))
Security Unlocked explores the technology and people powering Microsoft's Security solutions. In each episode, Microsoft Security evangelists Nic Fillingham and Natalia Godyla take a closer look at the latest innovations in threat intelligence, security research, and data science, with a special focus on demystifying artificial intelligence and machine learning. Be sure to listen in and follow us! Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
The success of crypto inspired dozens of other cryptocurrencies like Ethereum, Tether, and Dogecoin. Today, people worldwide use cryptocurrencies to buy things, sell things, and make investments. One thing is certain; digital currencies are here to stay, no matter how many times you have to explain what a bitcoin is. Unfortunately, it also created …
…
continue reading
Ransomware attacks have never been so successful. The returns from these attacks are soaring and only becoming easier to conduct. In chapter two of the Microsoft Digital Defense Report, the growing threat of cybercrime is covered in great detail. As we continue to go over the MDDR, it's more apparent than ever that the cybercrime economy and servic…
…
continue reading
Everything is exciting and new when you're a kid, and curiosity inspires many of us to branch out and try new things. For some, that means drawing from our imagination or trying all kinds of sports. And for others it means spending days at the library, checking out books on modem communications, and eventually hacking into the local dial-up communi…
…
continue reading
Disinformation refers to the calculated use of false information to influence others and has been a steadily growing form of information warfare. Unfortunately, disinformation is everywhere these days, often hidden in plain sight. Criminals will also adapt and take advantage of technologies, such as AI and deepfakes, to increase the effectiveness o…
…
continue reading
Microsoft works around the clock to protect their customers, no matter what product they’re using, Microsoft or otherwise. In some instances Microsoft teams up with other companies, creating an all-star cybersecurity team, to handle newly discovered vulnerabilities. It helps everyone stay more secure, and of course, that's the ultimate goal, right?…
…
continue reading
In December 2020, Microsoft began sharing information with the cybersecurity industry on a group of Russia-based hackers who gained access to multiple enterprises through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens. In this supply chain attack, hackers could access the SolarWinds code, slip ma…
…
continue reading
We are back, covering more of the 2021 Microsoft Digital Defense Report, and this time we’re taking a deep dive into chapter five on Hybrid Workforce Security and Zero Trust. Zero Trust means precisely what it sounds like, never assuming any device or identity is secure; it's like having major trust issues, but in a professional way. With most busi…
…
continue reading
The way most people operate online these days, what would you even consider private anymore? We are so quick to share details about our job, home, friends, and family without even thinking about how much personal info we're giving away. Privacy and user agreements are a part of almost everyone's life at this point, and what do you know about them? …
…
continue reading
The newfound popularity of the internet in the nineties spurned an obsession with hacking. Unfortunately, most movies believed that it wasn't possible to show real hacking and still be entertaining; hence all the awkward video game graphics and characters living in sketchy basements regularly yelling out, "We're in!" while pounding on their keyboar…
…
continue reading
1
The 2021 Microsoft Digital Defense Report
39:22
39:22
Play later
Play later
Lists
Like
Liked
39:22
Okay, look, we know you plan on reading the entire 2021 MDDR at some point. But you're busy. Life gets in the way. We get it. Who has the time! Well, we've got the time, but that's beside the point, and honestly... fortunate for you. We've read the report front to back and have decided to cover some of it today on the podcast, but you'll still need…
…
continue reading
What would you say is the most personal possession that you own? Most would say their cell phone... unless you still have a few journals from high school. And if you do, this is your reminder that it might be time to let those go. It's become increasingly apparent lately how much info our phones collect from us, from the first app you check in the …
…
continue reading
You're back home celebrating the holidays with friends and family, sharing stories, catching up, and discussing your plans for the year ahead. Next thing you know, that cousin who wouldn't stop sending you emails about the "future of bitcoin" and coin mining kicks the door open, and he's ready to spread some holiday knowledge. Oh yeah, he's also go…
…
continue reading
