ICS.Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews)Coinmining as an (alleged, potential) front for espionage or stage for sabotage.Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times)EPA withdraws water system cybersecurity memorandum.EPA withdraws cyber audit requirement for water systems (Nextgov)Colonial Pipeline says new ransomware claims are due to unrelated third-party breach.Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta)Colonial Pipeline attributes ransomware claims to ‘unrelated' third-party data breach (The Record)Most organizations are struggling with IoT security.New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor)Ransomware attack on Clorox.Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg)Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal)CISA views China as the top threat to US critical infrastructure.China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive)Improving security for open-source ICS software.Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA)CISA's ICS advisories.Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA)CISA Releases Nineteen Industrial Control Systems Advisories (CISA)Control Loop Interview.Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos' Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: A look at a Whole-of-State cybersecurity strategy.Pub date: 2023-10-18Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos' Director of Intelligence Services.Control Loop News Brief.Microsoft on the state of OT security.Microsoft Digital Defense Report 2023 (Microsoft)Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus)Zero-days affect industrial routers.10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos)Israeli and Palestinian hacktivists target ICS.Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews)Coinmining as an (alleged, potential) front for espionage or stage for sabotage.Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times)EPA withdraws water system cybersecurity memorandum.EPA withdraws cyber audit requirement for water systems (Nextgov)Colonial Pipeline says new ransomware claims are due to unrelated third-party breach.Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta)Colonial Pipeline attributes ransomware claims to ‘unrelated' third-party data breach (The Record)Most organizations are struggling with IoT security.New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor)Ransomware attack on Clorox.Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg)Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal)CISA views China as the top threat to US critical infrastructure.China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive)Improving security for open-source ICS software.Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA)CISA's ICS advisories.Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA)CISA Releases Nineteen Industrial Control Systems Advisories (CISA)Control Loop Interview.Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos' Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Microsoft on the state of OT security. Israeli and Palestinian hacktivists target ICS. Coinmining as an (alleged, potential) front for espionage or stage for sabotage. EPA withdraws water system cybersecurity memorandum. Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Most organizations are struggling with IoT security. CISA views China as the top threat to US critical infrastructure. Improving security for open-source ICS software. CISA ICS advisories. Guest Kuldip Mohanty, CIO of North Dakota, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Kuldip shares how critical infrastructure is treated within the "Whole-of-State” cybersecurity strategy his team implements in North Dakota. On the Learning Lab, Mark Urban shares the first part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos' Director of Intelligence Services. Control Loop News Brief. Microsoft on the state of OT security. Microsoft Digital Defense Report 2023 (Microsoft) Microsoft Digital Defense Report: Behind the Scenes Creating OT Vulnerabilities (aDolus) Zero-days affect industrial routers. 10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows (Cisco Talos) Israeli and Palestinian hacktivists target ICS. Hacktivists in Palestine and Israel after SCADA and other industrial control systems (Cybernews) Coinmining as an (alleged, potential) front for espionage or stage for sabotage. Across U.S., Chinese Bitcoin Mines Draw National Security Scrutiny (The New York Times) EPA withdraws water system cybersecurity memorandum. EPA withdraws cyber audit requirement for water systems (Nextgov) Colonial Pipeline says new ransomware claims are due to unrelated third-party breach. Reports of second cyberattack on Colonial Pipeline false, company says (Fox 5 Atlanta) Colonial Pipeline attributes ransomware claims to ‘unrelated' third-party data breach (The Record) Most organizations are struggling with IoT security. New Global Survey Reveals 97% of Organizations Face Challenges Securing IoT and Connected Devices (Keyfactor) Ransomware attack on Clorox. Clorox Security Breach Linked to Group Behind Casino Hacks (Bloomberg) Clorox Warns of a Sales Mess After Cyberattack (The Wall Street Journal) CISA views China as the top threat to US critical infrastructure. China is top cyber threat to US utilities, other critical infrastructure: CISA (Utility Dive) Improving security for open-source ICS software. Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (CISA) CISA's ICS advisories. Mitsubishi Electric MELSEC-Q Series PLCs (Update A) (CISA) CISA Releases Nineteen Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Kuldip Mohanty, CIO of North Dakota, discussing how critical infrastructure is treated within the “whole of state” security strategy used in North Dakota. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos' Director of Intelligence Services, Paul Lukoskie, to examine cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Airlock Digital founders Daniel Schell and David Cottingham about the recent Microsoft Digital Defense Report and the problems that come with trying to properly secure PowerShell. Show notes Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider Resources for deprecated features in the Windows client - What's new in Windows | Microsoft Learn The evolution of Windows authentication | Windows IT Pro Blog Is Securing PowerShell a Lost Cause? - by Allan Liska
