Snowflake, Findlay Auto Ransomware, Olympics
In this episode of the Blue Security Podcast, Andy and Adam discuss three main topics: the unauthorized user access at Snowflake, the cybersecurity issue at Finley Automotive Group, and the cyber threats surrounding the upcoming Olympics in Paris. They highlight the importance of implementing strong security controls like multi-factor authentication and regular credential rotation. They also emphasize the need for organizations to assess their data storage practices and only retain necessary customer information. The hosts discuss the challenges faced by auto dealerships in securing their outdated systems and the potential risks associated with cyber threats during major events like the Olympics. Takeaways -Implement strong security controls like multi-factor authentication and regular credential rotation to protect against unauthorized access. -Assess data storage practices and only retain necessary customer information to minimize the risk of exposure in the event of a cyber attack. -Auto dealerships face challenges in securing their outdated systems and should prioritize updating their technology infrastructure. -Major events like the Olympics are attractive targets for cyber threats, and organizations should be vigilant in detecting and mitigating potential risks. -Collaboration between security organizations and threat intelligence providers is crucial in monitoring and addressing cyber threats. ---------------------------------------------------- YouTube Video Link: https://youtu.be/IuVBExmLsvg ---------------------------------------------------- Documentation: https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html?utm_source=tldrinfosec&m=1 https://www.reviewjournal.com/business/source-findlay-operations-nearly-idled-losses-mount-from-cyberattack-suit-filed-3069083/ https://blogs.microsoft.com/on-the-issues/2024/06/02/russia-cyber-bots-disinformation-2024-paris-olympics/ https://www.recordedfuture.com/hurdling-over-hazards-multifaceted-threats-to-the-2024-paris-olympics ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18 Juni 202432min
Microsoft Recall update, Windows Hello Enhanced Sign-in Security
In this episode, Andy and Adam discuss the updates and clarifications made by Microsoft regarding the security concerns surrounding the Recall feature on Copilot Plus PCs. They highlight the changes, such as the option to proactively enable Recall during the out-of-box experience, the requirement of Windows Hello enrollment and proof of presence for accessing Recall, and the additional layers of protection, including just-in-time decryption and encrypted search index database. They also delve into the concept of Windows Hello Enhanced Sign-In Security and its benefits. The conversation emphasizes the importance of user choice and the balance between privacy and productivity. Takeaways -Microsoft has addressed the security concerns surrounding the Recall feature on Copilot Plus PCs by providing updates and clarifications. -The Recall feature will be turned off by default during the out-of-box experience, giving users the choice to enable it proactively. -Windows Hello enrollment and proof of presence are required to access Recall, ensuring authentication and physical presence. -Additional layers of protection, such as just-in-time decryption and encrypted search index database, have been implemented to enhance security. -Windows Hello Enhanced Sign-In Security provides an additional level of security to biometric data by leveraging specialized hardware and software components. -The balance between privacy and productivity is important, and Microsoft allows users to choose whether to enable Recall and provides options for filtering and managing snapshots. ---------------------------------------------------- YouTube Video Link: https://youtu.be/PJhMStnm-SE ----------------------------------------------------------- Documentation: https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/ https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
11 Juni 202442min
Ticketmaster breach, Slack AI, Microsoft Recall
The conversation covers three primary themes: Ticketmaster data breach, Slack's data scraping, and Windows Recall feature. The Ticketmaster breach is discussed in detail, highlighting the stolen data, phishing risks, and the importance of password management. The conversation then shifts to Slack's data scraping controversy, addressing concerns about privacy and opt-in policies. Finally, the Windows Recall feature is explored, focusing on its local processing, privacy controls, and security implications. Takeaways -Data breaches pose significant risks, emphasizing the importance of password management and vigilance against phishing scams. -Privacy concerns arise from data scraping practices, highlighting the need for transparent opt-in policies and user control. -The Windows Recall feature offers advanced search capabilities but raises security considerations, emphasizing the importance of local processing and privacy controls. ---------------------------------------------------- YouTube Video Link: https://youtu.be/V9eR7lRck7k ----------------------------------------------------------- Documentation: https://www.cbsnews.com/news/ticketmaster-breach-what-to-know-about-protecting-your-data-cbs-news-explains/ https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/ https://www.windowscentral.com/software-apps/windows-11/windows-recall-faq-everything-you-need-to-know ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
4 Juni 202429min
Microsoft Build Recap
In this episode of the Blue Security Podcast, Andy and Adam discuss the security and privacy announcements from Microsoft Build. They cover topics such as AI content safety, Copilot capabilities, security enhancements in Microsoft Edge, and new Windows security features. They also touch on the deprecation of NTLM and the introduction of Copilot Plus PCs with Qualcomm's new dev kit for Windows. Overall, the episode highlights the advancements in security and innovation in the Windows ecosystem. Takeaways -Microsoft announced new security and privacy features at Microsoft Build -AI content safety enhancements were introduced to protect AI applications -Copilot capabilities were expanded to provide information and context from knowledge in documents and files -Microsoft Edge for Business received improvements in defense against data leaks and vulnerabilities -New Windows security features were announced, including virtualization-based security, personal data encryption, and attestation -NTLM deprecation is planned for the second half of 2024 -Copilot Plus PCs with Qualcomm's new dev kit offer enhanced performance and battery life -The Windows ecosystem is experiencing a paradigm shift with innovation and competition ---------------------------------------------------- YouTube Video Link: https://youtu.be/zhn_t9X3ATQ ----------------------------------------------------------- Documentation: https://news.microsoft.com/build-2024-book-of-news/ https://blogs.windows.com/windowsdeveloper/2024/05/21/unlock-a-new-era-of-innovation-with-windows-copilot-runtime-and-copilot-pcs/ https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/ ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
