Cybersecurity Starts in the Boardroom
I have written about one of the possible malicious uses of stolen credentials over on CyberAwake and I explain why if one of your team reuses a compromised password your organisation could be at risk. Read on here.
Even though there are warnings all over the internet about the risks of reusing passwords and the ease that threat actors can run credential stuffing attacks to exploit this negligent behaviour – people still reuse passwords: DraftKings denies platform breach, says about $300,000 stolen from compromised accounts – The Record …
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
This research by Okta highlights the issue of users recycling passwords: Okta: Credential stuffing accounts for 34% of all login attempts (bleepingcomputer.com) There were more login attempts by threat actors than legitimate ones! They were just trying out passwords to see if someone was stupid, (sorry if you do not …
I have a friend from the MSc course, who is a teacher here in the UK, and he is often caught by the schools very high security stance, when he is trying to teach cyber security to his students. Many of the legitimate sites and resources he wants access to …
