If Have I Been Pwned have these credentials then you can bet that the threat actors have them as well. Have I Been Pwned adds 71 million emails from Naz.API stolen account list (bleepingcomputer.com) Your takeaway from this It is important you and your team understand the importance of any …
Time to kill off the password…
I have written about “going passwordless” and using passkeys before, but it looks like 2024 is going to be the year of the passkey. Here is an excellent explanation from the BBC – take just two and a half minutes and find out why you and your organisation need to …
Bugged by Phishing Email Attacks
Let’s start the “Wednesday Bit” for 2024 with a tale of phishing emails, but first… I hope you had a Happy Christmas and New Year. Diana and I did. We did take some time off, spent it with family, travelled a bit and paid rather less attention to our email …
Unsolicited MFA prompts
Last Wednesday I published my MFA Primer series and part two looks at this type of cyber attack against multi-factor authentication. In brief when the threat actors have a valid set of credentials they repeatedly try and access the service with them, generating multiple MFA requests to your authenticator app. …
Microsoft takes a stand
This one action is not going to stop cyber-crime, but Microsoft has seized rogue domains in the past and there is no doubt that it has an impact on the threat actor’s illicit infrastructure. Microsoft seizes websites used to sell phony email accounts • The Register Your takeaway from this …
