Blue Security
Subscribed: 42Played: 714
Subscribe
© Andy Jaw & Adam Brewer
Description
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
202 Episodes
Reverse
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss the aftermath of the CrowdStrike failed software update. They express empathy for those impacted by the incident and discuss the importance of collaboration in the cybersecurity industry. They also explore the need for transparency from security vendors and the potential impact on cybersecurity teams and funding. The conversation touches on the level of access that security solutions have and the need for a balanced approach. They emphasize the importance of having an incident response plan and implementing deployment rings for security updates.
----------------------------------------------------
YouTube Video Link: https://youtu.be/_ajB1t89VrQ
----------------------------------------------------
Documentation:
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://www.linkedin.com/posts/racheltobac_lets-get-actionable-criminals-will-attempt-activity-7220134391350538240-8ZNN/
https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss a blog post titled 'Cybersecurity is Full' that challenges the hype around cybersecurity careers. They explore the saturation of the field, the value of certifications and conferences, the optional nature of cybersecurity in organizations, and the stress and challenges of the industry. They emphasize the importance of having a strong foundation in technology before pursuing a career in cybersecurity and the need for organizations to prioritize cybersecurity as an enabler for their business. They also highlight the ongoing need for cybersecurity professionals and the rewarding nature of the field.
Takeaways
-Cybersecurity careers have been hyped up in recent years, leading to a saturation of the field, especially at the entry level.
-Certification programs and conferences in cybersecurity can be expensive and may not always provide quality content or training.
-The optional nature of cybersecurity in organizations means that it can be cut when budgets are tight, but there is a minimum level of investment required.
-A strong foundation in technology and a basic understanding of concepts like TCP/IP and DNS are essential before pursuing a career in cybersecurity.
-Cybersecurity professionals need to be persuasive and able to sell the value of cybersecurity to their organizations.
-The cybersecurity industry is still growing, and professionals have the opportunity to make a difference and protect against malicious threat actors.
----------------------------------------------------
YouTube Video Link: https://youtu.be/B0roPpJKKpU
----------------------------------------------------
Documentation:
https://cyberisfull.com/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss Defender for Servers, a cloud security solution offered by Microsoft. They explain that Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers. They discuss the different plans available, including Plan 1 and Plan 2, which offer varying levels of endpoint protection and vulnerability management. They also highlight the inclusion of Cloud Security Posture Management (CSPM) in both plans. The hosts emphasize the vendor-agnostic nature of Defender for Servers, which can be used in AWS, GCP, and on-premises environments.
Takeaways
-Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers.
-There are two plans available for Defender for Servers: Plan 1 and Plan 2. Plan 1 offers endpoint protection, while Plan 2 includes additional features such as XDR, EDR, and regulatory compliance capabilities.
-Both Plan 1 and Plan 2 include Cloud Security Posture Management (CSPM), which provides security recommendations and secure score assessments.
-Defender for Servers is vendor-agnostic and can be used in AWS, GCP, and on-premises environments. It is available for both Windows and Linux VMs.
-Defender for Servers is priced on a consumption-based model, allowing customers to pay only for what they use.
----------------------------------------------------
YouTube Video Link: https://youtu.be/-jG2BFPS45o
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan
https://learn.microsoft.com/en-us/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss recommended settings for Exchange Online Protection (EOP) and Microsoft Defender for Office (MDO). They explain that EOP is the core security for M365 subscriptions, providing anti-malware, anti-spam, and anti-phishing protection. They also highlight the importance of the secure by default feature in EOP and the use of admin submissions to report false positives and false negatives. They caution against using methods like Outlook safe senders, IP allow listing, and allowed senders list within anti-spam policies, as these can bypass important security measures. They emphasize the need for organizations to regularly review and clean up their EOP policies to ensure effective email security.
Takeaways
-Exchange Online Protection (EOP) is the core security for M365 subscriptions, providing anti-malware, anti-spam, and anti-phishing protection.
-The secure by default feature in EOP ensures that high-confidence phishing and malware emails are blocked, regardless of any overrides or exceptions.
