Pass the cookie attack – but you still need to use MFA and have these extra steps in place

We cannot emphasise how important multi-factor authentication is to your cyber security – however, of course, the threat actors do have ways around it: Cookie stealing: the new perimeter bypass – Sophos News The threat is malware getting into your system and stealing session cookies that are associated with the …

I have told everyone to use MFA so I do not need to think about more cyber security! UPDATED 14 July 2022

MFA multi-factor authentication diagram

This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …

I love patches as part of a cyber security plan – but there is a problem!

Patches and Updates

If the patch is not effective or worse it breaks something else whilst fixing the vulnerability. This happened to Microsoft: Microsoft fixes Windows authentication woes • The Register But you still have to run those patches and updates as an unpatched system is a target for threat actors. Better to …

Bedfordshire Council is sorry – well that’s OK then! Advice on CIA, AAA and Policies and Procedures

Here is another example of a data breach at a council. Although breach implies someone broke in and stole the data – as opposed to what happened which was that the Council employees themselves just sent the sensitive information out as part of a Freedom of Information (FOI) request – …