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
Steve announces the release of his new freeware utility ValiDrive for detecting fake drive capacities. 23andMe claims a recent data breach exposed customer info due to credential stuffing attacks. Key stats from Microsoft's 2023 Digital Defense Report on cyberattacks, including increased attacks on open source software, growth in business email compromise, and more password attacks. Brave lays off 9% of its staff amid the tough economic climate, despite its efforts to diversify revenue with new search features. Google Docs exports replace links with tracking redirects, enabling Google to monitor clicked links from exported documents. The MOVEit breach impacted Sony, exposing employee and family data. Firefox 118 now supports Encrypted ClientHello for hiding site requests from network surveillance. Google will provide 7 years of updates for its new Pixel phones, up from 5 years previously. The MACE Act passed overwhelmingly in Congress, allowing agencies more flexibility in cybersecurity hiring. Median dwell time for ransomware dropped to less than 1 day, with human-driven attacks deploying it faster. Steve digs into the top 10 cybersecurity misconfigurations outlined in the new NSA/CISA advisory. Show notes: https://www.grc.com/sn/SN-943-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT drata.com/twit lookout.com
[Referências do Episódio] - Microsoft Digital Defense Report 2023 - https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023 - ANDROID DEVICES SHIPPED WITH BACKDOORED FIRMWARE AS PART OF THE BADBOX NETWORK - https://securityaffairs.com/152124/malware/badbox-network-backdoored-firmware.html - Record $7 billion in crypto laundered through cross-chain services - https://www.elliptic.co/blog/record-7-billion-in-crypto-laundered-through-cross-chain-services - ANNOUNCING THE $12K NIST ELLIPTIC CURVES SEEDS BOUNTY - https://words.filippo.io/dispatches/seeds-bounty/ Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
Special Thanks to our podcast sponsor, Cymulate. On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face: Cyber threats evolve on a daily basis and this constant threat to our environment appears to be only accelerating The level of vulnerabilities today is 30x what it was 10 years ago. We have more IT infrastructure, complexity, and developers in our current environment. In the pursuit of digital innovation, we are changing our IT infrastructure by the hour. For Example: Infrastructure as Code capabilities (Chef, Puppet, Terraform, etc.) allow developers to deploy faster and create more opportunities for misconfigured code at scale. Breach and Attack Simulation tooling address these 3 digital challenges by focusing on Breach Attack Simulation, Vulnerability Prioritization, & Threat Exposure Management. This combined approach allows a cyber organization to ensure its security is fully optimized and its risk exposure is minimized. Key benefits of adopting Breach and Attack Simulation software include: Managing organizational cyber-risk end to end Rationalizing security spend Prioritizing mitigations based on validated risks Protecting against the latest threats in near real-time Preventing environmental drift Welcome back listeners and thank you for continuing your education in CISO Tradecraft. Today we are excited to share with you a great episode focused on Breach and Attack Simulation software. To begin we will provide a solid background on Breach and Attack Simulation then we are going to bring on our special guest Dave Klein who will give us the pro tips that help CISOs maximize the value from Breach and Attack Simulation Software. Starting from the beginning. What is Breach and Attack Simulation software and why is this needed? At the end of the day most companies are not on an island. They need to connect to clients, partners, and vendors. They need the ability for employees to visit websites. They need to host public facing websites to sell products and services. Each of these activities result in creating organizational assets such as IT equipment that has internet connectivity. Now internet connectivity isn't a bad thing. Remember internet connectivity allows companies to generate income which allows the organization to exist. This income goes to funding expenses like the cyber organization so that is a good thing. If bad actors with the intent and capability to cause your company harm can find your company's internet connected assets which have vulnerabilities, then you have a risk to your organization. So enter vulnerability assessment and penetration testing tools that companies can buy to identify and address this risk. Now sometimes you will hear the terms Cyber Asset Attack Surface Management or (CAASM). It's also commonly referred to as continuous threat exposure management. Essentially these two categories of tools are the latest evolution of vulnerability management tooling that have the additional benefit of ingesting data from multiple sources. Essentially they are designed to address key questions such as: How do we get an inventory of what we have? How do we know our vulnerabilities? and How do we know which vulnerabilities might be exploited by threat actors? Now if you want to take this line of questioning one step further, then you should consider adopting Breach and Attack Simulation software. Note Breach and Attack Simulation software overlaps with many of the CAASM capabilities, but it does something unique. Breach and Attack Simulation software allows you to pose as bad actors on your network and perform red team exercises. Essentially you learn how bad actors can bypass your cyber tooling