-Admin submissions should be used to report false positives and false negatives, allowing Microsoft to review and improve filtering rules.
-Methods like Outlook safe senders, IP allow listing, and allowed senders list within anti-spam policies can bypass important security measures and should be avoided.
-Regularly reviewing and cleaning up EOP policies is essential to maintain effective email security.
----------------------------------------------------
YouTube Video Link: https://youtu.be/guRhC1yVJYI
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide
https://learn.microsoft.com/en-us/defender-office-365/secure-by-default
https://learn.microsoft.com/en-us/defender-office-365/advanced-delivery-policy-configure#use-the-microsoft-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss three cybersecurity news stories. They talk about a small town in Massachusetts that lost over $445,000 in an email scam, the Biden administration's ban on Kaspersky antivirus software, and a cyber attack on Crown Equipment, a forklift manufacturer. The main takeaways from the conversation are the importance of cybersecurity training, the need for secure remote access methods, and the impact of employee satisfaction on cybersecurity.
Takeaways
-Cybersecurity training is crucial to prevent email scams and social engineering attacks.
-Secure remote access methods should be deployed and unauthorized remote access software should be blocked.
-Employee satisfaction and trust in the company can reduce the risk of insider threats.
-Small organizations and state and local governments are vulnerable to cyber attacks and should prioritize cybersecurity measures.
----------------------------------------------------
YouTube Video Link: https://youtu.be/YdTo2kej4VQ
----------------------------------------------------
Documentation:
https://www.cybercaptcha.com/news/small-massachusetts-town-scammed-out-of-445000-in-shocking-email-hack/
https://www.bleepingcomputer.com/news/security/biden-bans-kaspersky-antivirus-software-in-us-over-security-concerns/
https://oicts.bis.gov/kaspersky/
https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss three main topics: the unauthorized user access at Snowflake, the cybersecurity issue at Finley Automotive Group, and the cyber threats surrounding the upcoming Olympics in Paris. They highlight the importance of implementing strong security controls like multi-factor authentication and regular credential rotation. They also emphasize the need for organizations to assess their data storage practices and only retain necessary customer information. The hosts discuss the challenges faced by auto dealerships in securing their outdated systems and the potential risks associated with cyber threats during major events like the Olympics.
Takeaways
-Implement strong security controls like multi-factor authentication and regular credential rotation to protect against unauthorized access.
-Assess data storage practices and only retain necessary customer information to minimize the risk of exposure in the event of a cyber attack.
-Auto dealerships face challenges in securing their outdated systems and should prioritize updating their technology infrastructure.
-Major events like the Olympics are attractive targets for cyber threats, and organizations should be vigilant in detecting and mitigating potential risks.
-Collaboration between security organizations and threat intelligence providers is crucial in monitoring and addressing cyber threats.
----------------------------------------------------
YouTube Video Link: https://youtu.be/IuVBExmLsvg
----------------------------------------------------
Documentation:
https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html?utm_source=tldrinfosec&m=1
https://www.reviewjournal.com/business/source-findlay-operations-nearly-idled-losses-mount-from-cyberattack-suit-filed-3069083/
https://blogs.microsoft.com/on-the-issues/2024/06/02/russia-cyber-bots-disinformation-2024-paris-olympics/
https://www.recordedfuture.com/hurdling-over-hazards-multifaceted-threats-to-the-2024-paris-olympics
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss the updates and clarifications made by Microsoft regarding the security concerns surrounding the Recall feature on Copilot Plus PCs. They highlight the changes, such as the option to proactively enable Recall during the out-of-box experience, the requirement of Windows Hello enrollment and proof of presence for accessing Recall, and the additional layers of protection, including just-in-time decryption and encrypted search index database. They also delve into the concept of Windows Hello Enhanced Sign-In Security and its benefits. The conversation emphasizes the importance of user choice and the balance between privacy and productivity.
Takeaways
-Microsoft has addressed the security concerns surrounding the Recall feature on Copilot Plus PCs by providing updates and clarifications.
-The Recall feature will be turned off by default during the out-of-box experience, giving users the choice to enable it proactively.
