The Security Swarm Podcast
Welcome to The Security Swarm Podcast – a weekly conversation of the most critical issues facing the world of cybersecurity today, hosted by Andy Syrewicze, Security Evangelist at Hornetsecurity. From the malicious use of AI tools to social engineering scams, each episode hones in on a pertinent topic dissected by an industry expert and backed up by real-world data direct from our Security Lab.
The world of cybersecurity should not be taken on alone – it’s time to join the swarm.
Remember the days of DNS route-based email security? It’s been a steadfast approach, but in recent years, the landscape has shifted towards API-driven solutions, particularly evident in platforms like Microsoft 365 utilizing the Graph API for enhanced security.
In this episode, Umut Alemdar from Hornetsecurity’s Security Lab joins Andy once again to discuss email filtration, particularly the DNS route-based approach versus the emerging API-based method. Tune in as they compare these two methodologies, weighing the pros and cons, discussing caveats, and navigating the intricacies of email security.
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October.
During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape.
Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike.
(3:07) – What is the general state of email threats during the last month?
(6:31) – What types of files are being used to deliver malicious files?
(9:38) – What industries are being targeted the most throughout the data period?
(14:40) – What are the most impersonated brands during the last month?
(18:52) – An update on the Microsoft Storm-0558 breach
(23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler
(30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO
Paul Schnackenburg is back for another episode with Andy and this time, to discuss the story of backup and recovery inside of Microsoft 365. M365 backup has been a confusing experience over the years, especially with Microsoft’s contradictory “no backup needed” guidance. To add to the confusion, Microsoft has introduced its own M365 backup product.
During the episode, we’ll look at the various methods and tools that have been used natively within M365 to help with backup, as well as why these methods frequently fall short. Don’t miss out on this informative discussion as we delve into the complexities of data protection and recovery in M365!
In today’s episode, we’re delighted to welcome back Eric Siron, who’s no stranger to our show. Andy and Eric will be exploring some historical methods devised by the security community to safeguard backups against ransomware such as air gapping, removable media and application whitelisting. But here’s the twist: we’re approaching these protective measures from the mindset of a relentless threat actor, someone who’s determined to breach your defenses and make your backups their own.
Throughout the episode, we will discuss common misconceptions surrounding these historical solutions, often described as the ultimate ransomware defenses. Do they genuinely live up to the hype? Why do they seem to fall short when used in a vacuum? Tune in to learn more!
In today’s digital landscape, ransomware threats have become an increasingly significant concern for organizations of all sizes. Cybercriminals are continuously devising new ways to exploit vulnerabilities, and the repercussions can be devastating. Its ever-evolving nature makes it a top threat. To uncover the full extent of its threat, Hornetsecurity recently conducted a survey to gauge the awareness and preparedness of businesses in the face of ransomware attacks.
In today’s episode, Andy and Matt Frye, Head of Presales and Education at Hornetsecurity, will recap the key findings and insights from the ransomware survey as well as offer effective tools and protocols to protect your business.
(3:20) – How important is ransomware protection in terms of IT priorities?
(4:41) – How many organizations do NOT have a DR plan in place?
(9:28) – How many organizations protect their backups from ransomware?
(12:10) – What types of tools are organizations using to combat ransomware?
(15:45) – How many organizations have been victims of ransomware?
(18:12) – How many ransomware victims managed to recovery from backup?
(20:50) – What are the most common vectors of attack for ransomware?
(24:00) – How many people see real value from security awareness training?
(27:37) – How many organizations using M365 have a DR plan in place for ransomware?
Malicious OAuth apps are an issue that has plagued M365 for many years. By default, end users are given great freedom to “authorize” OAuth apps and provide them access to the M365 tenant, unknowingly creating a security issue that persists even once the affected user’s password has changed!
In today’s episode, Andy and Paul Schnakenburg discuss the danger of malicious OAuth apps at length, providing listeners info on the danger, what you can do about it, and what you need to look out for! Hope you enjoy!
(1:57) – What are malicious OAuth Applications?
(5:21) – Who can authorize OAuth Applications in a M365 tenant?
(8:25) – How are malicious OAuth Applications getting past Microsoft Review?
(14:56) – An example of a how a malicious OAuth Application might function in an attack
(17:44) – Mitigation and prevention of malicious OAuth Application attacks
(25:35) – The M365 Essential Companion Guide eBook
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from the month of September 2023.
The cybersecurity landscape is ever-evolving, and this month is no exception. Andy and Umut will be analysing the latest types of email threats. Unsurprisingly, the Entertainment and Mining industries continue to be the bullseye for malicious actors. Over the past 30 days, these sectors have borne the brunt of cyberattacks. Meanwhile, Microsoft remains in the spotlight for all the wrong reasons, as security incidents continue to plague the tech giant. This raises questions about the company’s security culture and its ability to safeguard its vast user base.
Tune in for more details!
You can’t be in the IT security space without thinking about certifications. Certifications are the backbone of our industry, serving as benchmarks for knowledge, skills, and expertise. But, let’s face it, navigating the maze of IT and security certifications available can be a daunting task making it difficult to figure out which route you need to take.
In today’s episode, Andy and Umut Alemdar explore the critical role certifications play in our field and why these certifications hold more value than just being decorative pieces on your office wall. They’ll also go a little further into the top certifications that are particularly relevant for security professionals in today’s ever-changing cybersecurity landscape.
(2:45) – Why is certification important in the Security Space
(7:28) – What are the benefits of getting certified?
(11:45) – Vendor-specific certifications
(16:05) – Are Linux certifications relevant to security professionals?
(22:21) – What are the most important vendor-agnostic security certifications?
Careers at Hornetsecurity (We offer training!)
Umut on LinkedIn
In this week’s episode, Andy and Paul have a discussion that has been brewing for the past several episodes. Microsoft has experienced a series of security incidents in the last few years. For example, the SolarWinds debacle in 2020, multiple exchange server on-prem issues, and more recently the Storm-0558 incident.
The core issue that all these problems raise, especially for a major global cloud provider, is trust. Can Microsoft be trusted to secure these services that millions around the globe use every single day? This is the main question that the guys get into in this episode along with lots of other great discussions around security in the Microsoft Cloud.
(1:55) – There has been a recent string of security issues at Microsoft
(6:42) – Storm-0558
(16:38) – Follow up on the SolarWinds attack from 2020
(20:50) – Multiple Exchange on-prem vulnerabilities over the last several years
(22:55) – Power Platform cross-tenant un-authorized access
(26:61) – Communication seems to be a sore spot across all these issues
(31:21) – Trust is critical for the survival of “the cloud”
In this week’s episode, Andy sits down with Daniel Hofmann, the CEO of Hornetsecurity, for an exclusive glimpse into life as a cybersecurity CEO in the modern era. During the episode, Daniel shares the complexities of leading a top-tier security organization exploring the challenges and rewards that come with the role whilst touching upon some predictions for the ever-evolving cybersecurity industry.
With cybersecurity being an industry that never stands still, the conversation also delves into the constant opportunities for innovation. Tune in to discover ways of staying informed and constantly adapting to the shifting threat landscape.
(2:13) – What is it like being the CEO of a Cybersecurity Company?
(7:27) – What are the main methods that Daniel uses to keep up to date on the industry?
(10:05) – What was the main driving reason behind founding Hornetsecurity?
(13:26) – Solving security problems with a unique approach.
(18:28) – How is AI changing the cybersecurity industry?
(24:08) – Daniel’s cybersecurity predictions for the future.