In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.  Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.  Episode Resources: Episode 17: On-Prem Security vs. Cloud Security Microsoft’s Announcement Regarding the Secure Future Initiative

In this two-part episode, Andy and Paul Schnackenburg discuss Microsoft’s recently announced Secure Future Initiative, a multi-year commitment to revolutionize the design, building, testing and operation of technology for enhanced security standards in the age of AI. The discussion stems from the aftermath of the Storm 0558 breach that occurred in July 2023, orchestrated by Chinese nation-state threat actors.  Tune in to gain a comprehensive understanding of the Secure Future Initiative and its implications.   Stay tuned for part 2!  Timestamps:  (2:55) – An Update on the Microsoft Storm-0558 Breach  (8:40) – The Microsoft Secure Future Initiative (SFI)  (12:12) – Comparison with the 2002 Trustworthy Computing Initiative Memo  (17:39) – The Trustworthiness of On-Prem vs. The Cloud  (23:04) – How Does Microsoft Want to Use AI in Security?    Episode Resources: 365TP Compliance & Awareness Free Trial EP17: On-Prem Security vs Cloud Security EP18: Generative AI in Defensive Tools EP22: Can you trust Microsoft with Security?  

We're kicking off 2024 with our Monthly Threat Report analysis. Every month, our Security Lab looks into M365 security trends and email-based threats and provides commentary on current events in the cybersecurity space.  In this episode, Andy and Eric Siron discuss the Monthly Threat Report for January 2024. Tune in to learn about the top-targeted industries, brand impersonations, the MOVEit supply chain attack, the active attack by the Iranian hacking group "Homeland Justice" on the Albanian government, and much more!  Episode Resources: Full Monthly Threat Report for January 2024 Annual Cyber Security Report 2024 Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Our final episode for 2023 is here! To wrap up the year, Andy and Umut Alemdar will be discussing our Monthly Threat Report for December 2023. The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. In this episode, Andy and Umut are focusing on data from the month of November.  Tune in to hear about Microsoft’s recent zero-day vulnerabilities, the most common file types used to deliver malicious payloads, M365 brand impersonations and a lot more!  Episode Resources: Full Monthly Threat Report - December 2023 Annual Cyber Security Report 2024 - Free Download

As the year comes to a close, the Security Swarm podcast takes a reflective journey, comparing the landscape of security then and now. In this special episode, Andy and Eric Siron explore the intriguing evolution of cybersecurity from the days of floppy disks and DOS to the complex, interconnected world of today.  Tune in to learn about the significant shifts in security incidents, drawing correlations and highlighting differences. From the era of viruses attempting to one-up each other with floppy disks to the present, where data theft and ransomware dominate the landscape.  Timestamps: (2:56) – What was security like in the early days of IT and how does it compare to now?  (12:18) – Why are threat-actors more persistent now than they used to be?  (23:33) – Security horror stories then vs. now  (44:40) – How has Andy and Eric’s Stances on Security Changed from then vs. now?  Episode Resources: Central African Republic and El Salvador Adopt Cryptocurrency as Legal Tender Download Hornetsecurity’s Annual Cyber Security Report 2024

Remember the days of DNS route-based email security? It's been a steadfast approach, but in recent years, the landscape has shifted towards API-driven solutions, particularly evident in platforms like Microsoft 365 utilizing the Graph API for enhanced security.   In this episode, Umut Alemdar from Hornetsecurity's Security Lab joins Andy once again to discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. Tune in as they compare these two methodologies, weighing the pros and cons, discussing caveats, and navigating the intricacies of email security.   Episode Resources: 365 Total Protection Free Trial

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October.  During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape.   Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike.  Timestamps: (3:07) – What is the general state of email threats during the last month?  (6:31) – What types of files are being used to deliver malicious files?  (9:38) – What industries are being targeted the most throughout the data period?  (14:40) – What are the most impersonated brands during the last month?  (18:52) – An update on the Microsoft Storm-0558 breach  (23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler  (30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO  Episode Resources: Full Monthly Threat Report for November Law Enforcement Shutdown of Qakbot Paul and Andy Discuss Storm-0558 Security Awareness Service - Request Demo Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft's contradictory "no backup needed" guidance. To add to the confusion, Microsoft has introduced its own M365 backup product.  During the episode, we'll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don't miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365!  Episode Resources: Free eBook - Microsoft 365: The Essential Companion Guide 365 Total Backup – Request a Trial VM Backup - Free Trial Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

