197 episodes
Blue Security Andy Jaw & Adam Brewer
-
- Technology
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
-
Snowflake, Findlay Auto Ransomware, Olympics
In this episode of the Blue Security Podcast, Andy and Adam discuss three main topics: the unauthorized user access at Snowflake, the cybersecurity issue at Finley Automotive Group, and the cyber threats surrounding the upcoming Olympics in Paris. They highlight the importance of implementing strong security controls like multi-factor authentication and regular credential rotation. They also emphasize the need for organizations to assess their data storage practices and only retain necessary customer information. The hosts discuss the challenges faced by auto dealerships in securing their outdated systems and the potential risks associated with cyber threats during major events like the Olympics.
Takeaways
-Implement strong security controls like multi-factor authentication and regular credential rotation to protect against unauthorized access.
-Assess data storage practices and only retain necessary customer information to minimize the risk of exposure in the event of a cyber attack.
-Auto dealerships face challenges in securing their outdated systems and should prioritize updating their technology infrastructure.
-Major events like the Olympics are attractive targets for cyber threats, and organizations should be vigilant in detecting and mitigating potential risks.
-Collaboration between security organizations and threat intelligence providers is crucial in monitoring and addressing cyber threats.
----------------------------------------------------
YouTube Video Link: https://youtu.be/IuVBExmLsvg
----------------------------------------------------
Documentation:
https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html?utm_source=tldrinfosec&m=1
https://www.reviewjournal.com/business/source-findlay-operations-nearly-idled-losses-mount-from-cyberattack-suit-filed-3069083/
https://blogs.microsoft.com/on-the-issues/2024/06/02/russia-cyber-bots-disinformation-2024-paris-olympics/
https://www.recordedfuture.com/hurdling-over-hazards-multifaceted-threats-to-the-2024-paris-olympics
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
------------------------------------ -
Microsoft Recall update, Windows Hello Enhanced Sign-in Security
In this episode, Andy and Adam discuss the updates and clarifications made by Microsoft regarding the security concerns surrounding the Recall feature on Copilot Plus PCs. They highlight the changes, such as the option to proactively enable Recall during the out-of-box experience, the requirement of Windows Hello enrollment and proof of presence for accessing Recall, and the additional layers of protection, including just-in-time decryption and encrypted search index database. They also delve into the concept of Windows Hello Enhanced Sign-In Security and its benefits. The conversation emphasizes the importance of user choice and the balance between privacy and productivity.
Takeaways
-Microsoft has addressed the security concerns surrounding the Recall feature on Copilot Plus PCs by providing updates and clarifications.
-The Recall feature will be turned off by default during the out-of-box experience, giving users the choice to enable it proactively.
-Windows Hello enrollment and proof of presence are required to access Recall, ensuring authentication and physical presence.
-Additional layers of protection, such as just-in-time decryption and encrypted search index database, have been implemented to enhance security.
-Windows Hello Enhanced Sign-In Security provides an additional level of security to biometric data by leveraging specialized hardware and software components.
-The balance between privacy and productivity is important, and Microsoft allows users to choose whether to enable Recall and provides options for filtering and managing snapshots.
----------------------------------------------------
YouTube Video Link: https://youtu.be/PJhMStnm-SE
-----------------------------------------------------------
Documentation:
https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: -
Ticketmaster breach, Slack AI, Microsoft Recall
The conversation covers three primary themes: Ticketmaster data breach, Slack's data scraping, and Windows Recall feature. The Ticketmaster breach is discussed in detail, highlighting the stolen data, phishing risks, and the importance of password management. The conversation then shifts to Slack's data scraping controversy, addressing concerns about privacy and opt-in policies. Finally, the Windows Recall feature is explored, focusing on its local processing, privacy controls, and security implications.
Takeaways
-Data breaches pose significant risks, emphasizing the importance of password management and vigilance against phishing scams.
-Privacy concerns arise from data scraping practices, highlighting the need for transparent opt-in policies and user control.
-The Windows Recall feature offers advanced search capabilities but raises security considerations, emphasizing the importance of local processing and privacy controls.
