Microsoft has recently been criticized for not prioritizing security enough. Following the CSRB’s Report on the Storm-0558 attack, Microsoft announced that security is now a top priority, with a commitment to address security issues before new product innovations. In this podcast episode, Andy and Paul Schnackenburg discuss the blog post which analyzes the Secure Future Initiative and its advancements.  

The conversation brings up the burning question: Was it the Cyber Safety Review Board (CSRB) that catalyzed Microsoft’s proactive stance on security? 

Key takeaways: 

• Microsoft is taking proactive steps to address security vulnerabilities and enhance its security measures following recent incidents. 
• The focus on protecting identities, enforcing multi-factor authentication, and improving network segmentation are crucial for bolstering security. 
• Efforts to align security actions with recommendations from the CSRB demonstrate a commitment to addressing criticisms directly. 

Timestamps:

(06:52)  Key Insights from Charlie Bell’s Blog Post Addressing Cyber Security Concerns

(11:22)  Enhancing Security Measures in Response to the CSRB’s Report

(21:22) Top Security Practices for Protecting Tenants and Production Systems

(24:46)  Enhancing Cloud Security with Micro Segmentation and Software Supply Chain Protection

(30:44)  Challenges and Considerations in Cloud Security Logging and Storage

(34:37)  Enhancing Cloud Security with Microsoft Sentinel and Vulnerability Reporting

(37:37)  Unveiling Common Vulnerabilities and the Importance of Secure Authentication in Cloud Environments

(42:34) Analyzing Microsoft’s Response to a Security Incident

Episode Resources:

The Blog Post from Charlie Bell

EP39: Are Passkeys the Future of Authentication?

Subcribe to our new YouTube Channel for more

In this week’s episode, Andy and guest Eric Siron discuss the cybersecurity landscape based on data from the Monthly Threat Report for May 2024. They cover a range of news items, including Microsoft’s recent announcement to expand the Secure Future Initiative, the new PSTI (Product Security and Telecommunications Infrastructure) Act in the UK and a significant brand impersonation campaign targeting the German financial entity Commerzbank. Additionally, they provide updates on the Change Healthcare ransomware attack. 

Key takeaways: 

• Microsoft’s acknowledgement of security issues is crucial for building customer trust. 
• The PSTI Act in the UK sets standards for consumer device security and compliance. 
• Payment of ransoms in ransomware attacks needs to be carefully evaluated. 
• Data breaches in healthcare can have widespread and long-term consequences for patients and organizations. 

Timestamps: 

(04:02)  Insights from the Latest Monthly Threat Report: Decrease in Email Threats, Top Targeted Industries, and Impersonated Brands

(14:02)  Breaking Bad Habits: QR Codes, OAuth, and User Training

(15:18) Microsoft’s Security Issues and Response to CSRB’s Criticism: Committed to Improve Security

(25:23)  New UK Law Mandates Security Standards for Consumer IoT Devices

(34:02) Impact of Ransomware Attack on Change Healthcare and the Dilemma of Paying Ransom 

Episode Resources:

Full Monthly Threat Report May 2024

Sharpen your Instincts with Security Awareness Training

Today’s episode of the Security Swarm Podcast is a continuation from last week’s episode where Andy and Paul discussed the CSRB’s findings on Microsoft’s Storm-0558 Breach. In their discussion, they continue picking apart the findings and providing their insights.

Episode Resources:

Cyber Safety Review Board Report

In this episode of The Security Swarm Podcast, Andy and Paul discuss the Cyber Safety Review Board’s findings of the Microsoft Storm-0558 breach. During the episode, they talk about the implications of the breach and explore Microsoft’s security culture, stressing the need to prioritize robust security measures over rapid feature developments. 

Key Takeaways: 

• Microsoft’s security culture requires a significant overhaul to address existing vulnerabilities and prevent future breaches. 
• Transparency and accurate risk assessments are crucial in understanding and mitigating security threats in cloud environments. 
• Prioritizing security over rapid feature development is essential to prevent security risks and enhance overall product integrity. 
• Standardized audit logging practices should be a fundamental offering in cloud services to enable effective intrusion detection and investigation. 

Timestamps: 

(10:07) – Microsoft’s Security Culture: Past, Present, and Future 

(15:45) – Uncovering Lack of Transparency and Accountability in Major Cloud Vendors

(20:09) – Microsoft’s Security Standards: A Critical Assessment and Call for Action

(28:53) – A Discussion on Cloud Audit Logging 

Episode Resources: 

Cyber Safety Review Board Report

Microsoft Trustworty Computing Memo

In this episode of the Security Swarm Podcast, our host Andy Syrewicze discusses the key findings from Hornetsecurity’s Monthly Threat Report with guest Michael Posey. The Monthly Threat Report is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  

In this episode, Andy and Michael talk about recent security events such as the Cyber Safety Review Board’s (CSRB) report assessment of the Storm-0558 attack, the FTC’s reports on impersonation attacks, and an alarming potential supply chain attack on the XZ Utils package in open-source Linux distributions. 

Key takeaways: 

• The cybersecurity landscape is evolving rapidly with a variety of threats, from supply chain attacks to impersonation scams. 
• Transparency and security diligence are crucial in preventing and mitigating cyber threats. 
• End-user training and awareness play a significant role in enhancing overall cybersecurity posture. 

Timestamps: 

(05:26) – Rising Trends in Email Threats and Cybersecurity Impersonation Tactics

(15:26) – The Importance of Email Security and Supply Chain Attacks in Today’s Cyber Landscape

(18:12) – Uncovering the Storm-0558 Breach: Analysis and Recommendations

(27:33) – FTC Reports on Impersonation Attacks and the Importance of End User Training in Cybersecurity

(34:25) – Major Security Threat Uncovered in XZ Utils Package in Open Source Linux Distributions

(40:22) – Insights on Cybersecurity Issues and Mitigations 

Episode Resources: 

The Full Monthly Threat Report for April 2024

Fully automated Security Awareness Training Demo 

In this episode of The Security Swarm Podcast, host Andy Syrewicze is joined by Matt Lee from Pax8 to discuss the risks associated with deploying always on remote access software on managed endpoints.  

The conversation spans various topics, including Matt Lee’s extensive background in the MSP space, where he shares insights gained from his experience with a mass ransomware event. Together, they explore the risks and implications of constant remote access, emphasizing the need for organizations to adopt a more proactive stance toward cybersecurity.  

Key takeaways: 

• Embrace the journey of continuous improvement in cybersecurity practices, focusing on being reasonable and defensible rather than striving for perfection. 
• Follow established cybersecurity controls and be willing to adapt and improve security measures over time. 
• Consider the risks associated with constant remote access and prioritize security measures that reduce exposure to threats. 
• Take small steps towards improving cybersecurity practices and be open to learning from past failures to enhance security protocols. 

Timestamps: 

(11:08) – Navigating Remote Access in Highly Regulated Managed Service Provider (MSP) Environments 

(14:02) – Maximizing Security with Just in Time, Just Enough Access 

(17:41) – The ConnectWise ScreenConnect Vulnerability and the Importance of Communication 

(26:32) – The Need for Maturity in the Cybersecurity Space 

(31:10) – Don’t Let Perfect be the Enemy of Good 

Episode Resources: 

Matt Lee 

Hornetsecurity