How Face ID Works, Least Private Browser, Ring and Flock
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam delve into the intricate relationship between privacy and security, particularly focusing on biometric data and the transition to passwordless technology. They discuss the security implications of various biometric methods, the privacy risks associated with popular web browsers like Chrome, and explore alternatives that prioritize user privacy. The conversation also highlights the controversial practices of Flock Safety in surveillance and the potential consequences of such technologies.----------------------------------------------------YouTube Video Link: https://youtu.be/7HDxGTCRPnM----------------------------------------------------Documentation:https://www.stuff.tv/features/apple-face-id-explained/https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/faqhttps://www.rd.com/article/worst-browser-for-privacy/https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
11 Nov 48min
Microsoft Digital Defense Report 2025
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss Microsoft's Digital Defense Report for 2025. The conversation delves into the critical issues surrounding identity attacks, particularly focusing on the vulnerabilities associated with weak passwords. Andy highlights the prevalence of password spraying in identity attacks and discusses the ClickFix social engineering method, which tricks users into executing malicious commands. The discussion further explores the implications of fileless malware, emphasizing its stealthy nature and the challenges it poses to traditional security measures.----------------------------------------------------YouTube Video Link: https://youtu.be/C4GL-Vmo_8w----------------------------------------------------Documentation:https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/Full Report: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf#page=1Government Executive Summary: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/MDDR-2025-Government-Executive-Summary.pdf#page=1CISO Executive Summary: https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/bade/documents/products-and-services/en-us/security/CISO-Executive-Summary-MDDR-2025.pdf----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
4 Nov 1h 4min
F5 Breached, Windows 10 EOL, AWS Outage
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss significant recent cybersecurity events, including the F5 breach attributed to state-backed actors, the implications of Windows 10 reaching end of life, and the risks associated with outdated mobile operating systems. They also explore the geopolitical context of cybersecurity threats from China and the lessons learned from a recent AWS outage, emphasizing the importance of preparedness and proactive security measures for organizations.----------------------------------------------------YouTube Video Link: https://youtu.be/zn6cgCe5W8I----------------------------------------------------Documentation:https://arstechnica.com/security/2025/10/breach-of-f5-requires-emergency-action-from-big-ip-users-feds-warn/https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaignhttps://www.forbes.com/sites/zakdoffman/2025/10/25/unprotected-1-billion-iphone-and-android-users-must-act-now/https://www.wired.com/story/what-that-huge-aws-outage-reveals-about-the-internet/https://youtu.be/43vxbytjDSM?si=bzmgru3AHrhd7lP2https://youtu.be/vFu63JNtIZ4?si=DAi64IzjkwD5bSTW----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
28 Okt 49min
What's new in Microsoft Sentinel
SummaryIn this episode, Andy Jaw and Adam Brewer discuss the latest updates in Microsoft Sentinel, focusing on the new features such as the Sentinel Data Lake, Sentinel Graph, and the MCP server. They explore how these innovations enhance security operations, improve data management, and leverage AI for better threat detection and response. The conversation emphasizes the importance of cost-effective data storage and the integration of AI in cybersecurity practices.----------------------------------------------------YouTube Video Link: https://youtu.be/dspGvRHMiPc----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/azure/sentinel/whats-new----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
21 Okt 37min
WhatsApp banned; Discord, TransUnion, Jaguar-Land Rover hacked
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss various topics related to cybersecurity, including the security implications of WhatsApp, the challenges of age verification laws, the recent TransUnion data breach, and the significant cyber attack on Jaguar Land Rover. They emphasize the importance of strong cybersecurity measures, the risks associated with third-party data management, and the need for businesses to invest in cybersecurity to protect against potential breaches and their cascading effects on supply chains.----------------------------------------------------YouTube Video Link: https://youtu.be/Z-StvCprzjE----------------------------------------------------Documentation:https://www.fastcompany.com/91357825/whatsapp-banned-capitol-hill-how-secure-meta-messaging-encryptedhttps://arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/https://www.msn.com/en-us/money/other/transunion-hack-has-put-44-million-americans-personal-data-at-risk-including-social-security-how-to-protect-yourself-before-it-s-too-late/ar-AA1OhP12https://www.msn.com/en-us/news/world/fears-putin-backed-hackers-are-behind-cyber-attack-on-jaguar-land-rover/ar-AA1OiZnzhttps://cybersecuritynews.com/jaguar-land-rover-breached-by-hellcat/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
14 Okt 51min
iPhone MIE, Microsoft - Israel MOD, npm supply chain attacks
SummaryIn this episode, hosts Andy Jaw and Adam Brewer discuss the newly announced iPhone 17 and its enhanced security features, particularly the memory integrity enforcement that aims to protect user data from spyware. They also delve into Microsoft's response to allegations regarding the use of Azure by the Israeli Defense Force for surveillance purposes, emphasizing the company's commitment to privacy. The conversation concludes with a discussion on recent supply chain attacks affecting NPM packages and the proactive measures being taken to enhance security in the software development ecosystem.----------------------------------------------------YouTube Video Link: https://youtu.be/YLTiud1ibhU----------------------------------------------------Documentation:https://www.theverge.com/news/775234/iphone-17-air-a19-memory-integrity-enforcement-mte-securityhttps://security.apple.com/blog/memory-integrity-enforcement/https://blogs.microsoft.com/on-the-issues/2025/09/25/update-on-ongoing-microsoft-review/https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
7 Okt 26min
Kerberoasting in 2025
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the topic of Kerberosting, a known attack method that exploits weaknesses in the Kerberos authentication protocol, particularly focusing on the vulnerabilities associated with RC4 encryption. They discuss a recent letter from Senator Ron Wyden addressing the implications of these vulnerabilities in the context of a significant ransomware breach in the healthcare sector. The conversation covers the basics of RC4 encryption, the mechanics of Kerberosting attacks, and the necessary mitigations organizations should implement to protect against these threats. Additionally, they highlight Microsoft's Secure Future Initiative, which aims to prioritize security in its products and services, and the ongoing challenges of balancing security with legacy compatibility. The episode concludes with actionable takeaways for listeners to enhance their cybersecurity posture.----------------------------------------------------YouTube Video Link: ----------------------------------------------------Documentation:https://arstechnica.com/security/2025/09/senator-blasts-microsoft-for-making-default-windows-vulnerable-to-kerberoasting/https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2868725----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
30 Sep 35min
Advanced Data Protection with Special Guest Amren Gill
SummaryIn this episode of the Blue Security Podcast, hosts Andy and Adam celebrate their five-year anniversary with guest Amren Gill, a data security solutions engineer at Microsoft. They delve into the complexities of data protection, focusing on Microsoft Purview's capabilities, including data classification, data loss prevention (DLP), and advanced data protection features. The conversation highlights the importance of securing data by default, leveraging AI for enhanced security measures, and the role of data security posture management (DSPM) in identifying and addressing security gaps. Amren also discusses the new Data Security Investigations tool, which aids in responding to data breaches effectively.----------------------------------------------------YouTube Video Link: https://youtu.be/MZBEW265WwU----------------------------------------------------Documentation:https://learn.microsoft.com/en-us/purview/deploymentmodels/depmod-securebydefault-introhttps://learn.microsoft.com/en-us/purview/purview----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
23 Sep 1h 6min