and safeguards. This means you go from knowing where you are vulnerable to actually seeing how well your incident response activities perform. Example if I can take a normal user's laptop and spawn a Powershell Script or run a tool like MimiKatz to gain Domain Admin level privileges, then I want to know if the Cyber Security Incident Response team was alerted to that activity. I also want to know if the Incident Response team blocked or disabled this account in a timely manner. According to the 2022 Microsoft Digital Defense Report the median time it takes for an attacker to access your private data if you fall victim to a phishing email is 1 hour 12 minutes. The report also stated that the median time for an attacker to begin moving laterally within your corporate network once a device is compromised is 1 hour 42 minutes. Remember the difference to responding to these attacks in minutes vs hours can be the difference between how much files get encrypted when ransomware actors get into your environment. Another thing that CISOs need to ensure is that vulnerabilities get fixed. How do you test that? You have to replay the attack. You can think of fire drills as the comparison. If an organization only did one fire drill every 24 months, then chances are the company's time to exit the building isn't going to decrease all that much. It's likely to stay the same. Now if an organization does 8-12 fire drills over the course of 24 months, then you would generally see a good decrease in departure times as people get familiar with knowing how to leave the building in a timely fashion. The good thing on Breach and Attack Simulation tools is they have the ability to replay numerous attacks with the click of a button. This can save your penetration testing team hours over manual exploitation activities which would have to be repeated to confirm successful patches and mitigations. If we look at Breach and Attack Simulation software the tools have typically come in two flavors. One is an agent based approach. Example. A company might install an attack agent on a laptop inside the corporate environment that runs Data Loss Protection software. The attack agent might look at how much data it can exfiltrate which is not stopped by the DLP tool. The attack agent could also run similar attacks with how much malware the Antivirus detects, how much sensitive email it send outside the company despite there being an email protection solution. These attack agents can also be placed on servers to determine how effective web applications firewalls are at stopping attacks. Essentially having an attack agent on the internal side of a trusted network and one on the outside allows an organization to evaluate the effectiveness of various cyber tools. Now there's a few concerns with this type of approach. One, companies don't want to add more agents across their network because it steals critical system resources and makes things slower. Two, the time it takes to install and test agents means the value you can get out of these tools is delayed because cyber needs approvals from the desktop team, the network team, the firewall team, etc. before these solutions can be deployed. Three, by having an agent you don't always truly simulate what an attacker would do since you don't have to live off the land and gain permissions the attacker did. Your agent may not be know to antivirus or EDR tools, but using windows libraries to gain access does. Now let's compare this with an agentless approach. This approach is quite popular since labs where agents are run don't always look like a production environment. Example they lack the amount of traffic, don't possess the same amount of production data, or contain last month's versions of software. Here attacker software may start with the premise what happens if someone from the Accounting Team opens an Excel document containing a malicious macro. Let's see how we can automate an attack after that initial compromise step occurs. Then let's walk through every attack identified by the Mitre Attack Framework and see what gets caught and what doesn't. The tooling can then look at the technical safeguards in the organization that should have been applied and provide recommendations on how to increase their effectiveness. This might be something simple like adding a Windows Group Policy to stop an attack. Also breach and attack simulation tools can provide alerting recommendations to the SIEM that help identify when an endpoint attack occurred. Example: Instead of knowing that bad actors can run an attack, the Breach and Attack Simulation software actually gives you the Splunk Signature that your SOC team can leverage. That's a great add to minimize the amount of time to improve your alerting capabilities. Now when the breach and attack simulation software replays attacks each month, cyber leadership can look at how fast the Incident Response team detected and remediated the attack. It might be as simple as we stopped this attack before it could happen by applying the new Windows Group Policy or it took the team 4 hours to determine XYZ account had been taken over. These metrics allow you to know how well your Response plans work. So you get the value of a penetration test with the automation & scaling of vulnerability management tools. What's even more impressive is how these tools are evolving to meet the larger mission of cyber organizations. Example: Most Financial and Health Care organizations have to demonstrate evidence that IT controls are working effectively. Generally this is a manual process done in the Governance Risk and Compliance (GRC) team within a cyber organization. GRC teams have to ask developers to provide evidence to various IT controls such as are you monitoring and alerting to privilege activity. Now imagine if you had an automated tool that showed evidence that monitoring tools are installed on 99% of endpoints and these tools actually stopped various MITRE attacks immediately. That evidence would minimize the data call which takes time from the developer teams.
