I have written an article over on CyberAwake, (our online cyber security training site), looking at triple A. Why you should care about the TLA AAA! – CyberAwake
Pass the cookie attack – but you still need to use MFA and have these extra steps in place
We cannot emphasise how important multi-factor authentication is to your cyber security – however, of course, the threat actors do have ways around it: Cookie stealing: the new perimeter bypass – Sophos News The threat is malware getting into your system and stealing session cookies that are associated with the …
I have told everyone to use MFA so I do not need to think about more cyber security! UPDATED 14 July 2022
This post was original published on 27 June 2022 Update 14 July 2022 Here is an article from the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team outlining how the big phishing campaigns backed by experienced and skilled hackers can bypass the security of multi-factor authentication: …
CISA joint advisory on access control. Are you still missing MFA?
The US Cybersecurity and Infrastructure Security Agency has issued a joint advisory with the cyber security organisations from the UK, New Zealand, Netherlands and Canada listing ten regularly exploited weak security controls, poor configurations, and bad practices that allow threat actors to compromise networks. Here is the article: Weak Security …
Continue reading “CISA joint advisory on access control. Are you still missing MFA?”
Passwordlessness
Following my article on Monday here on Smart Thinking: The Guardian has a feature on on going passwordless which is worth reading: TechScape: Apple, Google and Microsoft are about to make passwords a thing of the past | Technology | The Guardian The effectiveness of “passwordlessness” (I just made that …