In today’s episode, we’re delighted to welcome back Eric Siron, who’s no stranger to our show. Andy and Eric will be exploring some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media and application whitelisting. But here's the twist: we're approaching these protective measures from the mindset of a relentless threat actor, someone who's determined to breach your defenses and make your backups their own.  Throughout the episode, we will discuss common misconceptions surrounding these historical solutions, often described as the ultimate ransomware defenses. Do they genuinely live up to the hype? Why do they seem to fall short when used in a vacuum? Tune in to learn more!  Episode Resources:  The Backup Bible by Eric Siron EP22: Can You Trust Microsoft with Security? Immutable Protection Against Ransomware Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

Get a glimpse into The Security Swarm Podcast 🎙️ – a weekly conversation of the most critical issues facing the world of cybersecurity today, hosted by Andy Syrewicze, Security Evangelist at Hornetsecurity. From the malicious use of AI tools to social engineering scams, each episode hones in on a pertinent topic dissected by an industry expert and backed up by real-world data from our Security Lab 🔬 The world of cybersecurity should not be taken on alone – it’s time to join the swarm. Check it out 👉

In today's digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks.  In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business.    Timestamps: (3:20) – How important is ransomware protection in terms of IT priorities? (4:41) – How many organizations do NOT have a DR plan in place?  (9:28) – How many organizations protect their backups from ransomware?  (12:10) – What types of tools are organizations using to combat ransomware?  (15:45) – How many organizations have been victims of ransomware?  (18:12) – How many ransomware victims managed to recovery from backup?  (20:50) – What are the most common vectors of attack for ransomware?  (24:00) – How many people see real value from security awareness training?  (27:37) – How many organizations using M365 have a DR plan in place for ransomware?  Episode Resources: Full Ransomware Survey Results EP12: What We Learned by Asking the Community About Compliance

Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed!  In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy!  Timestamps: (1:57) – What are malicious OAuth Applications?  (5:21) – Who can authorize OAuth Applications in a M365 tenant?  (8:25) – How are malicious OAuth Applications getting past Microsoft Review?  (14:56) – An example of a how a malicious OAuth Application might function in an attack  (17:44) – Mitigation and prevention of malicious OAuth Application attacks  (25:35) – The M365 Essential Companion Guide eBook  Episode Resources: M365 Publisher Verification M365 Publisher Attestation M365 App Certification M365 ACAT Tool Free eBook 'Microsoft 365: The Essential Companion Guide' Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.   The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company's security culture and its ability to safeguard its vast user base.  Tune in for more details!  Timestamps: (2:37) – Email Threat Numbers for the data period.  (4:18) – File Types used for the delivery of malicious payloads.  (7:39) – What are the top targeted industry verticals?  (11:19) – What were the most impersonated brands during the last month?  (21:15) – Microsoft’s Continued Security Issues  (31:19) – Vulnerabilities in libwebp  Episode Resources: Full Monthly Threat Report - October 2023 Andy and Paul Discuss Microsoft Security Problems

You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let's face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take.   In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today's ever-changing cybersecurity landscape.  Timestamps: (2:45) - Why is certification important in the Security Space  (7:28) - What are the benefits of getting certified?  (11:45) - Vendor-specific certifications  (16:05) - Are Linux certifications relevant to security professionals?  (22:21) - What are the most important vendor-agnostic security certifications?  Episode Resources: Comptia Security+ GSEC Cisco CCNA CISSP CISM CEH OSCP Careers at Hornetsecurity (We offer training!) Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident.  The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.   Timestamps: (1:55) – There has been a recent string of security issues at Microsoft  (6:42) – Storm-0558  (16:38) – Follow up on the SolarWinds attack from 2020  (20:50) – Multiple Exchange on-prem vulnerabilities over the last several years  (22:55) – Power Platform cross-tenant un-authorized access  (26:61) – Communication seems to be a sore spot across all these issues  (31:21) – Trust is critical for the survival of “the cloud”  Episode Resources: Monthly Threat Report - September 2023 Microsoft 365: The Essential Companion Guide - Free eBook Paul’s recent article on Microsoft’s security issues Results of Microsoft’s Storm-0558 Investigation Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry.  With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape.  Timestamps: (2:13) – What is it like being the CEO of a Cybersecurity Company?  (7:27) – What are the main methods that Daniel uses to keep up to date on the industry?  (10:05) – What was the main driving reason behind founding Hornetsecurity?  (13:26) – Solving security problems with a unique approach.  (18:28) – How is AI changing the cybersecurity industry?  (24:08) – Daniel’s cybersecurity predictions for the future.  Episode Resources: Hornetsecurity’s Advanced Threat Protection Episode 18: Generative AI in Defensive Tools  

