Bra podcast
Sveriges mest populära poddar
- Affärsnyheter
- Alternativ hälsa
- Amerikansk fotboll
- Andlighet
- Animering och manga
- Astronomi
- Barn och familj
- Basket
- Berättelser för barn
- Böcker
- Buddhism
- Dagliga nyheter
- Dans och teater
- Design
- Djur
- Dokumentär
- Drama
- Efterprogram
- Entreprenörskap
- Fantasysporter
- Filmhistoria
- Filmintervjuer
- Filmrecensioner
- Filosofi
- Flyg
- Föräldraskap
- Fordon
- Fotboll
- Fritid
- Fysik
- Geovetenskap
- Golf
- Hälsa och motion
- Hantverk
- Hinduism
- Historia
- Hobbies
- Hockey
- Hus och trädgård
- Ideell
- Improvisering
- Investering
- Islam
- Judendom
- Karriär
- Kemi
- Komedi
- Komedifiktion
- Komediintervjuer
- Konst
- Kristendom
- Kurser
- Ledarskap
- Life Science
- Löpning
- Marknadsföring
- Mat
- Matematik
- Medicin
- Mental hälsa
- Mode och skönhet
- Motion
- Musik
- Musikhistoria
- Musikintervjuer
- Musikkommentarer
- Näringslära
- Näringsliv
- Natur
- Naturvetenskap
- Nyheter
- Nyhetskommentarer
- Personliga dagböcker
- Platser och resor
- Poddar
- Politik
- Relationer
- Religion
- Religion och spiritualitet
- Rugby
- Så gör man
- Sällskapsspel
- Samhälle och kultur
- Samhällsvetenskap
- Science fiction
- Sexualitet
- Simning
- Självhjälp
- Skönlitteratur
- Spel
- Sport
- Sportnyheter
- Språkkurs
- Stat och kommun
- Ståupp
- Tekniknyheter
- Teknologi
- Tennis
- TV och film
- TV-recensioner
- Underhållningsnyheter
- Utbildning
- Utbildning för barn
- Verkliga brott
- Vetenskap
- Vildmarken
- Visuell konst
Microsoft Threat Intelligence Podcast
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other we...
37 avsnitt • Längd: 40 min • Månadsvis
Om podden
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape – uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft’s influence on the threat landscape and behind the scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
The podcast Microsoft Threat Intelligence Podcast is created by Microsoft. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Avsnitt
Seashell Blizzard Ramping Up Operations and OSINT Trends of DPRK Threat Actors
22 januari 2025 |
26 min
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Elise Eldridge and Anna Seitz to discuss the most recent notable developments across the threat landscape.
The threat actor, also known as Sandworm or APT44, has also been observed resuming the use of the wrappers WalnutWipe and SharpWipe, and expanded the use of the Prickly Pear malware downloader.
The team highlights the geopolitical implications of these attacks, particularly in the context of Russia's influence on energy and global events. Sherrod also touches on the history of wipers in cyber operations and transitions to a discussion with Elise about trends in North Korean cyber activity, emphasizing Microsoft's ongoing efforts to analyze and mitigate these threats.
In this episode you’ll learn:
- Why recent attacks have targeted the European energy sector
- How Seashell Blizzard’s attacks in 2024 involved spear-phishing campaigns
- Why North Korean hackers infiltrate companies through remote IT job programs
Some questions we ask:
- How has Seashell Blizzard returned to using wipers, and what might explain this shift?
- After sending out crafted spear-phishing emails, what happens next in the attack chain?
- How might global geopolitics impact Seashell Blizzard's campaigns?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Threat Landscape Update: North Korean IT Workers, OSINT, and Remote Monitoring and Management Abuse
8 januari 2025 |
28 min
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Caitlin Hopkins, Diana Duvieilh, and Anna Seitz to discuss the latest trends in cybersecurity threats.
The team explores OSINT observations around Remote Monitoring and Management (RMM) tools like Screen Connect by nation-state actors and reveals how they are used to deploy malware like AsyncRAT, ransomware, and execute phishing scams. They also uncover alarming tactics, such as North Korean IT workers posing as legitimate coders to infiltrate organizations, who steal cryptocurrency and use it to fund their regime. Since 2017 they have contributed to the theft of more than $3 billion.
In this episode you’ll learn:
- The role of tech support scam websites in tricking victims into allowing remote access
- How cybercriminal and nation-state actors are increasingly exploiting remote monitoring
- Why the financial services sector is a major target for cyberattacks
Some questions we ask:
- What is Screen Connect, and why is it attractive to threat actors?
- How long have RMM tools been used in C2 frameworks?
- Why are remote management tools being used in command-and-control systems?
Resources:
View Caitlin Hopkins on LinkedIn
View Diana Duvieilh on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Doctors’ Perspective: The Rise of Healthcare Ransomware
18 december 2024 |
43 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Christian Dameff and Jeff Tully, co-directors from the UCSD Center for Healthcare Cybersecurity, and contributors to our recent Healthcare Ransomware report.
They discuss their unique backgrounds as doctors and hackers, focusing on healthcare cybersecurity, and the growing risks of hospital ransomware attacks. Christian shares his journey from hacking as a teenager to combining his passion for medicine and cybersecurity, particularly the risks posed to patient safety by vulnerable medical devices. Jeff adds his perspective, highlighting the parallels between medicine and hacking, and their efforts at UCSD to bring evidence-based research to healthcare cybersecurity. The conversation explores the challenges and importance of protecting critical healthcare systems from cyber threats, aiming to improve patient safety and outcomes.
