Microsoft Threat Intelligence Podcast

Andrew Morris from GreyNoise and Lauren Proehl from Marsh McLennan discuss banning ransomware payments, backup strategies, basic security measures, and investing in cyber defense. They explore challenges faced by CISOs, potential for ransomware attacks on physical infrastructure, and evolving tactics like double or triple extortion. The conversation touches on the effectiveness of law enforcement in combating ransomware and where organizations can invest to enhance cybersecurity.

Andres Freund and Thomas Roccia discuss discovering a backdoor in the XZ package, emphasizing proactive security measures and code review in open source. They highlight the importance of community collaboration in identifying and mitigating security threats effectively.

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by former VP of Cybersecurity Solutions at Target Paul Melson. Sherrod and Paul reflect on his experiences in incident response, highlighting the adrenaline rush of detecting and evicting adversaries before they cause harm. Their discussion includes a run down the rabbit hole of open-source intelligence and the creation of the @scumbots twitter feed. They explore the culture at Target's cybersecurity team, emphasizing the importance of hiring for attitude and the potential for new threats like bribery and insider threats. Paul shares insights into his experiences in cybersecurity and his concerns about future threats, emphasizing the need for continued vigilance and innovation in defense strategies. The episode provides valuable insights into the challenges and developments in cybersecurity, offering practical advice for both professionals and organizations navigating the ever-changing threat landscape.     In this episode you’ll learn:       The genesis of the project scumbots and its functionality  Challenges when dealing with commercial threat intelligence companies   The increasing sophistication of cybercrime and the potential for new tactics     Some questions we ask:      How has your time in incident response evolved over the years?  What advice would you give to aspiring cybersecurity professionals  Do you believe organizations can adapt and innovate their defense strategies?    Resources:  Scumbots on Twitter View Paul Melson on LinkedIn     View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts  Get the latest threat intelligence insights and guidance at Microsoft Security InsiderThe Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Join Brandon Dixon and Vasu Jakkal in discussing how AI empowers cybersecurity professionals, the importance of inclusivity in tackling security challenges, and the transformative potential of AI in enhancing defense capabilities. Explore how AI can automate tasks, enhance coding abilities, and streamline work tasks, while promoting inclusivity and optimism in the field of information security.

Reflecting on experiences with L0pht, Chris discusses bug bounty programs in cybersecurity. Chip explains Copilot for Security's role in threat hunting and script analysis. Torrell discusses advancements in their security program and transitioning to cybersecurity.

Emily Yale and Anna Bertiger discuss their roles in Microsoft's Security Operations Center and the practical applications of data science in security. They highlight anomaly detection, importance of mathematical skills, and using AI tools. The podcast explores the intersection of technology and security, securing AI models, and the need for data science methods in tech roles.

Exploring threat actors' techniques and incident response challenges. Insights into Octo Tempest. The dynamic nature of incident response work. Managing emotions in high-pressure situations. Teamwork and collaboration in cybersecurity. Importance of comprehensive data collection. Unpacking persistence and dwell time in cyber attacks. Personal narratives in the journey to cybersecurity. Promoting diversity in Microsoft's incident response team.

Join Bryan Prior and Nirit Hinkis from Microsoft Threat Analysis Center as they discuss Iranian influence operations, tactics like impersonation and propaganda consumption, challenges in attribution, and collaboration among Iranian groups. Discover insights on Iran's cyber activities and potential future cyber attacks.

Mobile threat researchers Christine Fossaceca, Laurie Kirk, and Apurva Kumar discuss a recent zero-click attack on iPhones targeting security researchers. They explore the significance of the attack, its implications for mobile security, and the rising prevalence of zero-click attacks on mobile devices. They also discuss phishing scams involving gift cards, their experiences with scammers, mobile fraud, and the safety of app stores. The episode wraps up with thanks to the guests and a teaser for an upcoming episode.

Sherrod DeGrippo, Greg Schloemer, and Matthew Kennedy discuss North Korean cyber operations, emphasizing their persistence, adaptability, and revenue generation through cryptocurrency theft. They explore the actions of the Lazarus group and its impact on North Korean cyber operations. The speakers also highlight Diamondsleet's software supply chain attack and the success of the Jade Sleet group in cryptocurrency thefts. They discuss North Korea's mindset of evolution, diverse techniques employed in cyber operations, and challenges of laundering stolen money. The speakers share their interests in cybersecurity and hope for regular updates on North Korea.