Do you have a data science or engineering background? If so, you're in luck. If not, you're also in luck because today's guest found a way to make a few complex subjects understandable for everyone. The first of many topics... Fuzzy hashing. It might sound like an adorable, adventurous Muppet character, but I promise you the reason behind it is not…
…
continue reading
Juan Hardoy leads an international team of investigators, analysts, and lawyers inside the Digital Crimes Unit who share a joint mission to protect customers and promote trust in Microsoft technologies. Hearing that might take your imagination to a place where Juan is deputized to fight crime in digital space, and you wouldn't be completely wrong. …
…
continue reading
Have you ever thought about a career in threat intelligence or cyber security? Possibly finishing school with a degree in computer programming and feel overwhelmed with what to do next? Don't worry; we've all experienced this. Maybe not specifically with computer programming, but the figuring it out aspect. You could be ending active military servi…
…
continue reading
It's finally Friday. You successfully made it through another week and the weekend is so close you can taste it. You pour yourself a bowl of your favorite cereal, but before you can get that first bite your phone rings. It's a random number, but for some reason you're feeling chatty and decide to answer. Unfortunately, it's a robot that somehow kno…
…
continue reading
Picture this: you’re working on a new software that will revolutionize your industry. You’ve got your work cut out for you, from design to programming to integration. But what about security? Keeping your software secure should be in the conversation from day one, but not all developers are well-versed in application security. The good news is that…
…
continue reading
Electricity is all around us. In fact, you’re using it to read this right now. It powers (no pun intended) our everyday lives, and it works without us having to think about it. It’s kind of like breathing. I mean, you don’t have to tell your lungs “Hey! Start breathing right now!” But just like with breathing, the problems that can follow an interr…
…
continue reading
8 trillion. It’s kind of a big number, right? That’s how many signals are collected, processed, and analyzed by Microsoft’s security team every single day. Those signals are travelling from the cloud, coming through endpoints, coming through Bing, coming through Xbox. All of these signals are turned into intelligence, and if you’re a cloud user, th…
…
continue reading
How likely are you to fall for a scam? Survey Says… depends on your demographic. Scammers are evolving, from cold calls on the phone, to computer desktop pop-ups with nagging alarm sounds, to buying out search terms like “email support.” Tech support scams have become an ever-present threat in our online world with 3 out of 5 people globally experi…
…
continue reading
1
Talking Security With Non-Security Professionals
37:38
37:38
Play later
Play later
Lists
Like
Liked
37:38
Every occupation has its unique jargon that allows professionals to speak their own language and understand each other’s shorthand. Those of us in the world of cybersecurity are no exception as we frequently toss around acronyms and abbreviations, but how can we cybersecurity professionals communicate all of this crucial ingrained knowledge to peop…
…
continue reading
1
Discovering Router Vulnerabilities with Anomaly Detection
32:23
32:23
Play later
Play later
Lists
Like
Liked
32:23
Ready for a riddle? What do 40 hypothetical high school students and our guest on this episode have in common? Why they can help you understand complex cyber-attack methodology, of course! In this episode of Security Unlocked, hosts Nic Fillingham and Natalia Godyla are brought back to school by Principal Security Researcher, Jonathan Bar Or who di…
…
continue reading
There used to be a time when our appliances didn’t talk back to us, but it seems like nowadays everything in our home is getting smarter. Smart watches, smart appliances, smart lights - smart everything! This connectivity to the internet is what we call the Internet of Things (IoT). It’s becoming increasingly common for our everyday items to be “sm…
…
continue reading
Is it just me, or do you also miss the good ole days of fraudulent activity? You remember the kind I’m talking about, the emails from princes around the world asking for just a couple hundred dollars to help them unfreeze or retrieve their massive fortune which they would share with you. Attacks have grown more nuanced, complex, and invasive since …
…
continue reading
How does that old saying go? Keep your friends close and keep your understanding of a threat actor’s underlying behavior and functionality of tradecraft closer? As new tools are developed and implemented for individuals and businesses to protect themselves, wouldn’t it be great to see how they hold up against different attacks without actually havi…
…
continue reading