Special Thanks to our podcast sponsor, Cymulate. On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face: Cyber threats evolve on a daily basis and this constant threat to our environment appears to be only accelerating The level of vulnerabilities today is 30x what it was 10 years ago. We have more IT infrastructure, complexity, and developers in our current environment. In the pursuit of digital innovation, we are changing our IT infrastructure by the hour. For Example: Infrastructure as Code capabilities (Chef, Puppet, Terraform, etc.) allow developers to deploy faster and create more opportunities for misconfigured code at scale. Breach and Attack Simulation tooling address these 3 digital challenges by focusing on Breach Attack Simulation, Vulnerability Prioritization, & Threat Exposure Management. This combined approach allows a cyber organization to ensure its security is fully optimized and its risk exposure is minimized. Key benefits of adopting Breach and Attack Simulation software include: Managing organizational cyber-risk end to end Rationalizing security spend Prioritizing mitigations based on validated risks Protecting against the latest threats in near real-time Preventing environmental drift Welcome back listeners and thank you for continuing your education in CISO Tradecraft. Today we are excited to share with you a great episode focused on Breach and Attack Simulation software. To begin we will provide a solid background on Breach and Attack Simulation then we are going to bring on our special guest Dave Klein who will give us the pro tips that help CISOs maximize the value from Breach and Attack Simulation Software. Starting from the beginning. What is Breach and Attack Simulation software and why is this needed? At the end of the day most companies are not on an island. They need to connect to clients, partners, and vendors. They need the ability for employees to visit websites. They need to host public facing websites to sell products and services. Each of these activities result in creating organizational assets such as IT equipment that has internet connectivity. Now internet connectivity isn't a bad thing. Remember internet connectivity allows companies to generate income which allows the organization to exist. This income goes to funding expenses like the cyber organization so that is a good thing. If bad actors with the intent and capability to cause your company harm can find your company's internet connected assets which have vulnerabilities, then you have a risk to your organization. So enter vulnerability assessment and penetration testing tools that companies can buy to identify and address this risk. Now sometimes you will hear the terms Cyber Asset Attack Surface Management or (CAASM). It's also commonly referred to as continuous threat exposure management. Essentially these two categories of tools are the latest evolution of vulnerability management tooling that have the additional benefit of ingesting data from multiple sources. Essentially they are designed to address key questions such as: How do we get an inventory of what we have? How do we know our vulnerabilities? and How do we know which vulnerabilities might be exploited by threat actors? Now if you want to take this line of questioning one step further, then you should consider adopting Breach and Attack Simulation software. Note Breach and Attack Simulation software overlaps with many of the CAASM capabilities, but it does something unique. Breach and Attack Simulation software allows you to pose as bad actors on your network and perform red team exercises. Essentially you learn how bad actors can bypass your cyber tooling and safeguards. This means you go from knowing where you are vulnerable to actually seeing how well your incident response activities perform. Example if I can take a normal user's laptop and spawn a Powershell Script or run a tool like MimiKatz to gain Domain Admin level privileges, then I want to know if the Cyber Security Incident Response team was alerted to that activity. I also want to know if the Incident Response team blocked or disabled this account in a timely manner. According to the 2022 Microsoft Digital Defense Report the median time it takes for an attacker to access your private data if you fall victim to a phishing email is 1 hour 12 minutes. The report also stated that the median time for an attacker to begin moving laterally within your corporate network once a device is compromised is 1 hour 42 minutes. Remember the difference to responding to these attacks in minutes vs hours can be the difference between how much files get encrypted when ransomware actors get into your environment. Another thing that CISOs need to ensure is that vulnerabilities get fixed. How do you test that? You have to replay the attack. You can think of fire drills as the comparison. If an organization only did one fire drill every 24 months, then chances are the company's time to exit the building isn't going to decrease all that much. It's likely to stay the same. Now if an organization does 8-12 fire drills over the course of 24 months, then you would generally see a good decrease in departure times as people get familiar with knowing how to leave the building in a timely fashion. The good thing on Breach and Attack Simulation tools is they have the ability to replay numerous attacks with