I am in the middle of another IT and Cyber Security audit for an organisation and as part of that report I have been asked to look at their SharePoint configuration. IT was set up in rush during the first lockdown and the board and CEO are not sure about …
The US government Cybersecurity and Infrastructure Security Agency security advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) is a trusted source of information on security updates and exploited vulnerabilities. My team use it as one of their go to resources. The latest updates include the other vendors that release updates around the same time as Microsoft’s Patch Tuesday. …
Microsoft Patch Tuesday
As promised – a reminder of Microsoft’s Patch Tuesday… This morning, our support team have been reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. They will keep an eye on the reports all day to check there are no …
Take care with unsolicited Teams files
A series of phishing attacks are being run using infected .zip files distributed via Microsoft Teams: Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com) The zip file says it is a vacation schedule – but it is not really. A quick look at the article will show you how convincing …
Are You patched yet?
Following on from yesterdays article about using obsolete kit – almost as bad is using kit that has not been patched. There is a good reason that many of my articles here on Smart Thinking are about patches and updates, it is the most powerful cyber security step you can …
Is the UN Cyber-crime Treaty a Good Thing?
You would think yes. An international treaty to combat cyber-crime getting the signatory countries to pull together to combat cross border malicious cyber activity. But then the politicians and the special interest groups got involved and now it could end up being a completely different tool. See what Amy Hogan-Burney, …
Continue reading “Is the UN Cyber-crime Treaty a Good Thing?”
Catching up with the CISA Security Advisories
Whilst I have been away my team have been keeping up with security advisories that have impacted our clients. The vendors are the primary sources for my team but they also use the US government Cybersecurity and Infrastructure Security Agency (CISA) alerts and the Known Exploited Vulnerabilities Catalog. Let’s catch …
Continue reading “Catching up with the CISA Security Advisories”
