Keeping track of the software and hardware you use, that then are discovered to have security flaws in them is important, especially if those flaws are being exploited by threat actors. The quicker you or the people responsible for your cyber security know there are issues, the quicker any available …
Let’s start the week with Ransomware
We finished last week with a ransomware story. let’s start this week with another: BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com) This ransomware story has a twist, the prolific BlackCat ransomware gang are ow using stolen Microsoft credentials in custom software to execute their attacks. Your takeaway You …
Ransomware is back in the news
Ransomware is probably the most serious cyber security threat any organisation has to deal with. The threat actors are relentless with their efforts to infect both targeted victims and victims of opportunity. The usual ways in are a phishing email or infected webpage, with a convincing social engineering message. Here …
The US government Cybersecurity and Infrastructure Security Agency security advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) is a trusted source of information on security updates and exploited vulnerabilities. My team use it as one of their go to resources. The latest updates include the other vendors that release updates around the same time as Microsoft’s Patch Tuesday. …
Move away from text- or voice-based multi-factor authentication
Let’s take a look at what good multi-factor authentication is. I am writing a mini-series for CyberAwake about the mistakes users make when choosing a secure password and how hackers can exploit those mistakes, so a quick look at MFA seems like a good idea. What is multi-factor authentication? A …
Continue reading “Move away from text- or voice-based multi-factor authentication”