the click of a button. This can save your penetration testing team hours over manual exploitation activities which would have to be repeated to confirm successful patches and mitigations. If we look at Breach and Attack Simulation software the tools have typically come in two flavors. One is an agent based approach. Example. A company might install an attack agent on a laptop inside the corporate environment that runs Data Loss Protection software. The attack agent might look at how much data it can exfiltrate which is not stopped by the DLP tool. The attack agent could also run similar attacks with how much malware the Antivirus detects, how much sensitive email it send outside the company despite there being an email protection solution. These attack agents can also be placed on servers to determine how effective web applications firewalls are at stopping attacks. Essentially having an attack agent on the internal side of a trusted network and one on the outside allows an organization to evaluate the effectiveness of various cyber tools. Now there's a few concerns with this type of approach. One, companies don't want to add more agents across their network because it steals critical system resources and makes things slower. Two, the time it takes to install and test agents means the value you can get out of these tools is delayed because cyber needs approvals from the desktop team, the network team, the firewall team, etc. before these solutions can be deployed. Three, by having an agent you don't always truly simulate what an attacker would do since you don't have to live off the land and gain permissions the attacker did. Your agent may not be know to antivirus or EDR tools, but using windows libraries to gain access does. Now let's compare this with an agentless approach. This approach is quite popular since labs where agents are run don't always look like a production environment. Example they lack the amount of traffic, don't possess the same amount of production data, or contain last month's versions of software. Here attacker software may start with the premise what happens if someone from the Accounting Team opens an Excel document containing a malicious macro. Let's see how we can automate an attack after that initial compromise step occurs. Then let's walk through every attack identified by the Mitre Attack Framework and see what gets caught and what doesn't. The tooling can then look at the technical safeguards in the organization that should have been applied and provide recommendations on how to increase their effectiveness. This might be something simple like adding a Windows Group Policy to stop an attack. Also breach and attack simulation tools can provide alerting recommendations to the SIEM that help identify when an endpoint attack occurred. Example: Instead of knowing that bad actors can run an attack, the Breach and Attack Simulation software actually gives you the Splunk Signature that your SOC team can leverage. That's a great add to minimize the amount of time to improve your alerting capabilities. Now when the breach and attack simulation software replays attacks each month, cyber leadership can look at how fast the Incident Response team detected and remediated the attack. It might be as simple as we stopped this attack before it could happen by applying the new Windows Group Policy or it took the team 4 hours to determine XYZ account had been taken over. These metrics allow you to know how well your Response plans work. So you get the value of a penetration test with the automation & scaling of vulnerability management tools. What's even more impressive is how these tools are evolving to meet the larger mission of cyber organizations. Example: Most Financial and Health Care organizations have to demonstrate evidence that IT controls are working effectively. Generally this is a manual process done in the Governance Risk and Compliance (GRC) team within a cyber organization. GRC teams have to ask developers to provide evidence to various IT controls such as are you monitoring and alerting to privilege activity. Now imagine if you had an automated tool that showed evidence that monitoring tools are installed on 99% of endpoints and these tools actually stopped various MITRE attacks immediately. That evidence would minimize the data call which takes time from the developer teams.
In this episode of Serious Privacy, Dr. K Royal of Outschool returns from vacation and catches up on the privacy activity with Paul Breitbarth of Catawiki. It seems like it was a quiet few weeks, but the more they talk, the more there is to catch up on.Paul and K talk about the Microsoft Digital Defense Report, posted by a colleague Victoria Beckman with Microsoft, the EU Agency for Cybersecurity Threat Landscape Report (not reviewed yet), the agreement between the data protection authorities of S. Korea and France for cooperation, the Twitter purchase and the move to Mastedon, the Digital Services Act publication, a controversial decision out of Denmark about companies not being able to retain marketing opt out lists, S. Korea vs. China vs. GDPR, and several other topics. As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy @trustArc @igrobrien @barbgs10 and email seriousprivacy@trustarc.com. Please do like and write comments on your favorite podcast act so other professionals can find us easier.