We’ve all had a family dinner, Netflix binge, or otherwise relaxing moment ruined by a telemarketer trying to sell you something you didn't need – a magazine subscription, insurance, you name it! But recently, people have been getting calls that are much more sinister in nature; people claiming to be employees of Microsoft, or Apple, or Amazon, hav…
…
continue reading
1
A Day in the Life of a Microsoft Principal Architect
34:17
34:17
Play later
Play later
Lists
Like
Liked
34:17
We’re formally sending out a petition to change the phrase “Jack of all trades” to “Hyrum of all trades” in honor of this episode’s guest, Hyrum Anderson. In this episode, hosts Natalia Godyla and Nic Fillingham sit down with Hyrum Anderson who, when he’s not fulfilling his duties as the Principal Architect of the Azure Trustworthy ML group, spends…
…
continue reading
It’s an all out offensive on today’s episode while we talk about how the best defense is a good offense. But before we plan our attack, we need to know our vulnerabilities, and that’s where our guest comes in. On this episode, hosts Nic Fillingham and Natalia Godyla are joined by Will Pearce, who discusses his role as AI Red Team Lead from the Azur…
…
continue reading
1
Pearls of Wisdom in the Security Signals Report
30:21
30:21
Play later
Play later
Lists
Like
Liked
30:21
It’s our 30th episode! And in keeping with the traditional anniversary gift guide, the 30th anniversary means a gift of pearls. So from us to you, dear listener, we’ve got an episode with some pearls of wisdom! On today’s episode, hosts Nic Fillingham and Natalia Godyla bring back returning champion, Nazmus Sakib, to take us through the new Securit…
…
continue reading
1
Securing Hybrid Work: Venki Krishnababu, lululemon
32:10
32:10
Play later
Play later
Lists
Like
Liked
32:10
On this week’s Security Unlocked we’re featuring for the second and final time, a special crossover episode of our sister-podcast, Security Unlocked: CISO Series with Bret Arsenault. Lululemon has been on the forefront of athleisure wear since its founding in 1998, but while many of its customers look at it exclusively as a fashion brand, at a deep…
…
continue reading
Threat actors are pesky and, once again, they’re up to no good. A new methodology has schemers compromising online forms where users submit their information like their names, email addresses, and, depending on the type of site, some queries relating to their life. This new method indicates that the attackers have figured out a way around the CAPTC…
…
continue reading
On this week’s Security Unlocked, we’re pulling a bait and switch! Instead of our regularly scheduled programming, we’re going to be featuring the first episode of our new podcast, Security Unlocked: CISO Series with Bret Arsenault. Each episode is going to feature Microsoft’s CISO Bret Arsenault sitting down with other top techies in Microsoft and…
…
continue reading
Remember the good ole days when we spent youthful hours playing hide and seek with our friends in the park? Well it turns out that game of hide and seek isn’t just for humans anymore. Researchers have begun putting A.I. to the test by having it play this favorite childhood game over and over and having the software optimize its strategies through a…
…
continue reading
1
Knowing Your Enemy: Anticipating Attackers’ Next Moves
39:54
39:54
Play later
Play later
Lists
Like
Liked
39:54
Anyone who’s ever watched boxing knows that great reflexes can be the difference between a championship belt and a black eye. The flexing of an opponent’s shoulder, the pivot of their hip - a good boxer will know enough not only to predict and avoid the incoming upper-cut, but will know how to turn the attack back on their opponent. Microsoft’s new…
…
continue reading
All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers. In our third episode discussing Ensuring Firmw…
…
continue reading
Throughout the course of this podcast series, we’ve had an abundance of great conversations with our colleagues at Microsoft about how they’re working to better protect companies and individuals from cyber-attacks, but today we take a look at a different source of malfeasance: the insider threat. Now that most people are working remotely and have a…
…
continue reading
How many languages do you speak? The average person only speaks one or two languages, and for most people that’s plenty because even as communities are becoming more global, languages are still very much tied to geographic boundaries. But what happens when you go on the internet where those regions don’t exist the same way they do in real life? Bec…
…
continue reading
For Women’s History Month, we wanted to share the stories of just a few of the amazing women who make Microsoft the powerhouse that it is. To wrap up the month, we speak with Valecia Maclin, brilliant General Engineering Manager of Customer Security & Trust, about the human element of cybersecurity. In discussion with hosts Nic Fillingham and Natal…
…
continue reading