-Windows Hello enrollment and proof of presence are required to access Recall, ensuring authentication and physical presence.
-Additional layers of protection, such as just-in-time decryption and encrypted search index database, have been implemented to enhance security.
-Windows Hello Enhanced Sign-In Security provides an additional level of security to biometric data by leveraging specialized hardware and software components.
-The balance between privacy and productivity is important, and Microsoft allows users to choose whether to enable Recall and provides options for filtering and managing snapshots.
----------------------------------------------------
YouTube Video Link: https://youtu.be/PJhMStnm-SE
-----------------------------------------------------------
Documentation:
https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
The conversation covers three primary themes: Ticketmaster data breach, Slack's data scraping, and Windows Recall feature. The Ticketmaster breach is discussed in detail, highlighting the stolen data, phishing risks, and the importance of password management. The conversation then shifts to Slack's data scraping controversy, addressing concerns about privacy and opt-in policies. Finally, the Windows Recall feature is explored, focusing on its local processing, privacy controls, and security implications.
Takeaways
-Data breaches pose significant risks, emphasizing the importance of password management and vigilance against phishing scams.
-Privacy concerns arise from data scraping practices, highlighting the need for transparent opt-in policies and user control.
-The Windows Recall feature offers advanced search capabilities but raises security considerations, emphasizing the importance of local processing and privacy controls.
----------------------------------------------------
YouTube Video Link: https://youtu.be/V9eR7lRck7k
-----------------------------------------------------------
Documentation:
https://www.cbsnews.com/news/ticketmaster-breach-what-to-know-about-protecting-your-data-cbs-news-explains/
https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/
https://www.windowscentral.com/software-apps/windows-11/windows-recall-faq-everything-you-need-to-know
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss the security and privacy announcements from Microsoft Build. They cover topics such as AI content safety, Copilot capabilities, security enhancements in Microsoft Edge, and new Windows security features. They also touch on the deprecation of NTLM and the introduction of Copilot Plus PCs with Qualcomm's new dev kit for Windows. Overall, the episode highlights the advancements in security and innovation in the Windows ecosystem.
Takeaways
-Microsoft announced new security and privacy features at Microsoft Build
-AI content safety enhancements were introduced to protect AI applications
-Copilot capabilities were expanded to provide information and context from knowledge in documents and files
-Microsoft Edge for Business received improvements in defense against data leaks and vulnerabilities
-New Windows security features were announced, including virtualization-based security, personal data encryption, and attestation
-NTLM deprecation is planned for the second half of 2024
-Copilot Plus PCs with Qualcomm's new dev kit offer enhanced performance and battery life
-The Windows ecosystem is experiencing a paradigm shift with innovation and competition
----------------------------------------------------
YouTube Video Link: https://youtu.be/zhn_t9X3ATQ
-----------------------------------------------------------
Documentation:
https://news.microsoft.com/build-2024-book-of-news/
https://blogs.windows.com/windowsdeveloper/2024/05/21/unlock-a-new-era-of-innovation-with-windows-copilot-runtime-and-copilot-pcs/
https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft Entra Private Access and Endpoint Privilege Management. Entra Private Access is a modern secure edge solution that allows remote users to access on-premise applications in a micro-segmented manner. It enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users. Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without giving them complete local admin access. It also supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
Takeaways
-Microsoft Entra Private Access is a modern secure edge solution for remote users to access on-premise applications in a micro-segmented manner.
-Entra Private Access enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users.
-Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without complete local admin access.
-Endpoint Privilege Management now supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ye3s2SNhqao
-----------------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450
https://techcommunity.microsoft.com/t5/microsoft-intune-blog/endpoint-privilege-management-adds-support-approved-elevations/ba-p/4101196
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss two important topics: Microsoft's pledge for greater transparency in identifying and determining root causes for security vulnerabilities, and the increasing sophistication of USB malware attacks in industrial organizations. They provide insights into Microsoft's Secure Future Initiative and the importance of security in the OT and IoT networks. They also offer practical tips for strengthening USB security and data exfiltration prevention.
