SEC charges Solarwinds CISO & Backing up and Archiving M365 data
On this week's episode, Andy and Adam talk about the SEC charging the Solarwinds CISO with fraud and the implications on the overall security leadership community. They also talk about some questions that came up about backing up and restoring M365 data and a new capability coming out in public preview very soon! ------------------------------------------- Youtube Video Link: https://youtu.be/1FIZOQMXZBg ------------------------------------------- Documentation: https://www.sec.gov/news/press-release/2023-227 Monitoring M365 group/Teams deletion https://office365itpros.com/2020/01/29/report-the-deletion-of-teams/ https://petri.com/office-365-alert-policies-automate-audit-monitoring Privileged access deployment https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-deployment M365 Backup and Archive https://techcommunity.microsoft.com/t5/microsoft-syntex-blog/welcome-to-microsoft-inspire-2023-introducing-microsoft-365/ba-p/3874887 https://adoption.microsoft.com/en-us/syntex/manage/ Microsoft Trust Center - Data Resiliency https://www.microsoft.com/en-us/trust-center/privacy#defending_your_data ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
12 Nov 202335min
23andMe, Okta breach, MDE Automatic Attack Disruption
On this week's episode, Andy and Adam talk about the 23andMe and Okta breach that happened recently along with some recommendations on how organizations can try and prevent similar attacks in the future. They also talk about a revolutionary new feature in Microsoft Defender for Endpoint called Automatic Attack Disruption. They talk about how it works and how organizations can take advantage of it even if MDE is not your incumbent or primary EDR/XDR. ------------------------------------------- Youtube Video Link: https://youtu.be/2gUn1ZszQ-w ------------------------------------------- Documentation: https://techcrunch.com/2023/10/10/23andme-resets-user-passwords-after-genetic-data-posted-online/ https://www.wired.com/story/okta-support-system-breach-disclosure/ https://blog.1password.com/files/okta-incident/okta-incident-report.pdf https://www.microsoft.com/en-us/security/blog/2023/10/11/microsoft-defender-for-endpoint-now-stops-human-operated-attacks-on-its-own/ https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/automate-the-boring-for-your-soc-with-automatic-investigation/ba-p/1381038 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30 Okt 202333min
Entra Web-sign in, MDE Device Control, Imposter Syndrome
On this week's episode, Andy and Adam talk about some new features with Entra Web Sign-in and Microsoft Defender for Endpoint Device Control. They also talk about what every infosec professional goes through: imposter syndrome. ------------------------------------------- Youtube Video Link: https://youtu.be/AiU8tjl_oPA ------------------------------------------- Documentation: https://learn.microsoft.com/en-us/windows/security/identity-protection/web-sign-in/?tabs=intune https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/mde-device-control-leveraging-reusable-settings-in-intune/ba-p/3905072#M5496 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
23 Okt 202322min
Conditional Access Gap Analysis
On this week's episode, Andy and Adam talk about how to think about your conditional access policy design to avoid some common gaps that attackers can take advantage of. ------------------------------------------- Youtube Video Link: https://youtu.be/ULO9oRqJaV4 ------------------------------------------- Documentation: https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/ https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-conditional-access-gap-analyzer https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-mfa-gaps ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
19 Okt 202327min
Unpopular Cybersecurity Opinions
On this week's episode, Andy and Adam talk about a fun Twitter/X thread where cybersecurity professionals expressed some "unpopular opinions." ------------------------------------------- Youtube Video Link: https://youtu.be/qEV3zbskXX8 ------------------------------------------- Documentation: https://x.com/merill/status/1700615539452965327?s=20 https://x.com/wdormann/status/1702800210072670299?s=20 https://x.com/IBRice101/status/1704091544544842022?s=20 https://x.com/BrianHaugli/status/1702826263381942732?s=20 https://x.com/hakluke/status/1700336119630737459?s=20 https://x.com/wbm312/status/1700299133704339824?s=20 https://x.com/leandroqm/status/1701233575809466802?s=20 https://x.com/divinetechygirl/status/1700093520264954343?s=20 https://x.com/thegrugq/status/1700904930507387059?s=20 https://x.com/MalwareJake/status/1700491310396744092?s=20 https://x.com/xNymia/status/1700268632386007426?s=20 https://x.com/MalwareJake/status/1700107980581089714?s=20 https://x.com/dcuthbert/status/1700575515797553319?s=20 https://x.com/Northvein/status/1700957500244103276?s=20 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
9 Okt 202333min
JCI Ransomware, Ransomware Negotiations, CISA guidance
On this week's episode, Andy and Adam talk about Johnson Controls' ransomware attack and some implications on national security. They also talk about some lessons learned from ransomware negotiations and CISA's new campaign, Secure Your World. ------------------------------------------- Youtube Video Link: https://youtu.be/bslx3jol8tg ------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/building-automation-giant-johnson-controls-hit-by-ransomware-attack/ https://www.cnn.com/2023/09/28/politics/dhs-investigating-ransomware-attack/index.html https://www.pcmag.com/news/haggling-with-hackers-surprising-lessons-from-50-negotiations-with-ransomware https://www.cisa.gov/secure-our-world ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
2 Okt 202326min
MITRE Engenuity ATT&CK Evaluations and Insider Risk
On this week's episode, Andy and Adam talk about the results of the MITRE Engenuity ATT&CK Evaluations and how to interpret them. They also talk about the rising costs of insider risk and some things you can do to combat insider risk. ------------------------------------------- Youtube Video Link: https://youtu.be/FF1ZD73X5nA ------------------------------------------- Documentation: https://attackevals.mitre-engenuity.org/enterprise/turla/ https://www.microsoft.com/en-us/security/blog/2023/09/20/microsoft-365-defender-demonstrates-100-percent-protection-coverage-in-the-2023-mitre-engenuity-attck-evaluations-enterprise/ https://twitter.com/FrankMcG/status/1702155374386692107?s=20 https://www.csoonline.com/article/652964/insider-risks-are-getting-increasingly-costly.html ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26 Sep 202324min
MGM Resorts Security Incident
On this week's episode, Andy and Adam talk about the security incident impacting MGM Resorts. They discuss the attack vector of social engineering and ways that you can help protect your helpdesk and users from this type of attack. ------------------------------------------- Youtube Video Link: https://youtu.be/2UvrVA7u4VA ------------------------------------------- Documentation: https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection https://twitter.com/RachelTobac/status/1701801025940971792?s=20 https://twitter.com/Jhaddix/status/1702154228037488928?s=20 https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18 Sep 202335min
