Cybersecurity Starts in the Boardroom
This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …
Hijacking of online accounts is a serious cyber security concern. The unauthorised access by threat actors to everything from Amazon accounts to Zoho accounts all have data breach consequences either for the individual or organisation. (That is why we tell all our clients to make multi-factor authentication (MFA) compulsory for …
If the patch is not effective or worse it breaks something else whilst fixing the vulnerability. This happened to Microsoft: Microsoft fixes Windows authentication woes • The Register But you still have to run those patches and updates as an unpatched system is a target for threat actors. Better to …
Continue reading “I love patches as part of a cyber security plan – but there is a problem!”
Here is another example of a data breach at a council. Although breach implies someone broke in and stole the data – as opposed to what happened which was that the Council employees themselves just sent the sensitive information out as part of a Freedom of Information (FOI) request – …
GitHub is a valuable resource to software developers and so it is a key tool being used in many software supply chains. And we now know how vulnerable we all are to software supply chain hacking – look at this example. So my response when I saw this was the …
Continue reading “GitHub to require 2FA for all users by end of 2023!”