In this episode you’ll learn:
- How medical device vulnerabilities reveal the impact of cybersecurity on patient care
- The lack of comprehensive data on healthcare ransomware attacks
- When ransomware-induced disruptions can delay life-saving procedures
Some questions we ask:
- As healthcare providers, what stands out to you about ransomware in healthcare?
- What does the UCSD Center for Healthcare Cybersecurity do?
- What ransomware attacks are common in healthcare, and how do they differ from other industries?
Resources:
View Christian Dameff on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
A Couple of Rats Pick Up New Tricks, Un Proposes Cybercrime Treaty
4 december 2024 |
44 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft’s Dinesh Natarajan, Senior Threat Hunter, and Thomas Ball, Senior Security Researcher. They unpack recent findings around AsyncRAT, a remote access Trojan (RAT) used for keylogging, data exfiltration, and deploying further malware.
Dinesh explains how attackers are now using screen-sharing tools, like Screen Connect, as part of a new infection chain that makes the malware delivery process more deceptive. Thomas then shares insights on SectopRAT, another threat targeting browser data and crypto wallets. Uniquely, this RAT creates a second desktop, allowing attackers to operate undetected.
Next, Sherrod talks with Microsoft’s Senior Director of Diplomacy, Kaja Ciglic, about the UN’s proposed cybercrime treaty. Originally spearheaded by Russia, the treaty aims to create a global framework for prosecuting cybercrime, but critics worry about its potential impact on freedom of expression and human rights.
In this episode you’ll learn:
- How tech support scam emails lead to AsyncRAT installations on different devices
- The importance of leveraging tools like Microsoft Defender's SmartScreen for protection
- The treaty encourages cooperation but may let governments exploit unclear cybercrime definitions
Some questions we ask:
- How does social engineering through email play a role in these attacks?
- What capabilities does AsyncRat have, and why is it so concerning?
- How do we ensure the treaty doesn't impact freedom of expression or human rights?
Resources:
View Dinesh Natarajan on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Between Two Gregs: An Update on the North Korean Threat Landscape
20 november 2024 |
45 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Proofpoint’s Greg Lesnewich and Microsoft’s Greg Schloemer to share the unique threat posed by North Korea’s (DPRK) state-sponsored cyber activities. The Gregs discuss their years of experience tracking North Korean cyber actors and the distinct tactics that set DPRK apart from other nation-sponsored threats. The conversation also explores North Korea’s high stakes, as DPRK threat actors operate under intense pressure from government handlers, adding a layer of urgency and fear to their operations. They share insights into North Korea’s aggressive use of stolen cryptocurrency to fund the regime’s initiatives, like ballistic missile tests, and discuss the broader geopolitical impact.
In this episode you’ll learn:
- The technical sophistication and the relentlessness of DPRK cyber tactics
- Complex motives behind funding and sustaining the North Korean government
- The training and skills development of North Korean cyber operators
Some questions we ask:
- How do North Korean threat actors set up their relay networks differently?
- What sets North Korea apart from other nation-sponsored threat actors?
- How do North Korean cyber actors differ from traditional e-crime actors?
Resources:
View Greg Schloemer on LinkedIn
View Greg Lesnewich on LinkedIn
View Sherrod DeGrippo on LinkedIn
Blog links:
Citrine Sleet Observed Exploiting Zero Day
New North Korean Threat Actor Identified as Moonstone Sleet
East Asia Threat Actor Technique Report
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Microsoft’s Yonatan Zunger on Red Teaming Generative AI
6 november 2024 |
39 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Yonatan Zunger, CVP of AI Safety and Security at Microsoft. The conversation delves into the critical role of the AI Red Team, which focuses on identifying vulnerabilities in AI systems. Yonatan emphasizes the importance of ensuring the safety of Microsoft’s AI products and the innovative methods the team employs to simulate potential threats, including how they assess risk and develop effective responses. This engaging dialogue offers insights into the intersection of technology, security, and human behavior in the evolving landscape of AI.
In this episode you’ll learn:
- Why securing AI systems requires understanding their unique psychology
- The importance of training and technical mitigations to enhance AI safety
- How financial incentives drive performance improvements in AI systems
Some questions we ask:
- How does Retrieval Augmented Generation (RAG) work?
- What are the potential risks with data access and permissions in AI systems?
- Should users tell language models that accuracy affects their rewards to improve responses?
Resources:
View Yonatan Zunger on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Vanilla Tempest: The Threat Actor Behind Recent Hospital Ransomware Attacks
23 oktober 2024 |
33 min
In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by security researchers Anna and Keivan to discuss two prominent threat actors: Vanilla Tempest and Peach Sandstorm.
Vanilla Tempest, a financially motivated cybercrime group, has been involved in recent ransomware attacks on U.S. hospitals, utilizing various ransomware payloads such as Ink. They are known for using tools like PowerShell scripts and Goot Loader to exfiltrate data and extort victims. Peach Sandstorm, an Iranian nation-state threat actor, focuses on cyber espionage and intelligence collection. They have targeted various sectors, including energy, defense, and critical infrastructure, and have shown increasing sophistication in their attacks. Later, Sherrod speaks with Colton Bremer, a senior security researcher at Microsoft, about his work on the Defender Experts (DEX) team. Colton explains the different tiers of DEX services, which focus on detecting and mitigating advanced threats that may bypass traditional security measures.
In this episode you’ll learn:
- A backdoor called Tickler that uses Azure infrastructure for command and control
- The significance of these groups' tactics and maintaining ransomware resiliency
- The different tiers of DEX services detecting and mitigating advanced threats
Some questions we ask:
- How does Vanilla Tempest typically execute their attacks?
- Has Peach Sandstorm evolved over time in their cyber espionage efforts?
