Cybersecurity Starts in the Boardroom
I have written about this Microsoft Word vulnerability earlier this week: New attack using Microsoft Office documents – could you or your team recognise it? – Smart Thinking Solutions There is still not patch – but Microsoft has issued some mitigation guidance: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability …
Continue reading “Microsoft guidance for Office zero-day vulnerability – Follina”
I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …
I just realised I am waiting for “crypto doughnuts”! We recently sat in on a meeting where a security expert suggested to our client, that they move from Microsoft 365 for Business to E5, as they would benefit from the added cyber security features of the enterprise grade Microsoft 365. …
Continue reading “Life imitates art! “crypto muggings” and proportionality”
Here is yet another email attachment, examined by Xme, at SANS Internet Storm and for you to look out for: XLSB Files: Because Binary is Stealthier Than XML – Sans Internet Storm Centre For phishing attacks to succeed the hackers need to exploit your trust – for them to fail …
I am frequently asked what I think of DropBox or other method for organisations to share files across the internet with other organisations, often after I have been speaking about Microsoft 365, OneDrive and SharePoint. Possibly after I have mentioned that these services that have, authentication, authorisation and accountability (AAA) …