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023.  During the episode, Andy and Yvonne explore the overall threat trends including:   The most common malicious file types used to deliver payloads, with HTML files taking the lead  The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.   The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks.  The impact of the FBI’s disruption of Qakbot.  The Storm-0558 breach.  A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors.  Timestamps: (3:22) – General threat trends for this month’s data period  (7:11) – What were the most used file types used for malicious payloads during the data period?  (10:10) – What are the most targeted industries for this data period?  (12:04) – The most impersonated brands from this month’s report  (16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet  (22:54) – An update on the Microsoft Storm-0558 breach  (33:46) – Data breaches account for 14 million lost records  Episode Resources: Full Monthly Threat Report - September 2023 EP07: A Discussion and Analysis of Qakbot  Security Awareness Service Andy on LinkedIn, Twitter, Mastadon  Yvonne on LinkedIn 

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Azure Entra, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Azure AD is/was and its crucial role in the Microsoft Cloud ecosystem.   Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform's functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same. Timestamps: 2:03 – Azure AD is Now Microsoft Entra  9:35 – Relevant Acronyms for the Identity Space  13:49 – Entra Internet Access  21:28 – Entra Private Access  26:44 – M365 / Entra ID Tenant Restrictions  30:23 – How Do These Features Factor Into the Storm-0558 Breach?  Episode resources: Hornetsecurity 365 Total Protection Podcast episode: Licensing Security Features in M365 Microsoft Entra Azure Active Directory Domain Services Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point.   This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy!  Timestamps: 2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle  15:50 – Compliance and Similar Issues Often Drives C-Suite Attention  26:05 – An Example - What Would Daniel Look for When Having to Make a C-Suite Decision?  Episode Resources: 365 Total Protection  Email Encryption  Andy on LinkedIn, Twitter or Mastodon  Daniel on LinkedIn 

In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI's darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity's suite of products leverages AI to display a concrete example in the industry.  Join us as we shift the narrative from AI's potential for malicious use to how defensive toolsets and security experts are harnessing its power.   Timestamps:  3:12 – How has AI changed the threat landscape?  6:10 – How can AI help blue teams?  16:08 – An example of AI used defensively in a software stack  26:24 – What advancements in AI in the security space are we likely to see in the future?  Episode Resources: EP08: Advanced Threat Protection: A Must Have in Today's Ecosystem? EP03: The Reemergence of Emotet and Why Botnets Continue to Return Advanced Threat Protection Security Awareness Service OpenAI Cybersecurity Grant Program AI can steal data by listening to keystrokes with 95% accuracy Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today’s episode we have Eric Siron, Microsoft MVP, joining Andy for a discussion on the debated topic of On-Prem Security versus Cloud Security from a security standpoint. The digital landscape has transformed, raising questions about securing multiple cloud services, APIs, and the scattered user base. We explore how defenses have evolved and although default protections have strengthened, attack vectors have grown smarter with the growth of ransomware. Join us as we dissect these changes and their impact on modern security paradigms in an era where protection and adaptation are paramount.  Disclaimer: This episode was recorded just before news of the Microsoft breach hit the headlines. Thus, while some of the perspectives may seem momentarily misaligned due to the unfolding events, the core insights and conclusions drawn remain the same.   Timestamps: 3:50 – What is the current state of on-premises infrastructure in terms of security?   12:37 – How does compliance factor into on-premises security?  21:12 – Is Infrastructure in the cloud more secure?  33:12 – Is “The Cloud” or “On-Premises” more secure?  Episode Resources: Monthly Threat Report - August 2023  Andy and Paul Discuss M365 Security Andy and Paul Discuss the Difficulty of Licensing Security Features in M365 Hornetsecurity Ransomware Survey Findings The Backup Bible Hornetsecurity's Security Awareness Service Information on Recent SEC Announcement