- What can individuals or organizations do to mitigate cloud identity abuse?
Resources:
View Colton Bremer on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Gingham Typhoon’s Cyber Expansion Into the South Pacific
9 oktober 2024 |
39 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Nick Monaco, Principal Threat Intelligence Analyst at Microsoft, delving into findings from Microsoft's April 2024 East Asia threat report. They discuss Gingham Typhoon's expanding cyber operations in the South Pacific, notably targeting strategic partners like Papua New Guinea despite their involvement in China's Belt and Road Initiative. The conversation shifts to Nylon Typhoon's global espionage efforts, including recent activities in South America and Europe. They also cover Volt Typhoon's sophisticated attacks on U.S. critical infrastructure and highlight Storm 1376's (now Tides of Flood) use of AI-generated news anchors for spreading misinformation. This episode emphasizes the evolving nature of cyber threats and influence operations, including the creative use of technology by adversaries to advance their agendas.
* This episode is from April 2024 and is not new information.
In this episode you’ll learn:
- How Nylon Typhoon targets geopolitical intelligence in South America and Europe
- The evolving landscape of influence operations and China's growing capabilities
- How disinformation campaigns have exploited real-world events
Some questions we ask:
- How has generative AI changed influence operations and disinformation?
- What are the key trends in North Korean cyber operations with cryptocurrency and AI?
- Why are Chinese influence operations engaging with questions on social media?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
The Inside Scoop on Using KQL for Cloud Data Security
25 september 2024 |
27 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayan about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys.
In this episode you’ll learn:
- How KQL is applied in real-world security scenarios including incident response
- Key features and benefits of KQL when it comes to security and cloud data
- Distinguishing between legitimate and malicious uses of remote management tools
Some questions we ask:
- How does KQL tie into the Microsoft ecosystem, like Defender and Copilot?
- What advice would you give to someone new to KQL who wants to start learning?
- What is the technique we're seeing with copy-pasting malicious PowerShell?
Resources:
View Mark Morowczynski on LinkedIn
View Lekshmi Vijayan on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Citrine and Onyx Sleet: An Inside Look at North Korean Threat Actors
11 september 2024 |
29 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo discusses North Korean threat actors with one of our Microsoft Threat Intelligence researchers and Greg Schloemer focusing on two prominent groups: Onyx Sleet and Storm 0530. Onyx Sleet is a long-standing espionage group known for targeting defense and energy sectors, particularly in the U.S. and India. However, they’ve diversified into ransomware, using tactics like malware downloaders, zero-day vulnerabilities, and a remote access Trojan called D-Track. The conversation also touches on the use of fake certificates and the group's involvement in the software supply chain space.
In this episode you’ll learn:
- The relationship between Onyx Sleet and Storm 0530
- North Korea's broader strategy of using cyber-attacks and moonlighting activities
- Surprising nature of recent attack chains involving vulnerability in the Chromium engine
Some questions we ask:
- Does Onyx Sleet engage in cryptocurrency activities as well as traditional espionage?
- How does the use of a fake Tableau software certificate fit into Onyx Sleet's attack chain?
- Where does the name "Holy Ghost" come from, and why did they choose it?
Resources:
View Greg Schloemer on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Black Basta and the Use of LLMs by Threat Actors
28 augusti 2024 |
24 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.
In this episode you’ll learn:
- Why the takedown of Qakbot impacted Black Basta’s strategies
- What malvertising is and why its persistence is due to the complex nature of ad traffic
- How the MITRE Atlas framework assists defenders in identifying new threats
Some questions we ask:
- What role does social engineering play in the campaigns involving Quick Assist?
- How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?
- Can you explain the changes in Black Basta’s initial access methods over the years?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Disrupting Cracked Cobalt Strike
14 augusti 2024 |
39 min
On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.
In this episode you’ll learn:
- The impact on detection engineers due to the crackdown on cracked Cobalt Strike
- Extensive automation used to detect and dismantle large-scale threats
- How the team used the DMCA creatively to combat cybercrime
Some questions we ask:
- Do you encounter any pushback when issuing DMCA notifications?
- How do you plan to proceed following the success of this operation?
- Can you explain the legal mechanisms behind this take-down?
Resources:
View Jason Lyons on LinkedIn
View Richard Boscovich on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Behind the Scenes at Blue Hat IL: Security Advancements and Challenges
31 juli 2024 |
51 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is live from Blue Hat Israel in Tel Aviv. Igal Lytzki and Din Serussi discuss their presentation on advanced phishing and evasion techniques, highlighting the rise of QR phishing and custom-made captures, which involve interactive challenges to bypass security systems. Gal Niv and Jonathan Jacobi discuss their experience with the Web3 challenge they created, focusing on a smart contract vulnerability on the Ethereum blockchain. Ida Vass, the mastermind behind BlueHat IL, talks about the conference’s impact and her motivation, driven by the community's spirit and the desire to continually innovate and Wolf Goerlich the keynote speaker, discusses his approach to the keynote, focusing on positive advancements in cybersecurity rather than dwelling on the negative.
In this episode you’ll learn:
- Practical advice for organizations to bolster their email security defenses
- The critical need to apply historical attack models to new technologies
- Progress in hardening OS and network security and the shift in threat actor tactics
Some questions we ask:
- What emerging technologies or threats do you find most intriguing or concerning?
- How does the production level of BlueHat compare to other conferences?