In episode 78 of our SAP on Azure video podcast we talk about the Microsoft Digital Defense Report, currently also featured in the Security Unlocked podcast, Teacher provisioned virtual labs and the announcement from SAP and Arvato systems to run a sovereign Cloud Platform for the Public Sector in Germany. Then we are honored to have Hans Reutter back on the show. Hans takes us down memory lane and looks back at more than 25 years at Microsoft working with SAP. https://youtu.be/AtUNu9VhKU4 https://www.saponazurepodcast.de/ https://github.com/hobru/SAPonAzure #SAPonAzure
Ransomware attacks have never been so successful. The returns from these attacks are soaring and only becoming easier to conduct. In chapter two of the Microsoft Digital Defense Report, the growing threat of cybercrime is covered in great detail. As we continue to go over the MDDR, it's more apparent than ever that the cybercrime economy and services it provides are stronger and more complex than ever. Cryptocurrency, malware, and adversarial machine learning are just a few of the topics we believe need to be covered in more detail. In this episode of Security Unlocked, host's Natalia Godyla and Nic Fillingham are joined by Jason Lyons, principal investigator in the digital crimes unit at Microsoft. Jason is an experienced investigator specializing in computer investigations. He is trained and experienced in hacker methodology/techniques, computer forensics, and incident response. Jason joined the show to discuss Chapter two of the Microsoft Digital Defense Report, which focuses on the state of cybercrime. He also speaks on how cryptocurrency has created new challenges in ransomware, why ransomware continues to grow, and recent trends we are currently seeing in malware. In This Episode You Will Learn: How to decide whether to pay the ransomware or not New ways for security teams to protect against malware Why we are seeing a rise in cybercrime due to cryptocurrency. Some Questions We Ask: What's new in the way the cybercrime economy operates? Why is ransomware still such a big thing and maybe even getting bigger? What trends are we seeing with malware right now? Resources: Microsoft Digital Defense Report View Jason Lyons on LinkedIn View Nic on LinkedIn View Natalia on LinkedIn Related: Listen to: Security Unlocked: CISO Series with Bret Arsenault Listen to: Afternoon Cyber Tea with Ann Johnson Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
We are back, covering more of the 2021 Microsoft Digital Defense Report, and this time we're taking a deep dive into chapter five on Hybrid Workforce Security and Zero Trust. Zero Trust means precisely what it sounds like, never assuming any device or identity is secure; it's like having major trust issues, but in a professional way. With most businesses moving to remote work because of the pandemic, cybercriminals, of course, found new ways to take advantage, especially since most people are now moving between business and personal activity online. For the first time, we're going to cover a full 12-month recap of what securing the hybrid workforce has been like. In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Carmichael Patton, Lead Architect for Microsoft's Internal Zero Trust Deployment. Carmichael joins the show to discuss security challenges and trends impacting the hybrid workforce, the three most significant insider risk vulnerabilities, and why some customers are still not using MFA. In This Episode You Will Learn: Security challenges and trends impacting the hybrid workforce How Microsoft approached their Zero Trust journey Prioritizing security initiatives during a time of massive change Some Questions We Ask: What were some of the major hybrid workforce attacks? Why are some customers still not using MFA? When and how should you deal with insider risk? Resources: Zero Trust Adoption Report The 2021 Microsoft Digital Defense Report View Carmichael Patton on LinkedIn View Nic on LinkedIn View Natalia on LinkedIn Related: Listen to: Security Unlocked: CISO Series with Bret Arsenault Listen to: Afternoon Cyber Tea with Ann Johnson Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Kartanolle on kutsuttu vieraaksi Pekka Manninen, joka on LUMI-supertietokonekeskuksen johtaja. Kajaanissa sijaitseva LUMI tulee olemaan yksi maailman nopeimmista supertietokoneista. Keskustelimme takkatulen ääressä siitä mikä on supertietokone, kuinka sellainen on saatu Suomeen ja mihin sitä käytetään. Lisäksi Herrasmieshakkereita kiinnostaa tietenkin supertietokoneiden turvakontrollit ja väärinkäyttötapaukset. Äänijulkaisun lähdeluettelo: Vieras: Pekka Manninen https://twitter.com/pekkamanninen “Hacker X”—the American who built a pro-Trump fake news empire https://arstechnica.com/information-technology/2021/10/hacker-x-the-american-who-built-a-pro-trump-fake-news-empire-unmasks-himself/ Disinformation guru “Hacker X” names his employer https://arstechnica.com/?p=1805085 VirusTotal analyysi lunnastroijalaistoimijoista https://blog.google/technology/safety-security/we-analyzed-80-million-ransomware-samples-heres-what-we-learned/ Microsoft Digital Defense Report 2021 https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi LUMI: yksi maailman tehokkaimmista supertietokoneista https://www.csc.fi/lumi Dendron https://www.dendron.so/ Baking impossible https://www.netflix.com/fi-en/title/81152744 Teksti-TV 40 https://yle.fi/aihe/tekstitv?P=840 Kotimikrojen kronikka https://areena.yle.fi/1-50911581
