Security Unlocked

Microsoft
  • 4.0 (56)
  • TECHNOLOGY
  • UPDATED BIWEEKLY
Security Unlocked

Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning. Be sure to listen in and follow us! Hosted on Acast. See acast.com/privacy for more information.

  1. 02/16/2022

    Cryptojacking, and Farewell for Now!

    The success of crypto inspired dozens of other cryptocurrencies like Ethereum, Tether, and Dogecoin. Today, people worldwide use cryptocurrencies to buy things, sell things, and make investments. One thing is certain; digital currencies are here to stay, no matter how many times you have to explain what a bitcoin is. Unfortunately, it also created the world of cryptojacking, a form of cybercrime that remains completely hidden from the target and can infect millions of computers with cryptojacking malware. Which brings us to the fundamental question: What can organizations do to protect themselves?   In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Microsoft senior software engineer Amitrajit Banerjee and senior staff architect at Intel Rahul Ghosh to discuss the history and prevalence of cryptojacking. The push behind a cryptojacking attack is almost always motivated by money. Mining cryptocurrencies can be very lucrative, but making a profit is challenging unless you cover high costs. They discuss the importance of understanding the actual concept of mining, how victims' CPU power and computing resources can be used, and why it isn't easy in general to detect crypto miners.     In This Episode You Will Learn:     How prevalent is cryptojacking and who should be worried When and how people are exposed to these new types of threats Why you should be familiar with cryptojacking   Some Questions We Ask:     How are victims' CPU power and computing resources used to mine cryptocurrencies? What created this environment where cryptojacking is possible? What are some general techniques when trying to identify cryptojacking?    Resources:    The increasing threat of cryptocurrency miners  Defending against cryptojacking  Guidance for preventing, detecting, and hunting for exploitation    View Amitrajit Banerjee on LinkedIn  View Rahul Ghosh on LinkedIn  View Nic on LinkedIn   View Natalia on LinkedIn      Related:    Listen to: Security Unlocked: CISO Series with Bret Arsenault      Listen to: Afternoon Cyber Tea with Ann Johnson     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.      Hosted on Acast. See acast.com/privacy for more information.

    36 min

  2. 02/02/2022

    A look at Cybercrime in 2021

    Ransomware attacks have never been so successful. The returns from these attacks are soaring and only becoming easier to conduct. In chapter two of the Microsoft Digital Defense Report, the growing threat of cybercrime is covered in great detail. As we continue to go over the MDDR, it's more apparent than ever that the cybercrime economy and services it provides are stronger and more complex than ever. Cryptocurrency, malware, and adversarial machine learning are just a few of the topics we believe need to be covered in more detail.   In this episode of Security Unlocked, host’s Natalia Godyla and Nic Fillingham are joined by Jason Lyons, principal investigator in the digital crimes unit at Microsoft. Jason is an experienced investigator specializing in computer investigations. He is trained and experienced in hacker methodology/techniques, computer forensics, and incident response. Jason joined the show to discuss Chapter two of the Microsoft Digital Defense Report, which focuses on the state of cybercrime. He also speaks on how cryptocurrency has created new challenges in ransomware, why ransomware continues to grow, and recent trends we are currently seeing in malware.      In This Episode You Will Learn:      How to decide whether to pay the ransomware or not New ways for security teams to protect against malware Why we are seeing a rise in cybercrime due to cryptocurrency.    Some Questions We Ask:     What's new in the way the cybercrime economy operates?  Why is ransomware still such a big thing and maybe even getting bigger? What trends are we seeing with malware right now?    Resources:    Microsoft Digital Defense Report   View Jason Lyons on LinkedIn   View Nic on LinkedIn   View Natalia on LinkedIn      Related:    Listen to: Security Unlocked: CISO Series with Bret Arsenault      Listen to: Afternoon Cyber Tea with Ann Johnson     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.      Hosted on Acast. See acast.com/privacy for more information.

    41 min

  3. 01/19/2022

    What’s a BISO?

