Cybersecurity Starts in the Boardroom
Today there is an excellent illustration of how a phishing attack works on SANS Internet Storm. It is complete with the offer of something the victim wants and then simply steals the Microsoft credentials the victim supplies – all because of a well-crafted spam email. Credential Harvesting with Telegram API …
This post was first published on 31 August 2022 Update 5 October 2022 The cost of this attack – to the local taxpayer – is now predicted to be £1m. Russia-linked cyber attack could cost Gloucester City Council £1m – BBC News “Every time I ask the question about the …
Continue reading “This cyber attack has still not been fixed… UPDATE”
It appears the mitigation that Microsoft has published for the vulnerabilities CVE-2022-41040 and CVE-2022-41082 is not enough: Microsoft Exchange server zero-day mitigation can be bypassed (bleepingcomputer.com) These vulnerabilities are being actively exploited and now the steps put in place to defend against the issue can be bypassed and others are …
Continue reading “In-house Microsoft Exchange zero-day attack mitigation is not enough”
The Canadian based Citizen Lab has released a report about the use of the Pegasus spyware in Mexico: New Pegasus Spyware Abuses Identified in Mexico – The Citizen Lab Each time one of these well researched reports is published it seems to make the claims that these cyber weapon producing …
I have highlighted many scams that attempt to take advantage of the victims of tragedies or exploit those who wish to help – and Hurricane Ian is no exception. Here is the advice from CISA: Hurricane-Related Scams | CISA Only donate through recognised charity web sites not via emails or …
