In this episode, we draw parallels between natural disasters and navigating today’s cybersecurity landscape. From the importance of preparation and layered defenses to the critical need for constant monitoring and resilience, we uncover valuable lessons that nature’s challenges can teach us about protecting systems and data. Whether you’re an IT professional, a business owner, or just someone passionate about cybersecurity, this episode will inspire you to think differently about your defenses—and stay one step ahead.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360.Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections.In this episode, we cover:The fundamentals of email spoofing and why it's a significant threat.Insight into the recent echo spoofing campaign exploiting Proofpoint's misconfiguration.The role of SPF, DKIM, and DMARC in combating email spoofing.How threat actors are using Microsoft 365 to bypass email protections.Mitigation strategies and the latest updates from Proofpoint and Microsoft to address these vulnerabilities.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance.In this episode, we cover:Implementing multi-factor authentication for domain adminsThe benefits and importance of using CIS benchmarks for Windows 10 and 11Advantages of having a consistent standard in an active directory environmentAssurance and verification tools available in the benchmarksSimulated environment testing and active community participation for benchmark improvementBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we’re discussing what a seasoned CISO is focused on going into 2025. Mike Whitt is a Cheif Information Security Officer in the financial sector with over 20 years of experience building teams, security programs, and leading organizations to a more secure posture. https://www.linkedin.com/in/mike-whitt-a4b4802/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

This discussion uncovers the high costs of penetration testing and whether they're justified. Listeners will learn about the staggering financial toll data breaches take on various industries. It dives deep into the hidden costs related to security incidents, including lost trust and recovery expenses. The value of human expertise in pentesting is emphasized over automated solutions. Ultimately, proactive security investments are framed as essential to avoiding even bigger financial risks in the future.

In this episode, we’re diving into one of the most enduring cybersecurity challenges—weak passwords. We’ll explore how poor password practices and identity management pitfalls leave organizations vulnerable to compromise. From understanding the most common mistakes to implementing effective defenses, we’re breaking down what it takes to fortify your systems against attackers exploiting the weakest link. Sourceshttps://www.verizon.com/about/news/2023-data-breach-investigations-report?utm_source=chatgpt.comhttps://blog.1password.com/challenges-of-shadow-it/https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024?msockid=2e875ee0e1fe64d22f854aa6e0746523Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this engaging discussion, Robert McElroy, VP at SecureIT 360 with over a dozen years in security governance, shares insights on understanding and managing organizational risk. He dives into the distinction between risk and incident management, emphasizing the need for contextual assessments in cybersecurity. McElroy explores the importance of identifying critical systems, ongoing evaluations, and the role of senior management in prioritizing risks. He also highlights the intricacies of risk management in M365 environments and the value of KPIs in measuring effectiveness.

Discover the struggles of translating penetration test results into actionable security improvements. Explore the complexities organizations face with distributed responsibilities and limited resources. Learn about the vital role of management in cybersecurity and the importance of training internal IT staff. Delve into the necessity of prioritizing timely remediation of vulnerabilities to foster a proactive security culture. Unpack the paradox of viewing penetration tests as mere checkboxes and instead embrace them as essential security measures.

A sophisticated Russian cyber group has ramped up spear-phishing efforts by exploiting malicious RDP files. This new tactic targets government and IT sectors, indicating a troubling evolution in their methods. The discussion covers vulnerabilities of Remote Desktop Protocol and highlights the potential risk of harmful file types in emails. Essential security practices are emphasized to guard against these threats, while the importance of user education and adhering to CIS benchmarks is underscored to bolster defenses.