Microsoft Threat Intelligence Podcast Microsoft

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure. 
  

In this episode you’ll learn:      
  

How AI Bug Bounty programs are reshaping traditional security practices 

Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data 

Why you should engage in AI bug hunting and contribute to the evolving security landscape 

 

Some questions we ask:     
  

Which products are currently included in the Bug Bounty program? 

Should traditional bug bounty hunters start doing AI bug bounty hunting? 

How can someone get started with AI bug hunting and submitting to your program? 

 
 

Resources:  
View Lynn Miyashita on LinkedIn  
View Andrew Paverd on LinkedIn  
View Sherrod DeGrippo on LinkedIn  
 
Microsoft AI Bug Bounty Program 
 
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
 
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

In this episode of the Microsoft Threat Intelligence Podcast recorded at the RSA Conference in San Francisco, host Sherrod DeGrippo engages with a diverse group of cybersecurity experts. David Weston, VP of Operating System Security at Microsoft, discusses the evolution of Windows security and the role of AI. Jamie Williams from MITRE shares insights on the importance of product functionality in cybersecurity. Emma Stewart, Chief Power Grid Scientist at Idaho National Lab, talks about securing the digital transition of the power grid. Joe Slowik from MITRE emphasizes the importance of threat intelligence and integrating cybercrime entities into their attack framework. Lindsey O'Donnell, executive editor of Decipher, highlights AI's crucial role in cybersecurity and finally, Todd Pauley, deputy CISO of the Texas Education Agency, discusses the challenges faced by small school districts in Texas.   


In this episode you’ll learn:      
  

How Windows security has transitioned from user-controlled to Microsoft-managed 

The importance of understanding product functionality to combat cyber threats 

Securing the power grid's digital transition and cloud technologies for grid control 

  

Some questions we ask:     
  

What challenges and opportunities arise in securing the power grid's digital transition? 

How does AI enhance security in Windows operating systems? 

What were some of the most memorable sessions you attended at RSA? 

 

Resources:  
View Sherrod DeGrippo on LinkedIn  

 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     


 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
 
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Mark Russinovich.  Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, joins the show to talk about his journey from developing on-prem tools like Sysinternals to working in the cloud with Azure. Sherrod and Mark discuss the evolution of cybersecurity, the role of AI in threat intelligence, and the challenge of jailbreaking AI models. Mark shares his experiences with testing AI models for vulnerabilities, including his discovery of the "Crescendo" and "Masterkey" methods to bypass safety protocols. They also touch on the issue of poisoned training data and its impact on AI reliability, while highlighting the importance of staying ahead in cybersecurity. 


In this episode you’ll learn:      

The shift from desktop computing to cloud-based systems and its implications 

Potential consequences of AI models having overridable safety instructions 

How AI training data can manipulate the outcomes generated by AI models 



Some questions we ask:     

Will AI owners be able to stop data poisoning, or will it become more common? 

Can you share challenges and vulnerabilities in maintaining the security of AI systems? 

What sparked your interest in AI jailbreaks, and what trends are you seeing? 



Resources:  
View Mark Russinovich on LinkedIn  
View Sherrod DeGrippo on LinkedIn  
 
AI jailbreaks: What they are and how they can be mitigated?
https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/ 

Inside AI Security with Mark Russinovich | BRK227 
https://www.youtube.com/watch?v=f0MDjS9-dNw 
How Microsoft discovers and mitigates evolving attacks against AI guardrails.
https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/ 
Google AI said to put glue on pizza.
https://www.businessinsider.com/google-ai-glue-pizza-i-tried-it-2024-5 
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by two of MSTIC’s finest analysts. They discuss recent trends in financially motivated cyber threats observed by Microsoft, focusing particularly on two cases: the Grandoreiro banking Trojan and the Luna Tempest crimeware actor. The Grandoreiro Trojan, active since 2017, has expanded globally beyond its initial Latin American focus, now targeting countries like the U.S. and the UK. This Trojan typically starts with phishing emails to steal financial information. Despite efforts to disrupt this activity, new clusters have emerged. The discussion also covers Luna Tempest, a U.S.- and UK-based extortion group targeting startups and smaller companies, particularly in sectors like insurance, FinTech, and biotech, seeking high payouts by threatening to release sensitive data. 
 

In this episode you’ll learn:      

The resilience and adaptability of threat actors in response to global disruption efforts 

Why Luna Tempest focuses solely on extortion without deploying ransomware 

How the Grandoreiro Banking Trojan has expanded globally  

 

Some questions we ask:     

How do we distinguish between the various threat actor groups and their malware? 

What can businesses do to protect themselves from identity-based attacks? 

Have these cybercriminals perfected an extortion program? 

 

Resources:  
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Andrew Morris, Founder & Chief Architect at GreyNoise and Lauren Proehl, Director of Global Cyber Defense at Marsh McLennan. Lauren Proehl is an experienced cybersecurity leader who has helped defend against threat actors in Fortune 500 networks and has managed multiple divisions focused in defensive security and specializes in innovative cyber defense. GreyNoise operates a huge sensor network across the internet that collects primary sourced data on which vulnerabilities attackers are exploiting, when they start, and from where. Sherrod, Lauren, and Andrew discuss the effectiveness of banning ransomware payments, the importance of focusing on backup and disaster recovery strategies, the necessity of investing in basic security measures like endpoint detection and response, multi-factor authentication, and log storage.  
 

In this episode you’ll learn:      

The potential for ransomware attacks on physical infrastructure 

Why most are hesitant to become a CISO and the expectations that come with the role 

Challenges when try to balance technical expertise with leadership skills 

 

Some questions we ask:     

Can government or law enforcement agencies evolve in combating ransomware?  

Where do you believe organizations can invest to improve their cybersecurity? 

How do you expect ransomware to change with tactics like double or triple extortion? 

 

Resources:  
View Lauren Proehl on LinkedIn  
View Andrew Morris on LinkedIn     
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 
Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.  
  

In this episode you’ll learn:      

The importance of proactive security and code review in the open-source community 

Why anomalies in software behavior should prompt curiosity and investigation 

Open-source community cooperation is vital for spotting and addressing security risks 

 

Some questions we ask:     

Could you explain the security issue you found in SSH and its significance? 

How serious is this threat, and what steps can organizations take to defend against it? 

What advice do you have for open-source contributors? 

 

Resources:  
View Andres Freund on LinkedIn  
View Thomas Roccia on LinkedIn     
View Sherrod DeGrippo on LinkedIn  
 

Related Microsoft Podcasts:                   


Afternoon Cyber Tea with Ann Johnson 


The BlueHat Podcast 


Uncovering Hidden Risks     

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  
Get the latest threat intelligence insights and guidance at Microsoft Security Insider 
 
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.