Cybersecurity Starts in the Boardroom
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
Here is an excellent outline of the latest security features updated or included in the new release of Microsoft Windows 11, by Jeff Burt over on The Register: What you’ll need to use Windows 11 22H2’s security features • The Register
Many office and web based applications, both commercial and bespoke use SQL servers of varying flavours – you or your cyber security consultant should know if your organisation is dependent on a Microsoft SQL server and what actions have been taken to protect it. Here is the threat, ransomware targeting …
Continue reading “Are you SQL servers secure? What, you do not know if you use SQL servers!”
The original post was published on 16 September 2022 This is a real problem, no software or system should keep any security token in plain text, any time during operation. The user base for Microsoft Teams is in excess of 270 million users – we are part of that number …
US Cybersecurity and Infrastructure Security Agency has issued advisories for various security updates: Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager | CISA Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird | CISA
The death of Her Majesty Queen Elizabeth II and the associated ceremonies and period of national mourning will be no exception: Potential phishing activity update – NCSC.GOV.UK The National Cyber Security Centre has issued a warning that the potential for malicious phishing, social engineering and scam cyber-attacks is very high …
Before I start this post – remember you should have Windows updates set to automatic (we do make exceptions for some Windows servers) and you should be able to monitor the update status on all your organisation’s computers. You cannot check whether everyone has updated? Then do something about it …
