Cybersecurity Starts in the Boardroom
This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …
The US Cybersecurity and Infrastructure Security Agency has issued a joint advisory with the cyber security organisations from the UK, New Zealand, Netherlands and Canada listing ten regularly exploited weak security controls, poor configurations, and bad practices that allow threat actors to compromise networks. Here is the article: Weak Security …
Continue reading “CISA joint advisory on access control. Are you still missing MFA?”
Following my article on Monday here on Smart Thinking: The Guardian has a feature on on going passwordless which is worth reading: TechScape: Apple, Google and Microsoft are about to make passwords a thing of the past | Technology | The Guardian The effectiveness of “passwordlessness” (I just made that …
GitHub is a valuable resource to software developers and so it is a key tool being used in many software supply chains. And we now know how vulnerable we all are to software supply chain hacking – look at this example. So my response when I saw this was the …
Continue reading “GitHub to require 2FA for all users by end of 2023!”
We are always insisting that our clients always use multi-factor authentication (MFA) for absolutely every service they use. It is a prerequisite of any client we manage Microsoft 365 for that MFA is activated and enforced for everyone of their users. However, of course, there are ways that hackers exploit …
