Cybersecurity Starts in the Boardroom
This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …
Microsoft 365 administrators can now set a site wide timeout for users. This can be a benefit to mitigate data leakage from unmanaged machines left logged in. Microsoft 365 now prevents data leaks with new session timeouts (bleepingcomputer.com)
The Raccoon Stealer malware is back with an updated version, with added functionality and capabilities. This malware is offered as malware-as-a-service (mimicking a legitimate business model), enabling less well equipped threat actors to implement sophisticated cyber security attacks. Expect the use of this malware to increase as threat actors, looking for …
This is a phishing attack via Facebook Messenger. Using social engineering and pretending to be be Facebook security staff, it is threat actors attempting to steal Facebook accounts: Messenger chatbots now used to steal Facebook accounts (bleepingcomputer.com)
This is a ransomware encryption attack, that Octagon’s backup solution is designed to mitigate against. The attack exploits the Microsoft 365 versioning feature, when editing a file, saved in SharePoint or OneDrive. Once the threat actors gets into the cloud storage they can execute their attack and start encrypting your …
Continue reading “Microsoft versioning vulnerability – we have the solution”