- What do state-sponsored email threats look like right now?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Hunting for AI Bug Bounty
17 juli 2024 |
21 min
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Technical Program Manager at Microsoft Lynn Miyashita and Principal Research Manager, Andrew Paverd. They discuss the evolution of bug bounty programs into the realm of artificial intelligence, specifically focusing on Microsoft's initiative launched in October 2023. Lynn explains that the AI Bug Bounty incentivizes external security researchers to discover and report vulnerabilities in Microsoft's AI systems, such as Copilot, across various platforms including web browsers and mobile applications. Andrew elaborates on the concept of a "bug bar," which sets the criteria for vulnerabilities eligible for the program. They emphasize the importance of identifying security issues that could arise uniquely from AI systems, such as prompt injection vulnerabilities. The discussion highlights Microsoft's structured approach to handling reported vulnerabilities through their Security Response Center, emphasizing quick mitigation and coordination with researchers to ensure timely fixes and public disclosure.
In this episode you’ll learn:
- How AI Bug Bounty programs are reshaping traditional security practices
- Dangers of prompt injection attacks, and their capacity to exfiltrate sensitive data
- Why you should engage in AI bug hunting and contribute to the evolving security landscape
Some questions we ask:
- Which products are currently included in the Bug Bounty program?
- Should traditional bug bounty hunters start doing AI bug bounty hunting?
- How can someone get started with AI bug hunting and submitting to your program?
Resources:
View Lynn Miyashita on LinkedIn
View Andrew Paverd on LinkedIn
View Sherrod DeGrippo on LinkedIn
Microsoft AI Bug Bounty Program
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Microsoft Live at the RSA Conference 2024
3 juli 2024 |
55 min
In this episode of the Microsoft Threat Intelligence Podcast recorded at the RSA Conference in San Francisco, host Sherrod DeGrippo engages with a diverse group of cybersecurity experts. David Weston, VP of Operating System Security at Microsoft, discusses the evolution of Windows security and the role of AI. Jamie Williams from MITRE shares insights on the importance of product functionality in cybersecurity. Emma Stewart, Chief Power Grid Scientist at Idaho National Lab, talks about securing the digital transition of the power grid. Joe Slowik from MITRE emphasizes the importance of threat intelligence and integrating cybercrime entities into their attack framework. Lindsey O'Donnell, executive editor of Decipher, highlights AI's crucial role in cybersecurity and finally, Todd Pauley, deputy CISO of the Texas Education Agency, discusses the challenges faced by small school districts in Texas.
In this episode you’ll learn:
- How Windows security has transitioned from user-controlled to Microsoft-managed
- The importance of understanding product functionality to combat cyber threats
- Securing the power grid's digital transition and cloud technologies for grid control
Some questions we ask:
- What challenges and opportunities arise in securing the power grid's digital transition?
- How does AI enhance security in Windows operating systems?
- What were some of the most memorable sessions you attended at RSA?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Mark Russinovich Talks Jailbreaks
19 juni 2024 |
32 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Mark Russinovich. Mark Russinovich, CTO and Technical Fellow of Microsoft Azure, joins the show to talk about his journey from developing on-prem tools like Sysinternals to working in the cloud with Azure. Sherrod and Mark discuss the evolution of cybersecurity, the role of AI in threat intelligence, and the challenge of jailbreaking AI models. Mark shares his experiences with testing AI models for vulnerabilities, including his discovery of the "Crescendo" and "Masterkey" methods to bypass safety protocols. They also touch on the issue of poisoned training data and its impact on AI reliability, while highlighting the importance of staying ahead in cybersecurity.
In this episode you’ll learn:
- The shift from desktop computing to cloud-based systems and its implications
- Potential consequences of AI models having overridable safety instructions
- How AI training data can manipulate the outcomes generated by AI models
Some questions we ask:
- Will AI owners be able to stop data poisoning, or will it become more common?
- Can you share challenges and vulnerabilities in maintaining the security of AI systems?
- What sparked your interest in AI jailbreaks, and what trends are you seeing?
Resources:
View Mark Russinovich on LinkedIn
View Sherrod DeGrippo on LinkedIn
AI jailbreaks: What they are and how they can be mitigated?
Inside AI Security with Mark Russinovich | BRK227
https://www.youtube.com/watch?v=f0MDjS9-dNw
How Microsoft discovers and mitigates evolving attacks against AI guardrails.
Google AI said to put glue on pizza.
https://www.businessinsider.com/google-ai-glue-pizza-i-tried-it-2024-5
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Threat Landscape Update on Grandoreiro and Luna Tempest
5 juni 2024 |
33 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by two of MSTIC’s finest analysts. They discuss recent trends in financially motivated cyber threats observed by Microsoft, focusing particularly on two cases: the Grandoreiro banking Trojan and the Luna Tempest crimeware actor. The Grandoreiro Trojan, active since 2017, has expanded globally beyond its initial Latin American focus, now targeting countries like the U.S. and the UK. This Trojan typically starts with phishing emails to steal financial information. Despite efforts to disrupt this activity, new clusters have emerged. The discussion also covers Luna Tempest, a U.S.- and UK-based extortion group targeting startups and smaller companies, particularly in sectors like insurance, FinTech, and biotech, seeking high payouts by threatening to release sensitive data.
In this episode you’ll learn:
- The resilience and adaptability of threat actors in response to global disruption efforts
- Why Luna Tempest focuses solely on extortion without deploying ransomware
- How the Grandoreiro Banking Trojan has expanded globally
Some questions we ask:
- How do we distinguish between the various threat actor groups and their malware?
- What can businesses do to protect themselves from identity-based attacks?
