Cyber Security Headlines

Week in Review: Microsoft deactivation flaw, BeyondTrust on KEV, LLM generated malware

Dec 27, 2024

Steve Zalewski, a seasoned cybersecurity advisor and CISO in residence, joins to dive into the current landscape of cyber threats. He discusses the ongoing vulnerabilities in Microsoft 365, particularly concerning product deactivation and phishing risks. Zalewski also critiques traditional responses like rebooting systems to solve flaws, advocating for a more robust cybersecurity strategy. The conversation highlights the dangers of large language models creating malware and underscores the critical need for innovative defenses in today’s tech-driven world.

31:55

Creator website

Episode guests

Steve Zalewski

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The phishing attack on General Dynamics underscores the persistent risk of human error in cybersecurity, necessitating ongoing training and communication for employees.

Japan Airlines' cyber incident highlights the vulnerabilities of essential services to attacks during peak periods, raising concerns about infrastructure resilience amidst rising cyber threats.

Deep dives

Phishing Attack Targeting General Dynamics Employees

General Dynamics experienced a phishing attack that compromised the accounts of 37 employees, highlighting the ongoing issue of social engineering in cybersecurity. The attackers deceived employees into revealing their usernames and passwords through a fraudulent advertising campaign, which led to unauthorized access to sensitive personal information, including PII and government IDs. Despite the company's efforts in cybersecurity training and protocols, human error remains a significant vulnerability, underscoring the importance of continuously addressing user behavior in security strategies. This case illustrates the persistent challenge organizations face in balancing security measures with user accessibility, emphasizing the need for effective communication and training around the necessity of such precautions.

Intro

4min

Navigating Cybersecurity Challenges

7min

Data Breach Lessons: Outages and Oversights

4min

Data Security and User Challenges in Microsoft 365

3min

Rebooting Cybersecurity: Addressing Systemic Vulnerabilities

10min

Navigating the Dual-Edged Sword of Technology in Cybersecurity

4min

Link to episode page

This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, CISO in Residence

Thanks to our show sponsor, ThreatLocker

Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.

All links and the video of this episode can be found on CISO Series.com

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cyber Security Headlines

Week in Review: Microsoft deactivation flaw, BeyondTrust on KEV, LLM generated malware

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Phishing Attack Targeting General Dynamics Employees

Cyber Attack Affects Japan's Airline Operations

TechCrunch's Review of Poorly Managed Data Breaches

Remember Everything You Learn from Podcasts