28 Maj 202439min
Entra Private Access, Endpoint Privilege Management
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft Entra Private Access and Endpoint Privilege Management. Entra Private Access is a modern secure edge solution that allows remote users to access on-premise applications in a micro-segmented manner. It enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users. Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without giving them complete local admin access. It also supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu. Takeaways -Microsoft Entra Private Access is a modern secure edge solution for remote users to access on-premise applications in a micro-segmented manner. -Entra Private Access enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users. -Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without complete local admin access. -Endpoint Privilege Management now supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/ye3s2SNhqao ----------------------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450 https://techcommunity.microsoft.com/t5/microsoft-intune-blog/endpoint-privilege-management-adds-support-approved-elevations/ba-p/4101196 ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
21 Maj 202419min
MSRC Transparency and USB Threats
In this episode of the Blue Security Podcast, Andy and Adam discuss two important topics: Microsoft's pledge for greater transparency in identifying and determining root causes for security vulnerabilities, and the increasing sophistication of USB malware attacks in industrial organizations. They provide insights into Microsoft's Secure Future Initiative and the importance of security in the OT and IoT networks. They also offer practical tips for strengthening USB security and data exfiltration prevention. Takeaways -Microsoft is pledging greater transparency in identifying and determining root causes for security vulnerabilities in their products and services. -The Secure Future Initiative aims to transform software development, implement new identity protections, and improve transparency and vulnerability responses. -USB malware attacks in industrial organizations are increasing in sophistication, with attackers using USB devices to establish silent residency in industrial control systems. -Organizations should strengthen USB security by blocking or allowing USB devices based on an allow list, scanning USB devices for malicious processes or files, and implementing attack surface reduction rules. -Data exfiltration prevention is crucial, and organizations should consider implementing full disk encryption, data loss prevention (DLP) rules, and sensitivity labeling to protect sensitive data. -Visibility and inventory of OT and IoT devices are essential for developing a security strategy, and solutions like Defender for IoT and OT can provide network-based security and inventory management. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/aveWb4fjOek ----------------------------------------------------------- Documentation: https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/ https://www.honeywell.com/us/en/news/2024/04/cybersecurity-in-2024-usb-devices-continue-to-pose-major-threat https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
14 Maj 202429min
2024 Verizon Data Breach Report
The 17th annual Verizon Data Breach Investigation Report reveals key findings and trends in cybersecurity. The report highlights the increase in vulnerability exploitation for initial access, the continued prevalence of human error in breaches, the rise of pure extortion attacks, and the limited impact of generative AI in the cybersecurity landscape. Recommendations include implementing robust threat and vulnerability management programs, focusing on user education and data protection, and exploring the use of generative AI for defensive purposes. The report serves as a valuable resource for organizations looking to enhance their cybersecurity strategies. Takeaways -Vulnerability exploitation for initial access nearly tripled in 2023, highlighting the need for robust threat and vulnerability management programs. -Human error remains a significant factor in most breaches, emphasizing the importance of user education and data protection measures. -Pure extortion attacks are increasing, signaling a shift away from encryption ransomware as threat actors seek quicker and easier ways to profit. -Generative AI has yet to make a significant impact in the cybersecurity landscape, but organizations should consider leveraging it for defensive purposes. -The Verizon Data Breach Investigation Report provides valuable insights and recommendations for organizations looking to enhance their cybersecurity strategies. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/ajqbA9zPUbA ----------------------------------------------------------- Documentation: https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/ ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
7 Maj 202433min
Mobile Threats
In this episode, Andy and Adam discuss the growing threat of mobile device threats. They highlight the recent mass password reset and account lockout of Apple IDs and the potential for a mobile wormable event. They explore the conditions necessary for a mobile wormable attack, including the development of zero-click exploits, the abuse of contact lists for further spread, and the lack of clear mitigations from telecommunications and mobile device companies. They also discuss the limitations of lockdown mode and the importance of endpoint protection for mobile devices. Takeaways -Mobile devices have become ubiquitous in corporate environments and are vital for both security and operations. -The conditions necessary for a mobile wormable attack are already in place, including the development of zero-click exploits and the abuse of contact lists for further spread. -Lockdown mode and mobile threat detection (MTD) solutions can provide some risk mitigation for mobile devices, but they have limitations and limited visibility. -Endpoint protection for mobile devices, including mobile device management (MDM) and MTD, should be part of an organization's risk mitigation strategy. -Enterprises should consider implementing baseline security measures for mobile devices, such as a minimum six-digit passcode and keeping the operating system up to date. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/lxWveot8AF4 ----------------------------------------------------------- Documentation: https://www.macrumors.com/2024/04/27/apple-id-accounts-logging-out-users/ https://go.recordedfuture.com/hubfs/reports/CTA-2024-0416.pdf https://www.wired.com/story/apple-lockdown-mode-hands-on/ ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30 Apr 202437min
