CyberAwake | Smart Thinking Solutions

27 September 202228 September 2022

New simple security feature in Windows

The latest release of Windows 11, now includes Enhanced Phishing Protection, which sounds complicated, and I am sure the implementation of it is complex, but the security advantage it offers is obvious and simple. Windows 11 will warn you when you type a password into an insecure website or application. …

Continue reading “New simple security feature in Windows”

26 September 202224 May 2023

Back to the supply chain and software compromise

When a threat actor compromises the coding of software the problems can be widepread – the SolarWinds attack and subsequent distribution of the infected software through legitimate update channels is a classic example. (Ironic but the SolarWinds customers who avoided the attack, were those with a poor cyber security stance …

Continue reading “Back to the supply chain and software compromise”

23 September 202224 September 2022

Microsoft Teams is keeping security tokens in plain text… and more UPDATED 23 September 2022

The original post was published on 16 September 2022 This is a real problem, no software or system should keep any security token in plain text, any time during operation. The user base for Microsoft Teams is in excess of 270 million users – we are part of that number …

Continue reading “Microsoft Teams is keeping security tokens in plain text… and more UPDATED 23 September 2022”

22 September 202222 September 2022

Credential stuffing attacks

This research by Okta highlights the issue of users recycling passwords: Okta: Credential stuffing accounts for 34% of all login attempts (bleepingcomputer.com) There were more login attempts by threat actors than legitimate ones! They were just trying out passwords to see if someone was stupid, (sorry if you do not …

Continue reading “Credential stuffing attacks”

22 September 202221 September 2022

Be careful of security theatre and user security fatigue

Would your Global Administrator account security up to our standard? Protecting credentials is an important step in any cyber security plan. One of the first things we always do when taking on a cyber security client, before we even embark on the fact finding and documentation, is make sure everyone …

Continue reading “Be careful of security theatre and user security fatigue”

21 September 202221 September 2022

Omphaloskepsis?

This is what cyber security can become. Not sure what it means? It means navel gazing – thinking about one thing to the exclusion of the wider picture. So what am I talking about? You have been sold anti-virus and a firewall, you’ve set the updates to automatic and have …

Continue reading “Omphaloskepsis?”

21 September 202221 September 2022

American Airlines data breach due to employee email accounts being compromised

American Airlines had to write to customers to explain that personal data had been stolen through a cyber-attack – although they did state in the letter that there was no evidence of that personal data having been misused! I would like to see their evidence of that, because I think …

Continue reading “American Airlines data breach due to employee email accounts being compromised”

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.