Amy Hogan-Burney, General Manager of Microsoft's Digital Crimes Unit, and former attorney at the U.S. Department of Justice, Federal Bureau of Investigation joins Ann Johnson to discuss how to address the leap in cyberattack sophistication seen in the new Microsoft Digital Defense Report, and the steps needed to establish new rules for cyberspace. As the leader of a global team of attorneys, investigators, engineers, and analysts Amy shares the strategic vantage point that these insights reveal about the increase of imposter domains attacking a variety of industries, and what guidance she has for organizations trying to protect themselves during a new wave of cyberattacks unlike any we have seen in the past. In This Episode You Will Learn: New global cybercrime trends Why we are seeing an increase in imposter domains How to keep data safe while employees continue to work remote Some Questions We Ask: What can we learn from the latest digital defense report? Why are we seeing a shift to more phishing attacks? When should we start establishing new rules for cybersecurity? Resources: Fighting an emerging cybercrime trend View Amy Hogan-Burney on LinkedIn View Ann Johnson on LinkedIn Related: Listen to: Security Unlocked: CISO Series with Bret Arsenault Listen to: Security Unlocked Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
This week, Adam and Andy talk about Microsoft's Digital Defense Report, consumer expectations of "invisible" security, and should you rip out an information security tool just because it's not on the Gartner Magic Quadrant. ------------------------------------------- Youtube Video Link: https://youtu.be/YXe79Uli1ow ------------------------------------------- Documentation: https://blogs.microsoft.com/on-the-issues/2021/10/07/digital-defense-report-2021/ https://www.darkreading.com/operations/how-to-adapt-to-rising-consumer-expectations-of-invisible-security/a/d-id/1340989?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple https://twitter.com/snorkel42/status/1450492940938321921?s=21 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://anchor.fm/blue-security-podcast/message
We talk to Mark McIntyre about the recent Microsoft Digital Defense Report. The two Marks discuss at length the report as well as cyber-crime, ransomware, digital currencies and more. We also cover security news about Azure Security Center, Windows 11, OWASP Top 10 2021 and the OWASP 20th anniversary, the recent 2.4Tbps DDoS against Azure Sentinel and Mark updates his 'Mark's List'
Okay, look, we know you plan on reading the entire 2021 MDDR at some point. But you're busy. Life gets in the way. We get it. Who has the time! Well, we've got the time, but that's beside the point, and honestly... fortunate for you. We've read the report front to back and have decided to cover some of it today on the podcast, but you'll still need to read all 134 pages yourself if you truly want to grasp the entire piece. Unless you want to be that person who listens to a single podcast and pretends they read the whole thing... then go ahead; we won't tell. In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Sian John, Microsoft's director of strategic growth. Sian is currently working with the business development team, exploring growth opportunities for Microsoft to strengthen security, compliance, and identity offerings that address unfulfilled needs in the market. As a security professional with over 25 years of experience, Sian accompanies us as we discuss the 2021 Microsoft Digital Defense Report, which she personally contributed to. In This Episode You Will Learn: The history and analysis of the 2021 Microsoft Digital Defense Report The evolution of cybercrime services that are for sale What's providing new attackers with access to deeper data Some Questions We Ask: How did Microsoft settle on the topics and themes of the 2021 MDDR? What are some takeaways from the newly added disinformation chapter? Why isn't Zero Trust being implemented, considering the conversations we've had that it's more critical than ever? Resources: 2021 Microsoft Digital Defense Report View Sian John on LinkedIn View Natalia on LinkedIn View Nic on LinkedIn Related: Listen to: Security Unlocked: CISO Series with Bret Arsenault Listen to: Afternoon Cyber Tea with Ann Johnson Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