- Have these cybercriminals perfected an extortion program?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Andrew Morris and Lauren Proehl on Infosec
22 maj 2024 |
43 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Andrew Morris, Founder & Chief Architect at GreyNoise and Lauren Proehl, Director of Global Cyber Defense at Marsh McLennan. Lauren Proehl is an experienced cybersecurity leader who has helped defend against threat actors in Fortune 500 networks and has managed multiple divisions focused in defensive security and specializes in innovative cyber defense. GreyNoise operates a huge sensor network across the internet that collects primary sourced data on which vulnerabilities attackers are exploiting, when they start, and from where. Sherrod, Lauren, and Andrew discuss the effectiveness of banning ransomware payments, the importance of focusing on backup and disaster recovery strategies, the necessity of investing in basic security measures like endpoint detection and response, multi-factor authentication, and log storage.
In this episode you’ll learn:
- The potential for ransomware attacks on physical infrastructure
- Why most are hesitant to become a CISO and the expectations that come with the role
- Challenges when try to balance technical expertise with leadership skills
Some questions we ask:
- Can government or law enforcement agencies evolve in combating ransomware?
- Where do you believe organizations can invest to improve their cybersecurity?
- How do you expect ransomware to change with tactics like double or triple extortion?
Resources:
View Lauren Proehl on LinkedIn
View Andrew Morris on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Behind the Scenes of the XZ vuln with Andres Freund and Thomas Roccia
8 maj 2024 |
33 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Thomas Roccia and Andres Freund. Andres stumbled upon a security issue within SSH while investigating performance discrepancies. He discovered a sophisticated backdoor, skillfully concealed within the LZMA library, part of the XZ package. Sherrod, Thomas, and Andres discuss the importance of proactive security measures and code review in the open-source community. They emphasize the critical role of community collaboration in identifying and mitigating security threats effectively and signal the need for heightened vigilance.
In this episode you’ll learn:
- The importance of proactive security and code review in the open-source community
- Why anomalies in software behavior should prompt curiosity and investigation
- Open-source community cooperation is vital for spotting and addressing security risks
Some questions we ask:
- Could you explain the security issue you found in SSH and its significance?
- How serious is this threat, and what steps can organizations take to defend against it?
- What advice do you have for open-source contributors?
Resources:
View Andres Freund on LinkedIn
View Thomas Roccia on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Paul Melson talks ScumBots
24 april 2024 |
43 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.
In this episode you’ll learn:
- The genesis of the project scumbots and its functionality
- Challenges when dealing with commercial threat intelligence companies
- The increasing sophistication of cybercrime and the potential for new tactics
Some questions we ask:
- How has your time in incident response evolved over the years?
- What advice would you give to aspiring cybersecurity professionals
- Do you believe organizations can adapt and innovate their defense strategies?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Microsoft Secure in San Francisco
10 april 2024 |
64 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Microsoft Secure in San Francisco and is joined by Brandon Dixon and Vasu Jakkal. As Group Product Manager for Security Copilot, Brandon is helping to shape how generative AI is used to empower professionals to focus on what matters most. Brandon reflects on how security practices have changed, mental health in the security industry and how AI can empower individuals in the tech and infosec fields. Vasu discusses her passion for cybersecurity and its impact on global safety. She emphasizes the importance of inclusivity and optimism in tackling security challenges and shares her journey into cybersecurity, which was influenced by her love for technology instilled by watching Star Trek. Vasu also highlights the transformative potential of AI, particularly Microsoft Copilot for Security, in enhancing defense capabilities and catching new threats.
In this episode you’ll learn:
- AI enhancing security practices and empowering individuals in the cybersecurity field
- The value of sharing ideas for critique, fostering inspiration, and driving innovation
- How AI has the power to unveil the wonders of the world while enhancing safety
Some questions we ask:
- How will Co-Pilot for Security affect threat intelligence professionals and their work?
- What are you using AI for at work, both in terms of security and more generic AI?
- Can you share examples of how Copilot helps in your personal life?
Resources:
View Brandon Dixon on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Live from New York it’s Microsoft Secure
27 mars 2024 |
48 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is Live from Times Square at Microsoft Secure and is joined by Chris Wysopal, Chip Calhoun, and Torrell Funderburk. Chris (aka Weld Pond) reflects on his experiences with L0pht, the evolution of bug bounty programs and their dominance in the cybersecurity space, highlighting both the benefits and drawbacks. Chip explains how Copilot for Security assists with threat hunting and script analysis, enhancing analysts' capabilities in identifying threats and malicious activities. He also touches on the prevalent threat actor profiles, highlighting the prevalence of e-crime and the potential impact of nation-state actors. Terrell expresses excitement about the advancements in their security program and the ability to detect and respond at scale. He also discusses his transition from software engineering to cybersecurity and encourages others to consider the move due to the foundational similarities between the fields.
In this episode you’ll learn:
- Complications from vulnerabilities discovered in open-source software
- Practical applications of Copilot in incident response and threat intelligence
- The importance of curiosity and problem-solving skills when building a security team.
Some questions we ask:
- How do you view the role of AI and machine learning in security, and bug bounties?
- What do you think is unique about securing critical infrastructure targets?
- Will AI influence security practices in organizations and industries going forward?
Resources:
View Chris Wysopal on LinkedIn
View Torrell Funderburk on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Data Science for Security
13 mars 2024 |
45 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Emily Yale and Anna Bertiger. The discussion delves into Emily and Anna's daily activities within the security domain. Emily highlights her role in supporting Microsoft's internal Security Operations Center by building detections for potential threats. Anna emphasizes the practical application of research in solving security problems and focuses on anomaly detection in post-breach security. Emily and Anna provide insights into Microsoft's work culture, the intersection of technology and security, the importance of mathematical and data science skills in tech roles, and the practical applications of AI tools in professional and personal contexts.