Takeaways
-Microsoft is pledging greater transparency in identifying and determining root causes for security vulnerabilities in their products and services.
-The Secure Future Initiative aims to transform software development, implement new identity protections, and improve transparency and vulnerability responses.
-USB malware attacks in industrial organizations are increasing in sophistication, with attackers using USB devices to establish silent residency in industrial control systems.
-Organizations should strengthen USB security by blocking or allowing USB devices based on an allow list, scanning USB devices for malicious processes or files, and implementing attack surface reduction rules.
-Data exfiltration prevention is crucial, and organizations should consider implementing full disk encryption, data loss prevention (DLP) rules, and sensitivity labeling to protect sensitive data.
-Visibility and inventory of OT and IoT devices are essential for developing a security strategy, and solutions like Defender for IoT and OT can provide network-based security and inventory management.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/aveWb4fjOek
-----------------------------------------------------------
Documentation:
https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/
https://www.honeywell.com/us/en/news/2024/04/cybersecurity-in-2024-usb-devices-continue-to-pose-major-threat
https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus
https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
The 17th annual Verizon Data Breach Investigation Report reveals key findings and trends in cybersecurity. The report highlights the increase in vulnerability exploitation for initial access, the continued prevalence of human error in breaches, the rise of pure extortion attacks, and the limited impact of generative AI in the cybersecurity landscape. Recommendations include implementing robust threat and vulnerability management programs, focusing on user education and data protection, and exploring the use of generative AI for defensive purposes. The report serves as a valuable resource for organizations looking to enhance their cybersecurity strategies.
Takeaways
-Vulnerability exploitation for initial access nearly tripled in 2023, highlighting the need for robust threat and vulnerability management programs.
-Human error remains a significant factor in most breaches, emphasizing the importance of user education and data protection measures.
-Pure extortion attacks are increasing, signaling a shift away from encryption ransomware as threat actors seek quicker and easier ways to profit.
-Generative AI has yet to make a significant impact in the cybersecurity landscape, but organizations should consider leveraging it for defensive purposes.
-The Verizon Data Breach Investigation Report provides valuable insights and recommendations for organizations looking to enhance their cybersecurity strategies.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ajqbA9zPUbA
-----------------------------------------------------------
Documentation:
https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss the growing threat of mobile device threats. They highlight the recent mass password reset and account lockout of Apple IDs and the potential for a mobile wormable event. They explore the conditions necessary for a mobile wormable attack, including the development of zero-click exploits, the abuse of contact lists for further spread, and the lack of clear mitigations from telecommunications and mobile device companies. They also discuss the limitations of lockdown mode and the importance of endpoint protection for mobile devices.
Takeaways
-Mobile devices have become ubiquitous in corporate environments and are vital for both security and operations.
-The conditions necessary for a mobile wormable attack are already in place, including the development of zero-click exploits and the abuse of contact lists for further spread.
-Lockdown mode and mobile threat detection (MTD) solutions can provide some risk mitigation for mobile devices, but they have limitations and limited visibility.
-Endpoint protection for mobile devices, including mobile device management (MDM) and MTD, should be part of an organization's risk mitigation strategy.
-Enterprises should consider implementing baseline security measures for mobile devices, such as a minimum six-digit passcode and keeping the operating system up to date.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/lxWveot8AF4
-----------------------------------------------------------
Documentation:
https://www.macrumors.com/2024/04/27/apple-id-accounts-logging-out-users/
https://go.recordedfuture.com/hubfs/reports/CTA-2024-0416.pdf
https://www.wired.com/story/apple-lockdown-mode-hands-on/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss the importance of VDI (Virtual Desktop Infrastructure) in security and enterprise architecture. They highlight the security benefits of VDI, such as separating end user environments from the underlying physical hardware, centralized management of baseline images and patches, and the ability to keep sensitive data in the data center. They also explore the shared responsibility model in cloud computing, where the cloud provider is responsible for the security of the infrastructure, but the end users are responsible for protecting their data and assets stored in the cloud.
