It has emerged that senior executives at Microsoft had their emails hacked and monitored by Russian threat actors for nearly 2 months. Microsoft network breached through password-spraying by Russian-state hackers | Ars Technica The attack was not sophisticated. The threat actors – Midnight Blizzard – using nothing more than a …
Microsoft raises the security bar
Microsoft is going to automatically deploy a policy for many of it’s customers that will make it mandatory for administrator users to use MFA. Microsoft will roll out MFA-enforcing policies for admin portal access (bleepingcomputer.com) Of course the admins could turn this policy off – but why would they? Watch …
Top Ten Misconfigurations
In several of my most recent IT and Cyber Security Audits I have encountered problems similar to those in this report from the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) – misconfigurations. NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations | CISA …
Let’s start the week with Ransomware
We finished last week with a ransomware story. let’s start this week with another: BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com) This ransomware story has a twist, the prolific BlackCat ransomware gang are ow using stolen Microsoft credentials in custom software to execute their attacks. Your takeaway You …
Microsoft Office under attack… again…
So most organisations use Microsoft Office in some way. Even if it they do not use it, someone will email them a Word or Excel document. You cannot avoid it – even on a Mac or Linux computer. That makes it a juicy target for threat actors – there are …