Every day there are literally billions of authentications across Microsoft – whether it’s someone checking their email, logging onto their Xbox, or hopping into a Teams call – and while there are tools like Multi-Factor Authentication in place to ensure the person behind the keyboard is the actual owner of the account, cyber-criminals can still man…
…
continue reading
1
Re: Tracking Attacker Email Infrastructure
39:07
39:07
Play later
Play later
Lists
Like
Liked
39:07
If you use email, there is a good chance you’re familiar with email scams. Who hasn’t gotten a shady chain letter or suspicious offer in their inbox? Cybercriminals have been using email to spread malware for decades and today’s methods are more sophisticated than ever. In order to stop these attacks from ever hitting our inboxes in the first place…
…
continue reading
Today is International Women’s Day, and we are celebrating with a very special episode of Security Unlocked. Hosts Nic Fillingham and Natalia Godyla revisit their favorite interviews with some of the prominent women featured previously on the podcast. We speak with Holly Stewart, a Principal Research Lead at Microsoft and known in the Defender orga…
…
continue reading
1
Digital Crimes Investigates: Counterfeit Tales
34:32
34:32
Play later
Play later
Lists
Like
Liked
34:32
Digital crime-fighter Donal Keating revisits the podcast, but this time… it’s personal. *cue dramatic crime-fighting music* The Director of Innovation and Research of the Digital Crimes Unit (DCU) at Microsoft joins hosts Nic Fillingham and Natalia Godyla to regale us with the origin story of the DCU and his captivating career exploits. Whether it’…
…
continue reading
Most people know the age-old adage, “Don’t judge a book by its cover.” I can still see my grandmother wagging her finger at me when I was younger as she said it. But what if it's not the book cover we’re judging, but the title? And what if it’s not a book we’re analyzing, but instead a security bug? The times have changed, and age-old adages don’t …
…
continue reading
1
Enterprise Resiliency: Breakfast of Champions
45:43
45:43
Play later
Play later
Lists
Like
Liked
45:43
Prior to the pandemic, workdays used to look a whole lot different. If you had a break, you could take a walk to stretch your legs, shake the hands of your co-workers, or get some 1-on-1 face time with the boss. Ahh... those were the days. That close contact we once had is now something that many of us yearn for as we’ve had to abruptly lift and sh…
…
continue reading
1
Pluton: The New Bedrock for Device Security
48:12
48:12
Play later
Play later
Lists
Like
Liked
48:12
Close your eyes, and imagine a world where booting up your computer wasn’t a susceptibility point for attacks. Imagine a Root of Trust that’s integrated into the CPU. Imagine all of your devices being protected against advanced attacks. Now, what if I told you there’s a cutting-edge processor that’s battle-tested for hardware penetrations, easy to …
…
continue reading
1
BEC: Homoglyphs, Drop Accounts, and CEO Fraud
45:41
45:41
Play later
Play later
Lists
Like
Liked
45:41
CCI: Cyber Crime Investigation. Another day, another email attack - something smells “phishy” in the network. *Slowly puts on sunglasses and flips up trench coat collar* Time to go to work. Just how easy is it for someone to steal your credentials? Because once they’re stolen, and sold for pocket change, it’s open season. Homoglyphs, drop accounts,…
…
continue reading
Special Edition! We’ve been told for years how important passwords are, taught how to make them stronger and longer and better, and we frantically tear up our home or office when we can’t find that sticky note where we wrote them down. Life feels like it comes to a screeching halt when we’ve lost our passwords, but… what would life be like if we di…
…
continue reading
1
Under the Hood: Ensuring Firmware Integrity
47:25
47:25
Play later
Play later
Lists
Like
Liked
47:25
How do we ensure firmware integrity and security? Join hosts Nic Fillingham and Natalia Godyla and guest Nazmus Sakib, a Principal Lead Program Manager at Microsoft, to dive deeper and assess the complexities and challenges that come along with securing firmware - bootstraps and all! Megamind Bhavna Soman, a Senior Security Research Lead, joins us …
…
continue reading
Watchdogs in tow, hosts Nic Fillingham and Natalia Godyla are joined by guest Randy Treit, Principal Security Leader at Microsoft, to examine the process of identifying the source of a threat and stopping the spread by protecting “patient zero.” Randy has a few key tricks up his sleeve as a defender, but you can decide if they’re more impressive th…
…
continue reading
Yeehaw! “Data Cowboy” is in the building. Join us as Nic Fillingham and Natalia Godyla sit down with Ram Shankar Siva Kumar, aka “Data Cowboy” at Microsoft, for an exciting conversation about the release of a new adversarial ML threat matrix created for security analysts. Have no fear, we made sure to find out how Ram acquired the name, “Data Cowbo…
…
continue reading
