Cybersecurity Starts in the Boardroom
PuTTY, KiTTY and Sumatra PDF Reader – I did my due diligence before installing these – and now they have been targeted by ZINC, a state-sponsored group operating out of North Korea. ZINC weaponizing open-source software – Microsoft Security Blog Before writing this blog post I had checked my system …
Continue reading “Here is some of the open-source software I use – and it has all been targeted!”
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
One of the key points we cover in our online and real-world cyber security awareness training is that threat actors will exploit human trust and fears. So phishing messages will contain: a threat – your tax bill is overdue see the fine here something nice – we over charged your …
Continue reading “Threat actors promise you something that is too good to be true…”
Here is an article from last week that is an in depth look at the Vice Society hacking gang’s operations. It was issued by the following US government agencies; the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center …
The Microsoft Security Blog is reporting on a flaw discovered in the Android TikTok app that would potentially allow threat actors to take over the user’s account with them clicking on a malicious link. Vulnerability in TikTok Android app could lead to one-click account hijacking – Microsoft Security Blog Remember …
Continue reading “One click account vulnerability in the TikTok Android app”
