Microsoft Threat Intelligence Podcast Microsoft

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Mark Russinovich.  Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, joins the show to talk about his journey from developing on-prem tools like Sysinternals to working in the cloud with Azure. Sherrod and Mark discuss the evolution of cybersecurity, the role of AI in threat intelligence, and the challenge of jailbreaking AI models. Mark shares his experiences with testing AI models for vulnerabilities, including his discovery of the "Crescendo" and "Masterkey" methods to bypass safety protocols. They also touch on the issue of poisoned training data and its impact on AI reliability, while highlighting the importance of staying ahead in cybersecurity. 


In this episode you’ll learn:      

The shift from desktop computing to cloud-based systems and its implications 

Potential consequences of AI models having overridable safety instructions 

How AI training data can manipulate the outcomes generated by AI models 



Some questions we ask:     

Will AI owners be able to stop data poisoning, or will it become more common? 

Can you share challenges and vulnerabilities in maintaining the security of AI systems? 

What sparked your interest in AI jailbreaks, and what trends are you seeing? 



Resources:  
View Mark Russinovich on LinkedIn  
View Sherrod DeGrippo on LinkedIn  
 
AI jailbreaks: What they are and how they can be mitigated?
https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/ 

Inside AI Security with Mark Russinovich | BRK227 
https://www.youtube.com/watch?v=f0MDjS9-dNw 
How Microsoft discovers and mitigates evolving attacks against AI guardrails.
https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/ 
Google AI said to put glue on pizza.
https://www.businessinsider.com/google-ai-glue-pizza-i-tried-it-2024-5 
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by two of MSTIC’s finest analysts. They discuss recent trends in financially motivated cyber threats observed by Microsoft, focusing particularly on two cases: the Grandoreiro banking Trojan and the Luna Tempest crimeware actor. The Grandoreiro Trojan, active since 2017, has expanded globally beyond its initial Latin American focus, now targeting countries like the U.S. and the UK. This Trojan typically starts with phishing emails to steal financial information. Despite efforts to disrupt this activity, new clusters have emerged. The discussion also covers Luna Tempest, a U.S.- and UK-based extortion group targeting startups and smaller companies, particularly in sectors like insurance, FinTech, and biotech, seeking high payouts by threatening to release sensitive data. 
 

In this episode you’ll learn:      

The resilience and adaptability of threat actors in response to global disruption efforts 

Why Luna Tempest focuses solely on extortion without deploying ransomware 

How the Grandoreiro Banking Trojan has expanded globally  

 

Some questions we ask:     

How do we distinguish between the various threat actor groups and their malware? 

What can businesses do to protect themselves from identity-based attacks? 

Have these cybercriminals perfected an extortion program? 

 

Resources:  
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Andrew Morris, Founder & Chief Architect at GreyNoise and Lauren Proehl, Director of Global Cyber Defense at Marsh McLennan. Lauren Proehl is an experienced cybersecurity leader who has helped defend against threat actors in Fortune 500 networks and has managed multiple divisions focused in defensive security and specializes in innovative cyber defense. GreyNoise operates a huge sensor network across the internet that collects primary sourced data on which vulnerabilities attackers are exploiting, when they start, and from where. Sherrod, Lauren, and Andrew discuss the effectiveness of banning ransomware payments, the importance of focusing on backup and disaster recovery strategies, the necessity of investing in basic security measures like endpoint detection and response, multi-factor authentication, and log storage.  
 

In this episode you’ll learn:      

The potential for ransomware attacks on physical infrastructure 

Why most are hesitant to become a CISO and the expectations that come with the role 

Challenges when try to balance technical expertise with leadership skills 

 

Some questions we ask:     

Can government or law enforcement agencies evolve in combating ransomware?  

Where do you believe organizations can invest to improve their cybersecurity? 

How do you expect ransomware to change with tactics like double or triple extortion? 

 

Resources:  
View Lauren Proehl on LinkedIn  
View Andrew Morris on LinkedIn     
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.  
  

In this episode you’ll learn:      

The importance of proactive security and code review in the open-source community 

Why anomalies in software behavior should prompt curiosity and investigation 

Open-source community cooperation is vital for spotting and addressing security risks 

 

Some questions we ask:     

Could you explain the security issue you found in SSH and its significance? 

How serious is this threat, and what steps can organizations take to defend against it? 

What advice do you have for open-source contributors? 

 

Resources:  
View Andres Freund on LinkedIn  
View Thomas Roccia on LinkedIn     
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.  
  

In this episode you’ll learn:      

The genesis of the project scumbots and its functionality 

Challenges when dealing with commercial threat intelligence companies  

The increasing sophistication of cybercrime and the potential for new tactics 

  

Some questions we ask:     

How has your time in incident response evolved over the years? 

What advice would you give to aspiring cybersecurity professionals 

Do you believe organizations can adapt and innovate their defense strategies? 

 

Resources:  
Scumbots on Twitter 
View Paul Melson on LinkedIn     
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Microsoft Secure in San Francisco and is joined by Brandon Dixon and Vasu Jakkal. As Group Product Manager for Security Copilot, Brandon is helping to shape how generative AI is used to empower professionals to focus on what matters most. Brandon reflects on how security practices have changed, mental health in the security industry and how AI can empower individuals in the tech and infosec fields. Vasu discusses her passion for cybersecurity and its impact on global safety. She emphasizes the importance of inclusivity and optimism in tackling security challenges and shares her journey into cybersecurity, which was influenced by her love for technology instilled by watching Star Trek. Vasu also highlights the transformative potential of AI, particularly Microsoft Copilot for Security, in enhancing defense capabilities and catching new threats.  
 

In this episode you’ll learn:      

AI enhancing security practices and empowering individuals in the cybersecurity field 

The value of sharing ideas for critique, fostering inspiration, and driving innovation 

How AI has the power to unveil the wonders of the world while enhancing safety  



Some questions we ask:     

How will Co-Pilot for Security affect threat intelligence professionals and their work? 

What are you using AI for at work, both in terms of security and more generic AI? 

Can you share examples of how Copilot helps in your personal life? 

 

Resources:  
View Brandon Dixon on LinkedIn  
View Vasu Jakkal on LinkedIn    
View Sherrod DeGrippo on LinkedIn  


Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.