The Signal Incident
Blue Security1 Apr

The Signal Incident

Summary

In this episode, Andy and Adam discuss a significant breach of sensitive military information that was leaked through a Signal chat involving high-level government officials. They explore the implications of this breach, the role of technology in government security, and the human errors that led to the violation of established policies. The conversation delves into the cultural influences on compliance, the challenges posed by shadow IT, and the evolution of security practices in the face of modern technology. They also evaluate the security risks associated with using Signal for sensitive communications. In this conversation, Andy Jaw and Adam Brewer delve into the complexities of data security, focusing on the vulnerabilities associated with devices and applications like Signal. They discuss the importance of human factors in data security, emphasizing that even the most secure applications can be compromised through human error. The conversation transitions into organizational strategies for protecting sensitive information, highlighting the need for a positive workplace culture that encourages compliance with security protocols. The discussion concludes with reflections on the importance of adaptability in organizational security practices and the role of insider risk management.

----------------------------------------------------

YouTube Video Link: https://youtu.be/hLotPRhNH8s

----------------------------------------------------

Documentation:

https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/

https://www.theatlantic.com/politics/archive/2025/03/signal-group-chat-attack-plans-hegseth-goldberg/682176/

https://www.npr.org/2025/03/25/nx-s1-5339801/pentagon-email-signal-vulnerability

----------------------------------------------------

Contact Us:

Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com

Bluesky: https://bsky.app/profile/bluesecuritypod.com

LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod

YouTube:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast

-----------------------------------------------------------

Andy Jaw

Bluesky: https://bsky.app/profile/ajawzero.com

LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/

Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠

----------------------------------------------------

Adam Brewer

Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer

LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/

Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Avsnitt(269)

Ransomware Protection - Part 3 - Admin Rights, Email Protection, Phishing Training

Ransomware Protection - Part 3 - Admin Rights, Email Protection, Phishing Training

This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into the concept of least privileged access and administrative rights, email protection solutions, and phishing/cybersecurity training program concepts for your company. Documentation: Exchange Online Protection Overview https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/exchange-online-protection-overview?view=o365-worldwide Office 365 ATP https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/

19 Okt 202033min

Ransomware Protection - Part 2 - EDR, Patching, and Pentesting

Ransomware Protection - Part 2 - EDR, Patching, and Pentesting

This week, Adam and Andy continue the conversation on techniques and tools to protect your organization from ransomware. They dive into EDR solutions, patching and vulnerability assessment management, and pentesting. Documentation: Maersk, me & notPetya: https://gvnshtn.com/maersk-me-notpetya/ The Untold Story of NotPetya, the Most Devastating Cyberattack in History: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/

12 Okt 202032min

Ransomware Protection - Part 1 - Soft Skills and Endpoint Protection

Ransomware Protection - Part 1 - Soft Skills and Endpoint Protection

Due to the recent ransomware attacks, Adam and Andy use this episode to kick off a series on how to protect your company from ransomware. We started with how security professionals need to have soft skills in order to be successful at any organization. We followed up with a deep dive on why we believe Microsoft Defender for Endpoint is the most cost effective solution you can deploy. Documentation: Microsoft Defender in a Sandbox: https://www.microsoft.com/security/blog/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/ Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/

5 Okt 202033min

Enabled MFA!

Enabled MFA!

In this episode, Adam and Andy talk about why if you have not enabled MFA for your identity provider (IDP), this should be your top priority today. They also talk about steps for implementation and their thoughts on user documentation. Documentation: Zerologon Vulnerability https://www.secura.com/blog/zero-logon Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/

28 Sep 202030min

Geo-restricting IP addresses, Password policies, Defense against password spray attacks

Geo-restricting IP addresses, Password policies, Defense against password spray attacks

In this first episode, Adam and Andy discuss whether geo-restricting IP addressing is considered "good" security. They also discuss Azure AD password protection as a method to protect against password spraying attacks. Documentation: Overview on Azure AD password protection: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-password-protection-is-now-generally-available/ba-p/377487 How to deploy Azure AD protection: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy Andy Jaw Twitter: @ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Adam Brewer Twitter: @ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/

21 Sep 202031min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
rss-badfluence
market-makers
elbilsveckan
bilar-med-sladd
rss-laddstationen-med-elbilen-i-sverige
natets-morka-sida
rss-technokratin
garagehang
rss-veckans-ai
solcellskollens-podcast
skogsforum-podcast
hej-bruksbil
rss-uppgang-och-fall
rss-elektrikerpodden
teknikveckan
bosse-bildoktorn-och-hasse-p
har-vi-akt-till-mars-an
rss-snacka-om-ai