    Everything is exciting and new when you're a kid, and curiosity inspires many of us to branch out and try new things. For some, that means drawing from our imagination or trying all kinds of sports. And for others it means spending days at the library, checking out books on modem communications, and eventually hacking into the local dial-up community service. That's just a random example, of course... Either way, curiosity can be a powerful tool, even at a young age. To the point that it may help kickstart a career, you didn't even know existed.   In this episode of Security Unlocked, host Natalia Godyla is joined by S&P Global Ratings BISO Alyssa Miller. Alyssa is a life-long hacker and highly experienced security executive. She runs the security strategy for S&P Global Ratings as the Business Information Security Officer (BISO), bringing together corporate security objectives and business objectives. Natalia and Alyssa discuss her journey in security from a young and curious hacker to a BISO of the largest credit-rating agency, and how she is shaping what the role of the BISO will be for future generations.      In This Episode You Will Learn:     What are the roles and responsibilities of a BISO  How a BISO should interact with the rest of the organization How to put yourself on track to become a BISO     Some Questions We Ask:     What are the gaps that the BISO function is trying to address? What other roles should exist in security, but don’t?  How will the BISO role evolve over time?    Resources:    View Alyssa Miller on LinkedIn  View Nic on LinkedIn   View Natalia on LinkedIn      Related:    Listen to: Security Unlocked: CISO Series with Bret Arsenault      Listen to: Afternoon Cyber Tea with Ann Johnson     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.    Hosted on Acast. See acast.com/privacy for more information.

    40 min

  4. 01/05/2022

    Disinformation in the Enterprise

    Disinformation refers to the calculated use of false information to influence others and has been a steadily growing form of information warfare. Unfortunately, disinformation is everywhere these days, often hidden in plain sight. Criminals will also adapt and take advantage of technologies, such as AI and deepfakes, to increase the effectiveness of disinformation campaigns. Of course, there are ways to combat these types of attacks, and we cover recommendations for protecting the enterprise in the 2021 Microsoft Digital Defense Report (MDDR).   In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by the Director of Enterprise Continuity and Resilience at Microsoft, Irfan Mirza, who authored the chapter on disinformation in the enterprise in the 2021 MDDR. Irfan joins to discuss what disinformation is, why the use of disinformation is growing, how cognitive hacking occurs, and how cybersecurity can start thinking about adapting their strategies.  In This Episode You Will Learn:     How to identify disinformation campaigns  How to train users and protect your organization from disinformation   Why we need AI to defend against disinformation   Some Questions We Ask:     What is the difference between misinformation and disinformation? How does disinformation impact cybersecurity? What new skills do cybersecurity professionals need to be able to protect the enterprise from this new threat?   Resources:    Microsoft Digital Defense Report 2021  View Irfan Mirza on LinkedIn   View Nic on LinkedIn   View Natalia on LinkedIn      Related:      Listen to: Security Unlocked: CISO Series with Bret Arsenault      Listen to: Afternoon Cyber Tea with Ann Johnson     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network. Hosted on Acast. See acast.com/privacy for more information.

    35 min

  5. 12/22/2021

    I am Shroot-less

    Microsoft works around the clock to protect their customers, no matter what product they’re using, Microsoft or otherwise. In some instances Microsoft teams up with other companies, creating an all-star cybersecurity team, to handle newly discovered vulnerabilities. It helps everyone stay more secure, and of course, that's the ultimate goal, right?     In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are re-joined by Jonathan Bar Or, Principal Security Researcher at Microsoft. Jonathan discusses the recently discovered vulnerability that could let attackers bypass System Integrity Protection (SIP) in macOS, why he believes in investing in cross-platform protection, and the importance of collaboration between security researchers, software vendors, and the larger security community.     In This Episode You Will Learn:  What is System Integrity Protection (SIP) How attackers can bypass SIP How attackers can use the Shrootless vulnerability   Some Questions We Ask:  How did you find the Shrootless vulnerability? How do you decide what products to assess? How does the process of submitting a vulnerability to Apple work?    Resources:    Microsoft finds new macOS vulnerability - Shrootless  View Jonathan Bar Or on LinkedIn  View Nic on LinkedIn   View Natalia on LinkedIn     Related:    Listen to: Security Unlocked: CISO Series with Bret Arsenault      Listen to: Afternoon Cyber Tea with Ann Johnson     Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.      Hosted on Acast. See acast.com/privacy for more information.

