Phishing email cyber-attacks have to be the most common cyber-attack directed at any organisation. Most are trying to get the victim to reveal their credentials, often for Microsoft 365. Every week I spend time with clients discussing or investigating phishing emails and helping them put systems in place to help …
Defence in Depth
One of the things that came out of the conference I attended on Tuesday in London, was defence in depth, combatting the ways in which the threat actors have expanded their attack vectors and tactics to evade various modern technical and human defences. The message we should all take from …
Have you ever heard of a ZPAQ file?
I hadn’t, but the threat actors are now using ZPAQ files to distribute malware. A ZPAQ file is an archive file, like .ZIP and .RAR, it is open source and is used on a command line – so not something the average office-based user would need to know about or …
LinkedIn Phishing
LinkedIn is extremely popular among business professionals and is a perfectly acceptable social media platform to use and interact with, whilst you are at work. It is designed for just that. So make sure you and your team understand how the platform can easily be abused to steal your credentials. …
You cannot see a zero-point font…
The old trick of using a zero-point font in a document to conceal information you do not want to be readily detected by the reader, is being exploited again in a new way. This time it is being used to show Outlook emails as having been safely scanned when in …