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. Every month, Andy will be hosting an episode to dive into the key takeaways from the report.  In today’s episode, Andy and Umut will be sharing a threat overview based on data from the Security Lab throughout July 2023. From the changing tactics in email attacks, to new brand impersonations and the impact of dark-web generative AI (Artificial Intelligence) tools like WormGPT, we will equip you with the right information to help you stay ahead of these new emerging threats.   Timestamps: (2:43) – Net increase in all email threat categories during the data period  (4:17) – The mostly commonly used file-types for payload delivery during the data period  (7:24) – The most targeted industry vertical during the data period  (10:13) – Most impersonated brands during the data period  (15:49) – The rise of malicious generative AI like WormGPT  (22:55) – The continued fallout from the MOVEit vulnerabilities  (26:46) – The breach of Microsoft Cloud services by Storm-0558  Episode Resources: Monthly Threat Report - August 2023  EP 01 - We Used ChatGPT to Create Ransomware Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today's episode, Andy has a special guest from our product development team at Hornetsecurity - Jean Paul (JP) Callus. The episode goes into an insightful discussion on how threats have morphed over the years. Andy and Jean Paul recount the days when backup primarily served as a safety net against accidental data loss and hardware failures. Fast forward to today, and backups have become a key weapon in the fight against ransomware and other sophisticated attacks.  Tune in to discover the power of modern backups in the ever-evolving world of cybersecurity and how organizations can establish seamless data protection measures, ensuring minimal data loss and downtime in the face of cyber threats.  Timestamps: (2:16) – Ransomware continues to drive backup and recovery decisions. (10:10) – How has the industry traditionally mitigated ransomware and how are things done now?  (14:13) – Revisiting the 3-2-1 backup strategy and adding an extra “1”  (16:10) – Cloud backups and WORM (Write Once Read Many) states.  (19:10) – What other backup technologies play a role in security?  (23:43) – Deduplication, Immutability, and Backup  Episode resources: Podcast EP01: We Used ChatGPT to Create Ransomware Podcast EP05: What is Immutability and Why Do Ransomware Gangs Hate it? Hornetsecurity Ransomware Attack Survey VM Backup V9 The Backup Bible  Find Andy on LinkedIn, Twitter or Mastadon Find Jean Paul on LinkedIn  

Join us for an insightful discussion on the topic of licensing Microsoft 365 security features. Microsoft Certified Trainer, Paul Schnackenburg, joins us once again to share his valuable insights on how M365 licensing practices have evolved and why they’ve become so complex.  In this episode Andy and Paul look at all the different ways native security features in M365 are licensed, what challenges come along with that process, how the process is confusing and more! This includes some discussion around how M365 licensing in general is flawed as well as how third-party software vendors help plug-in and do what they can to simplify this mess.  Timestamps: 2:22 – O365 licensing vs M365 licensing  5:06 – Is the complexity in M365 licensing deliberate?  7:09 – Licensing and security with M365 business  13:30 – Licensing and security in the M365 Enterprise SKUs  19:30 – What about the EMS Suite?  21:42 – What are E5 Compliance and E5 Security?  28:05 – How can a 3rd party vendor help make licensing security features easier?  Episode Resources: SysAdmin Dojo Podcast Episode on General M365 Licensing  Andy and Paul’s M365 Compliance Webinar Defender for Endpoint Hornetsecurity Services Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

We’re back for another episode with Philip Galea, R&D Manager at Hornetsecurity. In today’s episode, Andy and Philip discuss the frustrations and challenges IT admins face when managing permissions and sharing effectively in SharePoint Online.   As more organizations embrace remote work, collaborate with external freelancers, and rely on tools like Microsoft Teams and emails for sharing files, the need to manage permissions has become crucial. Tune in to this episode to learn about the complexities of SharePoint and discover ways to regain control over your access management.  Timestamps: 4:44 – The problems with managing permissions in SharePoint Online  8:34 – The ease of file sharing in M365 has created a problem.  11:16 – Have SharePoint security capabilities just been “lifted and shifted” to the cloud?  14:43 – The egregious problem with duplicate named SharePoint custom roles.  23:32 – What should M365 admins be doing about this problem?   27:10 – Behind the scenes with M365 Permission Manager by Hornetsecurity  Episode Resources: 365 Permission Manager Introducing 365 Permission Manager – Webinar Find Andy on LinkedIn, Twitter or Mastadon Find Philip on LinkedIn