In this episode you’ll learn:
- How data scientists support the internal SOC and enhance security
- The importance of anomaly detection in post-breach security
- Combining security with mathematical skills to create practical solutions
Some questions we ask:
- What types of unusual patterns indicate malicious activity?
- Is there difficulty in securing AI models compared to traditional code?
- Should data science methods be used over complex models?
Resources:
View Anna Bertiger on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Throwing Darts in the Dark With Microsoft Incident Response
28 februari 2024 |
44 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Stella Aghakian and Holly Burmaster. They explore the intrigue of watching threat actors and their techniques and walk through these techniques and how they are educational and critical in threat intelligence work. They also discuss their experiences at Microsoft Ignite, insights into the cyber threat actor Octo Tempest, and personal reflections on threat intelligence and favorite threat actors. Both Stella and Holly discuss how they thrive on the uncertainty and variety of their work despite the long hours and high pressure but appreciate the supportive team environment that helps them.
In this episode you’ll learn:
- Challenges of incident response when dealing with destructive threat actors
- Difficulty in managing the emotional aspects of incident response
- The unpredictability and dynamic nature of incident response work
Some questions we ask:
- How is the workflow structured in incident response teams?
- What traits are crucial for excelling in the high-pressure world of incident response?
- Do Dart and Mystic teams collaborate in incident responses?
Resources:
View Stella Aghakian on LinkedIn
View Holly Burmaster on LinkedIn
View Sherrod DeGrippo on LinkedIn
Octo Tempest Threat Actor profile
Protecting credentials against social engineering
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Iran’s Influence Operations
14 februari 2024 |
43 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Bryan Prior and Nirit Hinkis from the Microsoft Threat Analysis Center. Sherrod, Bryan, and Nirit discuss Iranian influence operations, distinguishing between influence and information operations. The conversation covers examples of cyber-enabled influence operations, focusing on Iran's actions related to the 2020 U.S. presidential elections and the Israel-Hamas war. The discussion covers tactics Iranian actors use, such as impersonation, recruiting locals, and leveraging email and text messages for amplification. The podcast brings context to the intricacies of Iranian cyber activities, their collaborative efforts, propaganda consumption, creative tactics, and challenges in attribution for influence operations.
In this episode you’ll learn:
- The collaboration among Iranian groups in cyber-enabled influence operations
- Wiper attacks in situations involving both cyber and kinetic operations
- Unique aspects of Iran's influence operations
Some questions we ask:
- What's the reason behind a spike in Iranian propaganda consumption in Canada?
- Where does Iran fall compared to other countries like Russia and North Korea?
- What might be coming up regarding Iranian cyber attacks and influence operations?
Resources:
View Sherrod DeGrippo on LinkedIn
Iran Accelerates Cyber Ops Against Israel
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Mobile Threat Landscape Update
7 februari 2024 |
41 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca, Laurie Kirk, and Apurva Kumar. Today's discussion concerns a recent release from the Chaos Computer Congress, where researchers discovered and analyzed a zero-click attack on iPhones. The attack involves four zero-day vulnerabilities in iOS, requiring a malicious iMessage, a hardware bug, and a Safari exploit. The spyware discovered was specifically targeting security researchers. Sherrod, Christine, Laurie, and Apurva explore the significance of this attack, its implications for mobile security, the concept of zero-click attacks becoming more prevalent on mobile devices, and the importance of researchers being vigilant about their security.
In this episode you’ll learn:
- Why you should consider the threat landscape when traveling internationally
- The technical and strategic aspects of mobile threat intelligence
- Prevalence of spyware on both Android and iOS platforms
Some questions we ask:
- How can attackers disguise Trojans to harvest personal details?
- What are the communication vehicles that you're seeing phishing come from?
- How do I know if I have malware on my phone?
Resources:
Follow Christine on Twitter @x71n3 & @herhaxpodcast
View Sherrod DeGrippo on LinkedIn
37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
North Korea Threat Landscape Update
24 januari 2024 |
36 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Greg Schloemer and Matthew Kennedy. Sherrod, Greg, and Matthew discuss North Korean cyber operations, highlighting the unique aspects that set North Korea apart, emphasizing North Korea's persistence, adaptability, and the blending of APT and cybercrime elements, mainly focusing on revenue generation through activities like cryptocurrency theft. The discussion touches on the notorious Lazarus group, known for the Sony Pictures attack and WannaCry, and how their actions captured global attention. Sherrod, Greg, and Matthew also share personal insight into why they're drawn to this particular area of cybersecurity, offering listeners a unique perspective on the motivations and passions driving those at the forefront of defending our digital world.
In this episode you’ll learn:
- The evolution of North Korean cyber operations
- How cryptocurrency theft is used as a means to support the state
- North Korea's unique approach to cyber operations and strategic evolution over time
Some questions we ask:
- How much work have you put into becoming a blockchain and cryptocurrency expert?
- What challenges arise in defending against these specific software supply chain attacks?
- Why are you interested in working on North Korea-related cybersecurity?
Resources:
View Greg Schloemer on LinkedIn
View Matthew Kennedy on LinkedIn
View Sherrod DeGrippo on LinkedIn
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
Microsoft Ignite Special Edition
10 januari 2024 |
37 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jeremy Dallman, Kimberly Ortiz, and Steve Ginty. Sherrod emphasizes the importance of understanding vulnerabilities before they're exploited in the wild and discusses the process of responding to security vulnerabilities, including identifying threat actors and the urgency of patch deployment, especially for vulnerabilities targeted by ransomware groups. The conversation also focuses on Security Copilot, a tool built on Microsoft's extensive threat intelligence, designed to make SOC analysts' work more accessible by providing immediate, relevant information on threats. This episode offers an insider's view on how these professionals track internal incident responses, share crucial intelligence with customers, and continuously evolve their processes to ensure swift, accurate delivery of threat intelligence.
