Use MFA

Following Monday’s post about Microsoft stopping basic authentication for personal accounts, in favour of MFA/token based security, here is a reminder why organisations need to enforce MFA: Scathing report on Medibank cyberattack highlights unenforced MFA (bleepingcomputer.com) No excuses, that includes your very busy CEO and Josephine in accounts who has …

Not business cyber security but important…

Microsoft has announced that of 16 September 2024, basic authentication (using an email address + password) will no longer be an option for personal Microsoft accounts, i.e. Outlook.com, Hotmail.co.uk and Live.com. Microsoft: New Outlook security changes coming to personal accounts (bleepingcomputer.com) To access these accounts users will need to set …

Google Pixel Updates

Google has released fifty patches for its Pixel range of Android based phones – some of which fix vulnerabilities that are being actively exploited. Google warns of actively exploited Pixel firmware zero-day (bleepingcomputer.com) As with any cyber security patch, if you have Google Pixel phones handling your organisation’s information, either …

Credentials are King

Threat actors are always looking for good sources of valid (stolen) email and password combinations – and there are many hundreds of millions available to them. 361 million stolen accounts leaked on Telegram added to HIBP (bleepingcomputer.com) Once they have these credentials, the threat actors will be trying them out …