The CyberCall Podcast
The Voice of Cybersecurity for MSPs & MSSPs!
The CyberCall is the weekly podcast where cybersecurity meets business reality. Hosted by Andrew Morgan, Founder of Right of Boom, this is the go-to show for Managed Service Providers (MSPs), virtual CISOs (vCISOs), and IT leaders navigating the complex world of cyber risk, compliance, and AI.
Each episode features raw, practical conversations with the sharpest minds in cybersecurity—from operators in the trenches to CISOs, researchers, policymakers, and toolmakers shaping the future. If you care about protecting your clients, growing your practice, and becoming the security partner businesses trust—this podcast is your playbook.
Co hosts: Phyllis Lee, VP of Content at CIS & Gary Pica, President of TruMethods
The CyberCall Podcast
Inside the Credential Spray Hitting Microsoft 365
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
This week we're digging into a Huntress report that came out on June 30th, updated just a couple days ago on July 2nd a large-scale password spray campaign that hit Microsoft 365 environments through Azure CLI. Between June 12th and June 26th, Huntress tracked more than 81 million login attempts, leading to at least 78 compromised accounts across 64 organizations.
What makes this one worth a full conversation isn't just the volume it's that a lot of the businesses hit already had Conditional Access policies and MFA in place. The attackers got in anyway, by using a deprecated OAuth flow called ROPC that quietly sidesteps MFA if your policy isn't scoped correctly. So this is really a story about the gap between "MFA is turned on" and "MFA is actually enforced everywhere it needs to be."
Andrew “Spike” Brandt, Principal Threat Intelligence, Incident Commander at Huntress, sat down with us to unpack what happened, why it worked, and what to actually go check in your own client environments this week.