In this episode you’ll learn:
-How collaborating with multiple MS teams enhances intel delivery
-Interaction between Microsoft Defender Threat Intelligence and Security Copilot
-Publishing actor profiles based on internal observations of techniques and procedures
Some questions we ask:
-How will the world of AI affect the role of threat intelligence?
-What are you most excited about when it comes to AI in cybersecurity?
-When do we share intel with customers, and has that process changed over the years?
Resources:
View Kimberly Ortiz on LinkedIn
View Jeremy Dallman on LinkedIn
View Sherrod DeGrippo on LinkedIn
MDTI: Now Anyone Can Tap Into Game-Changing Threat Intelligence
The Future of Security with AI
A Year in Intel: Highlights from Microsoft's Global Stand Against APTs
The risk of trust: Social engineering threats and cyber defense
Related Microsoft Podcasts:
Afternoon Cyber Tea with Ann Johnson
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
A Journey through Cyberwarcon
13 december 2023 |
38 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Judy Ng, Mark Parsons, and Ned Moran. Together, they delve into the riveting world of Cyberwarcon, exploring the activities of threat actors such as Volt Typhoon from China and Iranian-based adversaries. Sherrod sheds light on Volt Typhoon's strategic targeting of critical infrastructure while the team elaborates on the Iranian actors' reactive and opportunistic approach to current cyber attacks. The episode unfolds with insightful discussions of sophisticated techniques like "living off the land" and the intricacies of information operations while providing a deep dive into the evolving landscape of cyber threats and intelligence.
In this episode you’ll learn:
- The use of AI in the current world of cybersecurity
- Why North Korean cyber activity is often referred to as Lazarus
- Unique challenges and motivations for tracking APT groups
Some questions we ask:
- What are some challenges when following chaotic and unpredictable threat actors?
- How do you balance secondary projects like incident response and ransomware?
- What motivates someone to pursue a career in APT tracking and analysis?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
Threat Landscape with Wes Drone
29 november 2023 |
38 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Threat Research and Intelligence Leader Wes Drone. Wes has spent five years investigating criminal and national security computer intrusions for the FBI Cyber Division. After the FBI, he helped a Fortune 25 healthcare organization mature its security operations while gaining first-hand experience in risk management. Sherrod and Wes discuss his current role at Microsoft, where he focuses on messaging and web research. They also touch on the evolving landscape of phishing attacks and the impact of ChatGPT on code writing and security.
In this episode you’ll learn:
- How ChatGPT has improved code and empowered security to create better code
- Why phishing attacks have evolved with new techniques and capabilities
- The preferences of threat actors and their willingness to adapt
Some questions we ask:
- How have ransomware attacks shifted to a broader issue for entire businesses?
- Why should defenders be constantly adapting to new tactics from threat actors?
- What challenges and strategies have you noticed from the existing threat landscape?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
Punching Miscreants with Jack Mott
15 november 2023 |
26 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Jack Mott to discuss the movie "Heat" and its relevance to social engineering and threat actor psychology. They also chat about the challenges of identifying real threats in the world of information security, highlighting the need for vigilance in detecting both evident and subtle threats. The conversation revolves around the complexities of distinguishing between genuine and malicious activity and the importance of a nuanced approach to cybersecurity.
In this episode you’ll learn:
- Why experimentation and new approaches in the security industry are so necessary
- Microsoft's approach to handling and investigating blocked threats
- The importance of an adaptive system to stay updated on evolving threats and behaviors
Some questions we ask:
- Why is curiosity a crucial quality for success in the information security field?
- How do you deal with making mistakes and taking risks in your work?
- Why do you foster relationships and share information with other professionals?
Resources:
View Sherrod DeGrippo on LinkedIn
Microsoft Ignite Panel, The risk of trust: Social engineering threats and cyber defense
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
Octo Tempest Threat Actor Profile
1 november 2023 |
46 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft threat research experts to talk about the activities of a threat actor known as Octo Tempest (which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944) and the blog released by Microsoft threat intelligence and Microsoft incident response groups. The discussion covers various tactics, techniques, and procedures Octo Tempest employs, such as SIM swapping, SMS phishing, and living off the land rather than using traditional malware. Octo Tempest is portrayed as a highly bespoke and hands-on threat actor, often engaged in "keyboard-to-keyboard combat" and showing extreme persistence even after being detected.
In this episode you’ll learn:
- Techniques used to modify email rules and evade defensive tools
- The contrast between tailored attacks and automated targeted threat actors
- Why organizations should separate high-privileged accounts from normal user accounts
Some questions we ask:
- Is there an end game for OctoTempest, and is it always ransomware?
- What is the importance of assuming the first-factor password is already compromised?
- How can organizations test controls and alerting for their security posture?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
China Threat Landscape: Meet the Typhoon
25 oktober 2023 |
36 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft Senior Security Researcher Graham Dietz. Graham provides intelligence-led recommendations to improve cybersecurity posture in the future. They are creating customer-ready reports and presentations incorporating threat actor attribution, threat detection and hunting guidance, and remediation recommendations. Sherrod and Graham discuss China's extensive history in cyber operations, targeting domestic and international entities, including diplomatic organizations and industrial espionage.
In this episode you’ll learn:
- How patriotic hackers are thriving inside the Chinese cybercrime underground
- The complexity and diversity of Chinese cyber activities
- China's economic strategies and how they relate to cyber operations
Some questions we ask:
- What should someone do when handed an unknown USB device by a stranger?