    36 min

  6. 12/08/2021

    Decoding NOBELIUM

    In December 2020, Microsoft began sharing information with the cybersecurity industry on a group of Russia-based hackers who gained access to multiple enterprises through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens. In this supply chain attack, hackers could access the SolarWinds code, slip malicious code into a piece of the software, and use the vendor’s legitimate software updates to spread malware to customer systems.    Security Unlocked is excited to share with you, Decoding NOBELIUM. The docuseries gives you an inside look into the NOBELIUM incident, now viewed as one of the most advanced nation-state and supply chain attacks in history, with stories from the frontline defenders who tracked and responded to the attackers.  Resources:  Decoding NOBELIUM: Video Series Defending Against Nation-State Attacks | Microsoft Security View Natalia on LinkedIn  View Nic on LinkedIn  Related:     Listen to: Security Unlocked: CISO Series with Bret Arsenault    Listen to: Afternoon Cyber Tea with Ann Johnson   Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.   Hosted on Acast. See acast.com/privacy for more information.

    49 min

  7. 11/24/2021

    Trusting Your Hybrid Workforce

    We are back, covering more of the 2021 Microsoft Digital Defense Report, and this time we’re taking a deep dive into chapter five on Hybrid Workforce Security and Zero Trust. Zero Trust means precisely what it sounds like, never assuming any device or identity is secure; it's like having major trust issues, but in a professional way. With most businesses moving to remote work because of the pandemic, cybercriminals, of course, found new ways to take advantage, especially since most people are now moving between business and personal activity online. For the first time, we’re going to cover a full 12-month recap of what securing the hybrid workforce has been like.  In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Carmichael Patton, Lead Architect for Microsoft's Internal Zero Trust Deployment. Carmichael joins the show to discuss security challenges and trends impacting the hybrid workforce, the three most significant insider risk vulnerabilities, and why some customers are still not using MFA.  In This Episode You Will Learn:     Security challenges and trends impacting the hybrid workforce How Microsoft approached their Zero Trust journey  Prioritizing security initiatives during a time of massive change   Some Questions We Ask:     What were some of the major hybrid workforce attacks?  Why are some customers still not using MFA? When and how should you deal with insider risk?  Resources:    Zero Trust Adoption Report  The 2021 Microsoft Digital Defense Report   View Carmichael Patton on LinkedIn   View Nic on LinkedIn   View Natalia on LinkedIn   Related:  Listen to: Security Unlocked: CISO Series with Bret Arsenault    Listen to: Afternoon Cyber Tea with Ann Johnson   Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.    Hosted on Acast. See acast.com/privacy for more information.

    41 min

  8. 11/10/2021

    When Privacy Meets Security

    The way most people operate online these days, what would you even consider private anymore? We are so quick to share details about our job, home, friends, and family without even thinking about how much personal info we're giving away. Privacy and user agreements are a part of almost everyone's life at this point, and what do you know about them? For the most part, we often see a user agreement pop up, click agree and move on, but do you know what you just agreed to? Privacy choices have become routine, though they shouldn’t be.  In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Privacy Counsel and Data Protection Officer at Asana, Whitney Merrill. She is an accomplished attorney with 7+ years of privacy, data security, and data governance experience. Whitney discusses how to avoid common privacy mistakes, current privacy attack trends, and the importance of thinking like an attacker.     In This Episode You Will Learn:     The role of encryption in privacy  Privacy attack trends you should be paying attention to Why some organizations have different approaches to privacy    Some Questions We Ask:     How, and when, do privacy and security come together?  Why has a common framework been so difficult to establish?  Should regulators play a role in establishing a baseline of privacy awareness?    Resources:    View Whitney Merrill on LinkedIn  View Nic on LinkedIn   View Natalia on LinkedIn     Related:      Listen to: Security Unlocked: CISO Series with Bret Arsenault    Listen to: Afternoon Cyber Tea with Ann Johnson   Discover and follow other Microsoft podcasts at microsoft.com/podcasts Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.   Hosted on Acast. See acast.com/privacy for more information.

    39 min
See All (59)

4
out of 5
56 Ratings

About

Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning. Be sure to listen in and follow us! Hosted on Acast. See acast.com/privacy for more information.

Information

  • Creator
    Microsoft
  • Years Active
    2020 - 2022
  • Episodes
    59
  • Rating
    Clean
  • Copyright
    ©2024 Microsoft
  • Show Website
    Security Unlocked

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada