AAA | Smart Thinking Solutions

5 October 20225 October 2022

How a phishing attack works

Today there is an excellent illustration of how a phishing attack works on SANS Internet Storm. It is complete with the offer of something the victim wants and then simply steals the Microsoft credentials the victim supplies – all because of a well-crafted spam email. Credential Harvesting with Telegram API …

Continue reading “How a phishing attack works”

30 September 202230 September 2022

Hacking is not just data theft and ransomware – it can be reputation damage. Some advice about your WordPress website and your reputation.

Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …

Continue reading “Hacking is not just data theft and ransomware – it can be reputation damage. Some advice about your WordPress website and your reputation.”

22 September 202221 September 2022

Be careful of security theatre and user security fatigue

Would your Global Administrator account security up to our standard? Protecting credentials is an important step in any cyber security plan. One of the first things we always do when taking on a cyber security client, before we even embark on the fact finding and documentation, is make sure everyone …

Continue reading “Be careful of security theatre and user security fatigue”

16 September 202216 September 2022

Ransomware this week

There have been several high profile ransomware attacks this week – and small ones that do not make the news. Ransomware attack knocked a Kentucky city-operated ISP offline before holiday – The Record by Recorded Future Lorenz ransomware breaches corporate network via phone systems (bleepingcomputer.com) Ransomware gang threatens 1m-plus medical …

Continue reading “Ransomware this week”

7 September 20227 September 2022

Why authentication, authorisation and accountability are cornerstones of your cyber security

authentication authorisation accountability

I have written an article over on CyberAwake, (our online cyber security training site), looking at triple A. Why you should care about the TLA AAA! – CyberAwake

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.