The old trick of using a zero-point font in a document to conceal information you do not want to be readily detected by the reader, is being exploited again in a new way. This time it is being used to show Outlook emails as having been safely scanned when in …
Known Exploited Vulnerabilities
Keeping track of the software and hardware you use, that then are discovered to have security flaws in them is important, especially if those flaws are being exploited by threat actors. The quicker you or the people responsible for your cyber security know there are issues, the quicker any available …
Ransomware is back in the news
Ransomware is probably the most serious cyber security threat any organisation has to deal with. The threat actors are relentless with their efforts to infect both targeted victims and victims of opportunity. The usual ways in are a phishing email or infected webpage, with a convincing social engineering message. Here …
The US government Cybersecurity and Infrastructure Security Agency security advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) is a trusted source of information on security updates and exploited vulnerabilities. My team use it as one of their go to resources. The latest updates include the other vendors that release updates around the same time as Microsoft’s Patch Tuesday. …
Move away from text- or voice-based multi-factor authentication
Let’s take a look at what good multi-factor authentication is. I am writing a mini-series for CyberAwake about the mistakes users make when choosing a secure password and how hackers can exploit those mistakes, so a quick look at MFA seems like a good idea. What is multi-factor authentication? A …
Continue reading “Move away from text- or voice-based multi-factor authentication”