Join host Andy and special guest Martin Tanner from ADM Computing as they discuss real-life security horror stories. This fun and engaging episode was recorded live at Infosecurity Europe in London. Expect to hear interesting stories which both Andy and Martin have experienced first-hand.  With a mix of humor and valuable insights, this episode is a must-listen for anyone interested in the fascinating, and at times terrifying, world of real-life security horror stories.  Timestamps:  2:28 – The Dangers of Unmanaged IOT devices  5:30 – Hacked Video Conferencing Unit and Premium Rate Numbers  8:18 – Email Forwarding Rules and Data Leakage  11:59 – The Need for Proper Backup and Archival + Scheduled Payment Woes  15:40 – Rogue Admin and Embezzlement  18:17 – A Flattened Network and Ransomware Infection  22:16 – The Publicly Accessible Hypervisor  Episode Resources: Security Awareness Service Email Encryption from Hornetsecurity Email Encryption Fact Sheet Find Andy on LinkedIn, Twitter or Mastadon Find Martin on LinkedIn

Get ready for an eye-opening episode recorded live at Infosecurity Europe in London. In this episode, Andy and Matt Frye dissect the results of a comprehensive IT compliance survey conducted by Hornetsecurity. In the rapidly evolving digital landscape, maintaining IT compliance has become a pressing concern for businesses worldwide.   Tune in to explore the key findings from this survey, featuring insights from over 200 IT professionals representing diverse roles, regions, industries, and experience levels.  Timestamps: 02:32 – Compliance is a growing concern  03:52 – Do businesses see compliance as important?  06:24 – The burden of compliance on IT teams 12:08 – How are businesses verifying compliance?  14:46 – Trust in the cloud continues to be a problem for some organizations  17:00 – M365 administrators are struggling with compliance tools  20:57 – The cost of non-compliance  Episode Resources: IT Cybersecurity Compliance Survey  365 Permission Manager  Find Andy on LinkedIn, Twitter or Mastadon Find Matt on LinkedIn

Microsoft's recent decision to throttle traffic from old and outdated versions of On-Premises Exchange has sent shockwaves through the tech community. In today's episode, Andy and Paul Schnackenburg delve into the details of Microsoft's plans to protect Exchange Online against persistently vulnerable on-premises Exchange Servers by throttling and blocking emails from these unsupported servers.  Tune in to understand the reasoning behind Microsoft's strategy with this change, how organizations can keep themselves protected through process, and where third-party vendors can plug in and provide value.  Timestamps: 4:00 – Microsoft’s plan details and communication  10:50 – Paul and Andy’s thoughts on why Microsoft is making this change  18:40 – Is it “Ethical” for Microsoft to block on-prem Exchange traffic?  26:31 – What should affected organizations do?  Episode Resources: Microsoft's Announcement SMB1 Changes at Microsoft Hornetsecurity's 365 Total Protection Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

We’re back for another episode with Lia Fey, Customer Success Lead at Hornetsecurity. In today’s episode, Lia brings her wealth of experience working closely with CISOs on a daily basis to share valuable insights and strategies for effectively collaborating with them.   CISOs face a unique set of challenges as they operate in high-pressure environments and navigate the intersection of compliance requirements as well as the security needs of an organization.   Join us as we explore the multifaceted nature of working with CISOs on security awareness and discover tips and tricks for fostering effective partnerships in the ever-evolving security and compliance landscape.  Timestamps: 3:25 – Initial Impressions and responsibilities of CISOs?  5:47 – CISOs and Interactions with the Rest of the Organization  8:47 – Responsibilities of CISOs  15:59 – What is the Most Effective Way to Communicate with CISOs  21:40 – How can we help CISOs solve difficult business challenges?  Episode Resources: EP09: Real World Guidance on Security Awareness Service Security Awareness Service Andy on LinkedIn, Twitter or Mastodon  Lia on LinkedIn 

In today’s episode, our host Andy sits down with Lia Fey, Customer Success Lead at Hornetsecurity, to discuss why employees need to be trained on security awareness and what type of training works best. In addition, they explore the challenges businesses face when trying to train their employees in today’s digital landscape.   Lia Fey brings her expertise to the table and sheds light on real-world scenarios where organizations have successfully prevented attacks because an end user possessed the knowledge and ability to react appropriately.  Timestamps: 2:32 – What is a security awareness service?  9:38 – Why is security awareness training so effective?  12:45 – Measuring end-user success and right-sizing training  20:11 – What is the right kind of end-user security training?  24:22 – Some real-world scenarios  28:35 – Do security awareness services help spot threats outside of email?  Episode Resources: Security Awareness Service Cyber Security Report 2023 Andy on LinkedIn, Twitter or Mastodon  Lia on LinkedIn 