CCI: Cyber Crime Investigation. Another day, another email attack - something smells “phishy” in the network. *Slowly puts on sunglasses and flips up trench coat collar* Time to go to work. Just how easy is it for someone to steal your credentials? Because once they're stolen, and sold for pocket change, it's open season. Homoglyphs, drop accounts, email forwarding… is it any wonder billions of dollars have been lost to BEC (business email compromise)? Join hosts Nic Fillingham and Natalia Godyla for a fascinating conversation with Peter Anaman, Director and Principal Investigator of the CELA Digital Crimes Unit, as they unpack the cybercrime section of the Microsoft Digital Defense Report to see what these phishers are up to. Scott Christiansen joins us later in the show to recount his journey to security and his role as an Adjunct Professor for Bellevue University's Master of Science in Cybersecurity, along with some great advice for choosing security as a profession. In This Episode, You Will Learn: The difference between consumer and enterprise phishing The types of people and professions that are usually targeted in cyber attacks How putting policies on backups and policies to protect the organization in place will help prevent digital crimes The four categories of the internet: the dark web, the surface web, the deep web, and the vetted web Some Questions We Ask: What would an example of credential phishing look like? What is the end goal for phishers? How are phishing and business email compromise techniques leveraged during the pandemic? What patterns are being seen when it comes to credential phishing? How do you use ML to classify whether a bug is security-related or not? Resources: Microsoft Digital Defense Report Peter's LinkedIn Scott's LinkedIn Microsoft Security Blog Nic's LinkedIn Natalia's LinkedIn Related: Listen to: Afternoon Cyber Tea with Ann Johnson Listen to: Security Unlocked: CISO Series with Bret Arsenault Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
Ever wonder why it's so difficult to really secure a network, systems or data? Cyber criminals are stepping up their game, even as security gets stronger and stronger, and they're using all sorts of new techniques to break through enterprise walls. In this episode, hosts Nic Fillingham and Natalia Godyla speak with Donal Keating, Director of Innovation and Research for the Microsoft Digital Crimes Unit, about one of the key findings in the latest Microsoft Digital Defense Report: how attackers are adapting and becoming more sophisticated. Plus how social engineering is revealing the true weakest link in any security plan -- and it's something you might not expect. Then they dive into what it's like to hunt threats with Michelle Lam, who brings fresh eyes to every security problem she faces at Microsoft. She explains why not spending time in a SOC early in her career helps her spot potential attacks others might miss, and why she's so passionate about helping serve under-represented communities and inspiring the next generation of security professionals. In This Episode, You Will Learn: How cyber attackers are using the cloud Why humans are the weakest link in every security system The new steps cyber criminals are taking to get people to trust them How threat hunters look for malicious activity How networking helps young security professionals Some Questions We Ask: What new threat trends are emerging? How should security professionals prepare for new threats? What is a homoglyph? Why is threat hunting a uniquely human-based activity? Resources Microsoft Digital Defense Report, September 2020 Donal's LinkedIn Michelle's LinkedIn Nic's LinkedIn Natalia's LinkedIn Microsoft Security Blog Related: Listen to: Afternoon Cyber Tea with Ann Johnson Listen to: Security Unlocked: CISO Series with Bret Arsenault Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
In this episode, hosts Nic Fillingham and Natalia Godyla speak with Sharon Xia, a principal program manager for cloud and AI at Microsoft, about the role machine learning plays in security. They discuss four major themes, outlined in the Microsoft Digital Defense Report, including how to prepare your industry for attacks on machine learning systems, preventing attack fatigue, democratizing machine learning and leveraging anomaly detection for post-breach detection. Then they speak to Emily Hacker, a threat intelligence analyst at Microsoft, about her path from professional writing to helping find and stop attacks. In This Episode, You Will Learn: How to prepare for attacks on machine learning systems The dangers of a model poisoning attack Why it's important to democratize machine learning How a humanities background helps when tracking threats The latest methods attackers are using for social engineering Some Questions We Ask: Why are most organizations not prepared for ML attacks? How do you assess the trustworthiness of an ML system? How can machine learning reduce alert fatigue? What kind of patterns are analysts seeing in email threats? Why is business email compromise treated differently than other threats? Resources Microsoft Digital Defense Report, September 2020 Sharon's LinkedIn Emily's LinkedIn Nic's LinkedIn Natalia's LinkedIn Microsoft Security Blog Related: Listen to: Afternoon Cyber Tea with Ann Johnson Listen to: Security Unlocked: CISO Series with Bret Arsenault Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.
© 2020-2025 Ivy Podcast Discovery LLC