----------------------------------------------------
YouTube Video Link: https://youtu.be/V9eR7lRck7k
-----------------------------------------------------------
Documentation:
https://www.cbsnews.com/news/ticketmaster-breach-what-to-know-about-protecting-your-data-cbs-news-explains/
https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/
https://www.windowscentral.com/software-apps/windows-11/windows-recall-faq-everything-you-need-to-know
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/ -
Microsoft Build Recap
In this episode of the Blue Security Podcast, Andy and Adam discuss the security and privacy announcements from Microsoft Build. They cover topics such as AI content safety, Copilot capabilities, security enhancements in Microsoft Edge, and new Windows security features. They also touch on the deprecation of NTLM and the introduction of Copilot Plus PCs with Qualcomm's new dev kit for Windows. Overall, the episode highlights the advancements in security and innovation in the Windows ecosystem.
Takeaways
-Microsoft announced new security and privacy features at Microsoft Build
-AI content safety enhancements were introduced to protect AI applications
-Copilot capabilities were expanded to provide information and context from knowledge in documents and files
-Microsoft Edge for Business received improvements in defense against data leaks and vulnerabilities
-New Windows security features were announced, including virtualization-based security, personal data encryption, and attestation
-NTLM deprecation is planned for the second half of 2024
-Copilot Plus PCs with Qualcomm's new dev kit offer enhanced performance and battery life
-The Windows ecosystem is experiencing a paradigm shift with innovation and competition
----------------------------------------------------
YouTube Video Link: https://youtu.be/zhn_t9X3ATQ
-----------------------------------------------------------
Documentation:
https://news.microsoft.com/build-2024-book-of-news/
https://blogs.windows.com/windowsdeveloper/2024/05/21/unlock-a-new-era-of-innovation-with-windows-copilot-runtime-and-copilot-pcs/
https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero -
Entra Private Access, Endpoint Privilege Management
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft Entra Private Access and Endpoint Privilege Management. Entra Private Access is a modern secure edge solution that allows remote users to access on-premise applications in a micro-segmented manner. It enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users. Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without giving them complete local admin access. It also supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
Takeaways
-Microsoft Entra Private Access is a modern secure edge solution for remote users to access on-premise applications in a micro-segmented manner.
-Entra Private Access enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users.
-Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without complete local admin access.
-Endpoint Privilege Management now supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ye3s2SNhqao
-----------------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450
https://techcommunity.microsoft.com/t5/microsoft-intune-blog/endpoint-privilege-management-adds-support-approved-elevations/ba-p/4101196
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero -
MSRC Transparency and USB Threats
In this episode of the Blue Security Podcast, Andy and Adam discuss two important topics: Microsoft's pledge for greater transparency in identifying and determining root causes for security vulnerabilities, and the increasing sophistication of USB malware attacks in industrial organizations. They provide insights into Microsoft's Secure Future Initiative and the importance of security in the OT and IoT networks. They also offer practical tips for strengthening USB security and data exfiltration prevention.
Takeaways
-Microsoft is pledging greater transparency in identifying and determining root causes for security vulnerabilities in their products and services.
-The Secure Future Initiative aims to transform software development, implement new identity protections, and improve transparency and vulnerability responses.
-USB malware attacks in industrial organizations are increasing in sophistication, with attackers using USB devices to establish silent residency in industrial control systems.
-Organizations should strengthen USB security by blocking or allowing USB devices based on an allow list, scanning USB devices for malicious processes or files, and implementing attack surface reduction rules.
-Data exfiltration prevention is crucial, and organizations should consider implementing full disk encryption, data loss prevention (DLP) rules, and sensitivity labeling to protect sensitive data.
-Visibility and inventory of OT and IoT devices are essential for developing a security strategy, and solutions like Defender for IoT and OT can provide network-based security and inventory management.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/aveWb4fjOek
-----------------------------------------------------------
Documentation:
https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/
https://www.honeywell.com/us/en/news/2024/04/cybersecurity-in-2024-usb-devices-continue-to-pose-major-threat
https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus
https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast