Cybersecurity Starts in the Boardroom
Fast Company an American magazine was hacked and abusive articles added to its news feeds, resulting in this material getting a wider audience through syndication on the Apple News app. The Apple News channel was quickly disabled and Fast Company took its site down pending a fix but the damage was …
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
The original post was published on 16 September 2022 This is a real problem, no software or system should keep any security token in plain text, any time during operation. The user base for Microsoft Teams is in excess of 270 million users – we are part of that number …
Would your Global Administrator account security up to our standard? Protecting credentials is an important step in any cyber security plan. One of the first things we always do when taking on a cyber security client, before we even embark on the fact finding and documentation, is make sure everyone …
Continue reading “Be careful of security theatre and user security fatigue”
There have been several high profile ransomware attacks this week – and small ones that do not make the news. Ransomware attack knocked a Kentucky city-operated ISP offline before holiday – The Record by Recorded Future Lorenz ransomware breaches corporate network via phone systems (bleepingcomputer.com) Ransomware gang threatens 1m-plus medical …