- Why does China target organizations without staying completely hidden?
- What sets China apart as an advanced persistent threat?
Resources:
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
Exploring Mobile Threats
11 oktober 2023 |
49 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca. Christine is a senior mobile security researcher at Microsoft, specializing in iOS and mobile exploit development. Christine and Sherrod discuss mobile device security and privacy concerns, mainly focusing on Apple AirTags and similar tracking devices, concentrating on the potential for misuse of these devices for shady purposes, the challenges of tracking and detecting them, and steps individuals can take to protect themselves if they suspect they are being tracked. They also examine the evolving landscape of mobile security and offer practical advice for safeguarding personal information and privacy in increasingly interconnected devices.
In this episode you’ll learn:
- How attackers gain access to banking apps and iCloud accounts
- The privacy implications of Bluetooth trackers
- Why the landscape of mobile security is constantly evolving
Some questions we ask:
- What's a mobile zero day?
- How can I and people listening protect themselves on their iPhones?
- What common technique do fishers use to make URLs appear legitimate?
Resources:
Follow Christine on Twitter @x71n3 & @herhaxpodcast
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
Incident Response with Empathy
11 oktober 2023 |
43 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Matthew Zorich, a Principal Consultant with Microsoft Incident Response. Sherrod and Matt discuss his motivation for creating accessible and open-source forensics tools and resources for entry-level forensics, aiming to guide those without extensive resources. They also examine the importance of helping smaller businesses and individuals understand and practice incident response and forensics, considering the potentially devastating impact of cyberattacks on them. Matt also emphasizes the importance of knowledge sharing and practical experimentation in incident response and identity forensics to help individuals and organizations better defend against cyber threats.
In this episode you’ll learn:
- The challenges of identity-based forensics
- Tactics threat actors use to compromise accounts without raising suspicion
- The importance of distinguishing personal and work identities when assessing threats
Some questions we ask:
- Why is it important to distinguish personal and work email from a threat perspective?
- How do you protect essential accounts in a large organization?
- Would you consider text messages as a reliable method to enhance security?
Resources:
View Matthew Zorich on LinkedIn
View Sherrod DeGrippo on LinkedIn
Related Microsoft Podcasts:
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
Peach Sandstorm
11 oktober 2023 |
42 min
On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Threat Intelligence Analyst Simeon Kakpovi, Intelligence Analyst Lauren Podber, and Senior Hunt Analyst Emiel Haeghebaert. In this episode, Sherrod and guests explore the evolving nature of the Iranian APT group known as "Peach Sandstorm." They discuss how they mature over time while providing valuable insights into APT actors and their evolving strategies. They discuss techniques such as password spraying and the next steps attackers take to establish persistence within the victim's environment. Sherrod also highlights Iran's unique approach to cyber operations, where they exhibit creativity and perseverance in achieving their objectives, even when they may only sometimes be the most technically sophisticated group among nation-state actors.
In this episode you’ll learn:
- The contrast between APT actors and cybercriminals
- How organizations can protect themselves against password spray attacks
- The importance for defenders to understand the motivations and tactics of APT actors
Some questions we ask:
- What is the difference between a brute force attack and a password spray attack?
- How does Iran's cyber capabilities compare to those of other countries?
- What are some key differences between Iran and APT actors like Russia and China?
Resources:
How Microsoft Names Threat Actors
View Simeon Kakpovi on LinkedIn
View Lauren Podber on LinkedIn
View Emiel Haeghebaert on LinkedIn
View Sherrod DeGrippo on LinkedIn
Peach Sandstorm
Ingredients:
- 1 ripe peach, peeled and pitted
- 1 1/2 oz Arak (a traditional Middle Eastern aniseed-flavored spirit)
- 1 oz fresh lemon juice
- 1 oz rose water
- 1/2 oz simple syrup
- A pinch of saffron strands (soaked in 1 tablespoon of warm water for 10 minutes)
- Crushed ice
- Fresh mint leaves for garnish
- Edible rose petals for garnish
Instructions:
1. In a blender, combine the peach, Arak, lemon juice, rose water, simple syrup, saffron water, and a good amount of crushed ice.
2. Blend until smooth and frosty.
3. Pour into a chilled glass.
4. Garnish with fresh mint leaves and edible rose petals.
Related Microsoft Podcasts:
- Afternoon Cyber Tea with Ann Johnson
- The BlueHat Podcast
- Uncovering Hidden Risks
- Security Unlocked
- Security Unlocked: CISO Series with Bret Arsenault
- Secure the Job: Breaking into Security
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
The Microsoft Threat Intelligence Podcast - Trailer
5 oktober 2023 |
2 min
Join us to hear stories from the Microsoft Threat Intelligence community as they navigate the ever-evolving threat landscape - uncovering APTs, cybercrime gangs, malware, vulnerabilities, and other weird and cool tools and tactics in the world of cyber threats. Featuring tales of innovation, teamwork, and cyber espionage, tune in to hear in-depth analyses of Microsoft's influence on the threat landscape and behind-the-scenes stories from the tireless researchers and analysts that take part. This enthralling and insightful podcast is delivered in a casual, conversational style that transports you to the frontlines of cyber defense.
Related Microsoft Podcasts:
- Afternoon Cyber Tea with Ann Johnson
- The BlueHat Podcast
- Uncovering Hidden Risks
- Security Unlocked
- Security Unlocked: CISO Series with Bret Arsenault
- Secure the Job: Breaking into Security
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Get the latest threat intelligence insights and guidance at Microsoft Security Insider
The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.
00:00
-00:00
En liten tjänst av I'm With Friends. Finns även på engelska.