Takeaways
-VDI provides security benefits by separating end user environments from the underlying physical hardware and centralizing management of baseline images and patches.
-The shared responsibility model in cloud computing means that while the cloud provider is responsible for the security of the infrastructure, the end users are responsible for protecting their data and assets stored in the cloud.
-Understanding the shared responsibility model is crucial for security practitioners to ensure they are defending their organization's data effectively.
-Minimizing the use of IaaS and on-premises models in favor of PaaS and SaaS models can reduce the organization's security responsibilities and provide better security.
-It's important to know what you're responsible for in terms of data protection and security when using cloud services.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/wdguHOGjs2Q
-----------------------------------------------------------
Documentation:
https://x.com/itguysocal/status/1769052129111707877?s=46&t=wVpJpdH7u2mDZZDEtx3bMg
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
https://aws.amazon.com/compliance/shared-responsibility-model/
https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam clarify some points from the previous episode and discuss two main topics: mitigating social engineering attacks on IT help desks and the value of certifications in cybersecurity. They provide practical tips for securing IT help desks, such as requiring callbacks, video verifications, and supervisor verification. They also share their thoughts on certifications, highlighting the importance of experience and continuous learning over the number of certifications. They recommend certifications from AWS and Microsoft for beginners and discuss the relevance of TCP/IP knowledge in today's cybersecurity landscape.
Takeaways
-Mitigate social engineering attacks on IT help desks by implementing measures such as requiring callbacks, video verifications, and supervisor verification.
-Certifications in cybersecurity can be valuable for beginners and for demonstrating knowledge and skills to employers, but they should not be the sole focus. Experience and continuous learning are more important.
-Certifications from AWS and Microsoft are cost-effective options for beginners in the field.
-TCP/IP knowledge, while important, may not be as relevant in today's cybersecurity landscape as other skills and knowledge areas.
-Adaptability and meeting employers where they are in terms of security practices are crucial in the field of cybersecurity.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/BHcR7bAyMlY
-----------------------------------------------------------
Documentation:
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/
https://twitter.com/infosec_fox/status/1778404395035550105?t=wVpJpdH7u2mDZZDEtx3bMg
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy Jaw and Adam Brewer discuss two main topics: the importance of managed devices for improving security posture and the bundling of security solutions in Microsoft licensing. They highlight the shift towards requiring Intune and Azure AD joined devices for improved device management and security. They also address the question of why Microsoft doesn't include more security solutions in their basic bundles, explaining the challenges of bundling and the need to compete fairly in the security market.
Takeaways
-Managed devices, specifically Intune and Azure AD joined devices, are crucial for improving security posture.
-Hybrid join is the bare minimum for requiring managed machines, but Intune and Azure AD compliance provide continuous device health attestation and better device risk management.
-Microsoft's licensing bundles, such as E3 and E5, do not include all security solutions because it would raise prices and not all customers need or want those solutions.
-Microsoft aims to compete fairly in the security market and offers value in their licensing options, with E5 being the most comprehensive and cost-effective solution.
-Customers have the flexibility to choose third-party security solutions and integrate them with Microsoft's offerings.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/Fv5yns0olmU
-----------------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybridhttps://techcommunity.microsoft.com/t5/manufacturing/getting-started-with-an-intune-device-management-poc/ba-p/2703678
https://www.techrepublic.com/article/microsoft-teams-unbundle-office-eu-probe/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
This episode of the Blue Security Podcast discusses the issue of finding logs for chats between external and internal users in Microsoft Teams. The hosts explore various methods for detecting and alerting on suspicious chats, including using KQL queries, creating workbooks, and leveraging communication compliance features. They also highlight the connection between Teams, Exchange Online, and SharePoint, and the importance of protecting against malicious links and educating users about phishing threats. The episode concludes with a discussion on the significance of single sign-on configuration and the need for a holistic approach to security.
Takeaways
-Implementing KQL queries and workbooks can help detect and analyze logs for chats in Teams
-Communication compliance features can be used to detect insider risks and inappropriate behavior in chats.