We’re back for another episode with Umut Alemdar - Head of Security Lab here at Hornetsecurity. Today, we’re discussing Advanced Threat Protection (ATP) and its crucial role in detecting, preventing, and responding to increasingly sophisticated cyber threats.  Throughout the episode, Andy and Umut discuss common ATP techniques such as sandboxing, time of click protection, and spam filters, all of which are critical in fortifying defenses against malicious actors. Furthermore, they emphasize the vital function of the natural language understanding module in ATP in detecting sophisticated social engineering attacks.   While this episode focuses on ATP in general, Andy and Umut draw concrete examples from our own ATP scanning methods here at Hornetsecurity.   Timestamps: 2:05 – What is Advanced Threat Protection  5:50 – What are common scanning techniques used by ATP technologies  10:35 – How does Sandboxing work in ATP scanning techniques?  13:07 – What is the role of AI within ATP scanning?  18:09 – Concrete example of where ATP saves the day  20:11 – Scanning for malicious QR codes  Episode Resources:  Advanced Threat Protection We used ChatGPT to Create Ransomware Bit.ly QR Code Index Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today’s episode, Andy and Umut Alemdar explore one of the most malicious botnets in today’s digital threat landscape: Qakbot. What makes Qakbot so dangerous?  Qakbot originally started out as an information stealer back in 2007. Over the years, it has undergone significant transformations, evolving into a multi-modular malware that poses a severe threat to businesses. In our discussion and analysis, we uncover its attack chain from infecting a system to downloading malicious payload.  Timestamps: 3:24 – What is Qakbot?  5:18 – An overview of Qakbot’s attack chain and capabilities  14:38 – Mitigation and defence strategies for Qakbot   19:48 – What does the future look like for Qakbot?  Episode Resources: The Reemergence of Emotet and Why Botnets Continue to Return Security Awareness Service Advanced Threat Protection Find Andy on LinkedIn, Twitter or Mastadon Find Umut on LinkedIn 

In this episode, Andy and Paul Schnackenburg, Microsoft Certified Trainer, investigate the burning question on everyone's mind: Is Microsoft 365 a secure platform? As we discuss the intricate details and inner workings of Microsoft 365 security, we leave no stone unturned.   Tune in to learn valuable insights and expert analysis on the subject, as well as how Microsoft 365 holds up in today's ever-changing threat landscape.  Timestamps: 2:30 – Is Microsoft 365 secure?  6:32 – Management portal and configuration creep in M365  13:28 – Does file sharing in M365 create a security problem?  20:07 – Lack of transparency in regards to internal cloud infrastructure CVEs  25:36 – The mentality of security – just because it’s in “the cloud”  29:38 – Ultimately it’s the “customer’s” responsibility to stay safe  Episode Resources: Microsoft 365 Security Checklist Azure Blunder left Bing Results Editable  365 Permission Manager Free Trial  Find Andy on LinkedIn, Twitter or Mastadon Find Paul on LinkedIn or Twitter

In today’s episode, we welcome Philip Galea, an esteemed expert in immutability and backups at Hornetscurity. With ransomware being one of the most pervasive issues in the industry today, immutability emerges as a powerful weapon against ransomware gangs.   The term immutability is thrown around a lot in the cybersecurity community, but what does it mean, and why do ransomware gangs hate it?  This episode provides a fascinating insight into immutability and its vital role in the fight against ransomware.  Timestamps: 4:25 – What is immutability? 9:34 – How ransomware drove the need for immutability 12:30 – Ransomware creation via ChatGPT 18:12 – Are there benefits and use cases for immutability outside of backup? 21:30 – How does immutability really work? 24:57 – What’s to stop a rogue admin from “Tinkering” with immutable storage? Episode resources: EP01: We used ChatGPT to Create Ransomware MITRE ATT&CK DK Hornetsecurity VM Backup

