The Security Swarm Podcast

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October.

During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape.

Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike.

Timestamps:

(3:07) – What is the general state of email threats during the last month?

(6:31) – What types of files are being used to deliver malicious files?

(9:38) – What industries are being targeted the most throughout the data period?

(14:40) – What are the most impersonated brands during the last month?

(18:52) – An update on the Microsoft Storm-0558 breach

(23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler

(30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO

Episode Resources:

Full Monthly Threat Report for November

Law Enforcement Shutdown of Qakbot

Paul and Andy Discuss Storm-0558

Security Awareness Service – Request Demo

Andy on LinkedIn , Twitter , Mastodon

Eric on Twitter

Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft’s contradictory “no backup needed” guidance. To add to the confusion, Microsoft has introduced its own M365 backup product.

During the episode, we’ll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don’t miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365!

Episode Resources:

Free eBook – Microsoft 365: The Essential Companion Guide

365 Total Backup – Request a Trial

VM Backup – Free Trial

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

In today’s digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks. 

In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business.   

Timestamps:

(3:20) – How important is ransomware protection in terms of IT priorities?

(4:41) – How many organizations do NOT have a DR plan in place? 

(9:28) – How many organizations protect their backups from ransomware? 

(12:10) – What types of tools are organizations using to combat ransomware? 

(15:45) – How many organizations have been victims of ransomware? 

(18:12) – How many ransomware victims managed to recovery from backup? 

(20:50) – What are the most common vectors of attack for ransomware? 

(24:00) – How many people see real value from security awareness training? 

(27:37) – How many organizations using M365 have a DR plan in place for ransomware? 

Episode Resources:

Full Ransomware Survey Results

EP12: What We Learned by Asking the Community About Compliance

Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed! 

In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy! 

Timestamps:

(1:57) – What are malicious OAuth Applications? 

(5:21) – Who can authorize OAuth Applications in a M365 tenant? 

(8:25) – How are malicious OAuth Applications getting past Microsoft Review? 

(14:56) – An example of a how a malicious OAuth Application might function in an attack 

(17:44) – Mitigation and prevention of malicious OAuth Application attacks 

(25:35) – The M365 Essential Companion Guide eBook 

Episode Resources:

M365 Publisher Verification

M365 Publisher Attestation

M365 App Certification

M365 ACAT Tool

Free eBook ‘Microsoft 365: The Essential Companion Guide’

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.  

The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company’s security culture and its ability to safeguard its vast user base. 

Tune in for more details! 

Episode Resources:

Monthly Threat Report – October 2023

You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let’s face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take.  

In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today’s ever-changing cybersecurity landscape. 

Timestamps:

(2:45) – Why is certification important in the Security Space 

(7:28) – What are the benefits of getting certified? 

(11:45) – Vendor-specific certifications 

(16:05) – Are Linux certifications relevant to security professionals? 

(22:21) – What are the most important vendor-agnostic security certifications? 

Episode Resources:

Comptia Security+

GSEC

Cisco CCNA

CISSP

CISM

CEH

OSCP

Careers at Hornetsecurity (We offer training!)

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn 

In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident. 

The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.  

Timestamps:

(1:55) – There has been a recent string of security issues at Microsoft 

(6:42) – Storm-0558 

(16:38) – Follow up on the SolarWinds attack from 2020 

(20:50) – Multiple Exchange on-prem vulnerabilities over the last several years 

(22:55) – Power Platform cross-tenant un-authorized access 

(26:61) – Communication seems to be a sore spot across all these issues 

(31:21) – Trust is critical for the survival of “the cloud” 

Episode Resources:

Monthly Threat Report – September 2023

Microsoft 365: The Essential Companion Guide – Free eBook

Paul’s recent article on Microsoft’s security issues

Results of Microsoft’s Storm-0558 Investigation

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry. 

With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape. 

Timestamps:

(2:13) – What is it like being the CEO of a Cybersecurity Company? 

(7:27) – What are the main methods that Daniel uses to keep up to date on the industry? 

(10:05) – What was the main driving reason behind founding Hornetsecurity? 

(13:26) – Solving security problems with a unique approach. 

(18:28) – How is AI changing the cybersecurity industry? 

(24:08) – Daniel’s cybersecurity predictions for the future. 

Episode Resources:

Hornetsecurity’s Advanced Threat Protection

Episode 18: Generative AI in Defensive Tools

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. 

During the episode, Andy and Yvonne explore the overall threat trends including:  

• The most common malicious file types used to deliver payloads, with HTML files taking the lead 

• The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.  

• The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks. 

• The impact of the FBI’s disruption of Qakbot. 

• The Storm-0558 breach. 

• A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors. 

Timestamps:

(3:22) – General threat trends for this month’s data period 

(7:11) – What were the most used file types used for malicious payloads during the data period? 

(10:10) – What are the most targeted industries for this data period? 

(12:04) – The most impersonated brands from this month’s report 

(16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet 

(22:54) – An update on the Microsoft Storm-0558 breach 

(33:46) – Data breaches account for 14 million lost records 

Episode Resources:

Full Monthly Threat Report – September 2023

EP07: A Discussion and Analysis of Qakbot 

Security Awareness Service

Andy on LinkedIn, Twitter, Mastadon 

Yvonne on LinkedIn