-Protecting against malicious links and educating users about phishing threats are crucial for maintaining security in Teams.
-Configuring single sign-on and requiring managed machines can enhance security and prevent credential theft.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/y4EEhkw7EpA
-----------------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide#safe-links-settings-for-microsoft-teams
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
This episode covers updates on the Midnight Blizzard attack, the role of CISOs and their technical expertise, the need for international standards in cyber warfare, and defending against business email compromise.
Takeaways
-Microsoft provides an update on the Midnight Blizzard attack, revealing attempts to gain unauthorized access to internal systems.
-The technical expertise of CISOs is important, but they don't need to be deeply technical. Understanding the solutions, threats, and being able to explain them is crucial.
-Cyber warfare is a serious issue, and there is a need for international standards to define appropriate targets for attacks.
-Microsoft demonstrates how their ecosystem defends against business email compromise using automatic attack disruption.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/SQGJT2qLLms
-----------------------------------------------------------
Documentation:
https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
https://www.sec.gov/edgar/browse/?CIK=789019&owner=exclude
https://www.youtube.com/watch?v=GnEGWzfxU8c
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
This episode of the Blue Security Podcast covers the announcements made at Microsoft Secure, focusing on Microsoft Copilot for Security, Microsoft Security Exposure Management, and updates to Microsoft Purview and Intune. The episode also highlights the integration of Copilot with Intune and the economic study that demonstrates the increased efficiency and accuracy of security analysts when using Copilot. Overall, the announcements showcase the advancements in Microsoft's security offerings and the value they bring to organizations.
Takeaways
-Microsoft Copilot for Security is a powerful tool that provides security analysts with AI-driven assistance in incident analysis, policy management, and more.
-The licensing model for Copilot for Security is consumption-based, allowing organizations to use it as much as needed without overwhelming costs.
-Microsoft Security Exposure Management offers a comprehensive threat exposure management process, integrating various security solutions and providing insights to mitigate risks.
-The integration of Copilot with Intune enables administrators to easily understand and manage policy settings, security impact, and more.
-----------------------------------------------------------
Youtube Video Link: https://youtu.be/8CH_OasAo0Q
-----------------------------------------------------------
Documentation:
https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/protect-at-the-speed-and-scale-of-ai-with-copilot-for-security/ba-p/4078785
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-adds-identity-skills-to-copilot-for-security/ba-p/4081857
https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-introduces-a-preview-of-copilot-in-intune/ba-p/4083276
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, the hosts discuss the FBI's 2023 internet crime report, focusing on the increase in money lost to internet crimes and the age group most vulnerable to cybercrime. They then delve into the topic of business email compromise (BEC), explaining how scammers use email to trick individuals and businesses into giving money or divulging confidential information. The hosts provide tips for protecting against BEC, including using secure email gateways, implementing multi-factor authentication, and educating employees about phishing red flags. They also emphasize the importance of reporting BEC incidents to law enforcement and treating these crimes seriously.
Takeaways
-The FBI's 2023 internet crime report revealed an increase in money lost to internet crimes and highlighted the vulnerability of older adults to cybercrime.
-Business email compromise (BEC) is a type of cybercrime where scammers use email to trick individuals and businesses into giving money or confidential information.
-Protecting against BEC involves using secure email gateways, implementing multi-factor authentication, and educating employees about phishing red flags.
-Reporting BEC incidents to law enforcement, such as the FBI, is crucial for recouping losses and cracking down on cybercrime.
-----------------------------------------------------------
Youtube Video Link: https://youtu.be/_GpyjmLDX8g
-----------------------------------------------------------
Documentation:
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
https://www.microsoft.com/en-us/security/blog/2019/10/16/top-6-email-security-best-practices-to-protect-against-phishing-attacks-and-business-email-compromise/?culture=en-us&country=us
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Threads: https://www.threads.net/@bluesecuritypodcast
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
Twitch: https://www.twitch.tv/bluesecuritypod
-----------------------------------------------------------
Andy Jaw
Mastodon: https://infosec.exchange/@ajawzero
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Comments
Download from Google Play
Download from App Store
United States