The Security Swarm Podcast

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the Monthly Threat Report focuses on data from October.

During the episode, Andy and Eric Siron explore the rise of PDF-delivered malicious payloads, shifts in target industries, and escalating brand impersonation attempts in shipping and finance. They delve into Microsoft’s response to a recent cloud services attack and a significant vulnerability in Citrix NetScalers dubbed CitrixBleed, shedding light on the evolving threat landscape.

Join us for an insightful analysis of the latest cybersecurity developments, providing valuable insights for both professionals and enthusiasts alike.

Timestamps:

(3:07) – What is the general state of email threats during the last month?

(6:31) – What types of files are being used to deliver malicious files?

(9:38) – What industries are being targeted the most throughout the data period?

(14:40) – What are the most impersonated brands during the last month?

(18:52) – An update on the Microsoft Storm-0558 breach

(23:01) – The CitrixBleed Vulnerability Impacting Citrix NetScaler

(30:31) – Commentary on the SEC’s charges against SolarWinds and their CISO

Episode Resources:

Full Monthly Threat Report for November

Law Enforcement Shutdown of Qakbot

Paul and Andy Discuss Storm-0558

Security Awareness Service - Request Demo

Andy on LinkedIn , Twitter , Mastodon

Eric on Twitter

In today’s episode of the Security Swarm Podcast, Andy and Eric Siron discuss the Monthly Threat Report of August 2024. They cover the aftermath of the CrowdStrike incident, Microsoft's proposed enhancements to improve the security of their ecosystem, as well as the discovery of a vulnerability in AMD processors that could allow persistent malware.

Additionally, they discuss the emergence of new AI jailbreak attacks, which can bypass content restrictions and generate harmful outputs and a VMware ESXi vulnerability that could allow attackers to gain access to virtual machines.

Key Takeaways:

• The CrowdStrike incident highlights the need for rigorous software testing.
• Microsoft is moving forward with some changes and guidance on kernel access as a direct response to the CrowdStrike incident.
• Researchers have discovered a vulnerability in AMD processors that could allow threat actors to embed persistent malware, underscoring the ongoing battle against advanced threats.
• The Olympic Games have been the target of dozens of foiled cyberattacks, demonstrating the high-stakes nature of nation-state cyber conflicts.
• There is a new critical vulnerability in the VMware ESXi Hypervisor that allows authentication bypass. Broadcom has released a patch

Timestamps:

(01:00) CrowdStrike Incident and Lessons Learned

(04:14) Importance of Proper Software Testing and Development Processes

(7:21) Potential Consequences of Rushed Software Updates

(28:18) AI Jailbreak Attacks and Generative AI Risks

(33:43) VMware ESXi Vulnerability and Potential Ransomware Implications

(37:53) Bumblebee Loader and the Threat of Rapid Active Directory Compromise

(39:41) HealthEquity Data Breach and the Normalization of PII Breaches

(40:17) Anonymous Sudan and Their Disruptive DDOS Attacks

(41:54) Cyber Attacks on the Olympic Games and the Role of Nation-State Actors

Episode Resources:

Full Monthly Threat Report

Podcast episode on Anonymous Sudan

AMD CPU Vulnerability Info

Webinar where Andy covers the ways threat actors use Generative AI

VMware ESXi Authentication Bypass Exploit

Security Swarm Podcast re: threat actor attacks on the Olympic Games

In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Eric Siron provide a comprehensive monthly threat review. They cover several major cybersecurity incidents and trends from the past month, including:

• The massive data breach at data broker National Public Data exposed over 2.9 billion personal information records. They discuss the risks of this breach, such as increased targeted phishing and social engineering attacks.
• A joint government agency warning about the Ransom Hub ransomware has impacted over 200 victims since February 2022, including critical infrastructure and high-profile organizations.
• A case study of an IT administrator who held his employer's systems for ransom by deploying logic bombs, highlighting the risks of insider threats even within trusted IT teams.

They also touch on the topics of vendor risk management and the history of election tampering and provide recommendations for organizations to mitigate these threats. In conclusion, EP62 provides valuable insights into the ever-changing cybersecurity landscape and offers practical advice for security professionals.

Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!

Key Takeaways:

• The National Public Data breach exposed a vast amount of personal information, including names, email addresses, phone numbers, Social Security numbers, and more. This creates risks of more targeted phishing and social engineering attacks.
• The continued use of easily abused identification methods like Social Security numbers underscores the urgent need to explore more secure alternatives, such as cryptographic key pairs. This is crucial in reducing the risks of identity theft.
• Insider threats from trusted IT staff members can pose a significant risk, as evidenced by the case of an IT admin holding their employer's systems for ransom. Implementing practices like just-in-time administration and least-privilege access is crucial to mitigate these potentially devastating threats.
• Overreliance on cloud-based services and a single vendor for critical business functions can lead to vendor risk and single points of failure.
• Election security remains a significant concern, with the threat of interference and disinformation campaigns continuing. Ensuring robust cybersecurity measures at the state and local levels is crucial for protecting the integrity of elections.

Timestamps:

(03:17) The National Public Data Breach

(12:21) The Issues with Social Security Numbers

(18:02) The Danger of Insider Threats

(27:10) The Risks of Vendor Dependence

(34:12) Recommendations for Protecting Against Threats

Episode Resources:

Security Lab LinkedIn Group

In-depth analyses from Hornetsecurity’s Security Lab

#StopRansomware: RansomHub Ransomware | CISA

Passkeys in Microsoft Entra: Benefits, Implementation Tips & More (hornetsecurity.com)

How Threat Actors Tamper with Elections (hornetsecurity.com)

--

Secure your organization against the evolving threat landscape! Discover how Hornetsecurity's Advanced Threat Protection, Security Awareness Service, and 365 Total Protect...

In today's episode, Andy has a special guest from our product development team at Hornetsecurity - Jean Paul (JP) Callus. The episode goes into an insightful discussion on how threats have morphed over the years. Andy and Jean Paul recount the days when backup primarily served as a safety net against accidental data loss and hardware failures. Fast forward to today, and backups have become a key weapon in the fight against ransomware and other sophisticated attacks.

The use of Large Language Models (LLMs), like ChatGPT has skyrocketed, infiltrating multiple facets of modern life. In today's podcast episode, Andy and Paul Schnackenburg explore Microsoft 365 Co-Pilot and some surprising risks it can surface. Microsoft 365 Co-Pilot is more than just a virtual assistant: it's a powerhouse of productivity! It is a versatile generative AI tool that is embedded within various Microsoft 365 applications, and as such, it can execute various tasks across different software platforms in seconds.