In this episode, we delve into the world of social engineering, phishing, and spam campaigns, exploring modern techniques threat actors are using to trick users into divulging sensitive information through email. Security Evangelist Andy and guest expert Umut Alemdar, head of the Security Lab here at Hornetsecurity, explain how phishing remains the top method of attack for many cybercriminals due to its cost-effectiveness and ability to exploit human vulnerability.  Attackers use excellent context and timing to create convincing email messages that trick even the most savvy users into divulging sensitive information. Despite the prevalence of anti-spam solutions, phishing continues to rise as attackers adapt and evolve their techniques.  Tune in to gain a better understanding of social engineering and how to protect your organization in the modern age.  Timestamps: 1:47 – Social engineering, phishing, and spam campaigns: still a problem in the modern era  6:30 – Why is phishing so effective, even today?  11:43 – What other types of attacks does phishing enable for end users?  16:48 – How does the industry ultimately solve the problem of phishing? Episode resources:  Cyber Security Report 2023         Security Awareness Services    Google and Facebook Accounts Payable Fraud    Find Andy on LinkedIn , Twitter , Mastodon  Find Umut on LinkedIn     

Welcome back to the Security Swarm Podcast! In this episode, our host Andy Syrewicze talks with Umut Alemdar, Head of Security Lab here at Hornetsecurity, about the reemergence of Emotet and the pervasiveness of botnets. Why do they keep coming back?  Emotet, a well-known botnet for spreading malware and stealing personal information, had been dormant since December before reappearing in March 2023 with new tactics and capabilities. The Botnet has a modular architecture that allows threat actors to include any kind of payload that gets executed on the victim’s device.  Tune in to hear Andy and Umut discuss the attack chain of Emotet, how it has evolved and the risks it may pose to your organization. They also explore why botnets such as Emotet persist despite efforts to shut them down.  Timestamps: 1:58 – What is Emotet?  6:25 – Emotet’s Attack Chain  12:20 – How do Botnets continue to return?  14:44 – How can organizations guard against botnets like Emotet?  Episode resources: Hornetsecurity Article Regarding Emotet Hornetsecurity CyberSecurity Roundtable Discussion Advanced Threat Protection Security Awareness Services Andy on LinkedIn, Twitter, Mastadon Umut on LinkedIn

Welcome back for another episode of the Security Swarm Podcast, the podcast that brings you the insights and expertise straight from the Security Lab here at Hornetsecurity. In this episode, we’ll be diving into recent security disclosures with Eric Siron, Microsoft MVP, and discussing how organizations should respond when vulnerabilities are discovered.  We’ll focus on two major incidents as examples throughout this episode; the Outlook Vulnerability CVE-2023-23397, and the re-emergence of Emotet.  In today’s digital landscape, threats are constantly evolving and becoming more sophisticated, making it critical to respond quickly and efficiently minimize the impact of such incidents. Whether you’re a SysAdmin working in a small organization or the CISO of a large business, you have to be more vigilant, and have a plan.  Tune in to learn valuable insights into how tech professionals should handle security news.   Timestamps: 3:16 – A baseline example of a busy security news-cycle  8:00 – Keeping an eye on the security news-cycle and has it always been this way?  17:45 – What should organizations be doing to keep tabs on the security news-cycle?  23:21 – What can vendors be doing better to help SysAdmins handle security news?  Episode resources: CVE-2023-23397 The Re-Emergence of Emotet Hornetsecurity July 2022 Threat Review with Talk of Qakbot White House to Shift Cybersecurity Burden Andy on LinkedIn , Twitter , Mastodon Eric on Twitter

  In our very first episode we welcome Yvonne Bernard to the show for an in depth discussion into the security implications of ChatGPT. There is no doubting that ChatGPT and other recent AI models have brought some very positive change to a number of industries. However, did you know that there is potentially a darker side to AI? Can it be used for malicious purposes? The short answer is yes! In fact, we were able to use ChatGPT here at Hornetsecurity to essentially create ransomware!  In today’s episode we discuss the particulars of that process, the implications as well as other methods threat-actors can use to get ChatGPT to help them with illicit activities!  Timestamps:  5:51 - What are the cybersecurity benefits of ChatGPT?  10:05 - How is ChatGPT used for malicious use by threat-actors?  17:15 - Does OpenAI have controls in place to prevent malicious use?  20:48 - What are the legal implications that ChatGPT brings to the industry?  23:40 - What does the industry do about the potential security implications of ChatGPT?  Episode Resources:  The DAN Method on Reddit Hornetsecurity Webinar on the Security Implications of ChatGPT  Andy on LinkedIn, Twitter, Mastadon  Yvonne on LinkedIn  Security Awareness Service from Hornetsecurity