Do not be tempted to click on an offered PowerShell fix, for an apparent error in Microsoft Word, OneDrive or Google Chrome – it could be a social engineering trick to get you to install malware to your computer: Fake Google Chrome errors trick you into running malicious PowerShell scripts …
Use MFA
Following Monday’s post about Microsoft stopping basic authentication for personal accounts, in favour of MFA/token based security, here is a reminder why organisations need to enforce MFA: Scathing report on Medibank cyberattack highlights unenforced MFA (bleepingcomputer.com) No excuses, that includes your very busy CEO and Josephine in accounts who has …
Is your ransomware plan to pay the ransom?
Well if it is, that can be expensive in money and reputation – it may even get you into the press, so everyone can see what you did. Panera Bread likely paid a ransom in March ransomware attack (bleepingcomputer.com) In the UK there is also this advice to consider: It …
Continue reading “Is your ransomware plan to pay the ransom?”
Not business cyber security but important…
Microsoft has announced that of 16 September 2024, basic authentication (using an email address + password) will no longer be an option for personal Microsoft accounts, i.e. Outlook.com, Hotmail.co.uk and Live.com. Microsoft: New Outlook security changes coming to personal accounts (bleepingcomputer.com) To access these accounts users will need to set …
Continue reading “Not business cyber security but important…”
Google Pixel Updates
Google has released fifty patches for its Pixel range of Android based phones – some of which fix vulnerabilities that are being actively exploited. Google warns of actively exploited Pixel firmware zero-day (bleepingcomputer.com) As with any cyber security patch, if you have Google Pixel phones handling your organisation’s information, either …
Credentials are King
Threat actors are always looking for good sources of valid (stolen) email and password combinations – and there are many hundreds of millions available to them. 361 million stolen accounts leaked on Telegram added to HIBP (bleepingcomputer.com) Once they have these credentials, the threat actors will be trying them out …
Android devices and cyber security
I have just started an IT and Cyber Security Audit for a client and we have barely started when the issue of mobile phone use has come up – because there are more cyber security risks with Android devices when compared to iOS devices. Over 90 malicious Android apps with …