We cannot emphasise how important multi-factor authentication is to your cyber security – however, of course, the threat actors do have ways around it: Cookie stealing: the new perimeter bypass – Sophos News The threat is malware getting into your system and stealing session cookies that are associated with the …
I have told everyone to use MFA so I do not need to think about more cyber security! UPDATED 14 July 2022
This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …
Here is something new – pre-hijacking!
Hijacking of online accounts is a serious cyber security concern. The unauthorised access by threat actors to everything from Amazon accounts to Zoho accounts all have data breach consequences either for the individual or organisation. (That is why we tell all our clients to make multi-factor authentication (MFA) compulsory for …
I love patches as part of a cyber security plan – but there is a problem!
If the patch is not effective or worse it breaks something else whilst fixing the vulnerability. This happened to Microsoft: Microsoft fixes Windows authentication woes • The Register But you still have to run those patches and updates as an unpatched system is a target for threat actors. Better to …
Continue reading “I love patches as part of a cyber security plan – but there is a problem!”
Bedfordshire Council is sorry – well that’s OK then! Advice on CIA, AAA and Policies and Procedures
Here is another example of a data breach at a council. Although breach implies someone broke in and stole the data – as opposed to what happened which was that the Council employees themselves just sent the sensitive information out as part of a Freedom of Information (FOI) request – …