The reuse of password by users is still probably the most common cyber security mistake organisations and individuals make – making a credential stuffing attacks profitable for threat actors. Once a threat actor has gathered their lists of credentials then they – or rather their automated tools will attempt to …
Let’s talk about passwords again. Complex is king.
Passwords are still an important part of everyone’s cybersecurity, whilst we wait for the passwordless society to come round. Here is a weekend read from Bleeping Computers looking at password strength: Cyber Awake | Train Your Team To Protect Against Cyber Attacks(opens in a new tab) The Benefits of Making …
Continue reading “Let’s talk about passwords again. Complex is king.”
Do you have a password on your VNC server? 9000 users didn’t.
We have clients who use the popular VNC (Virtual Network Computing) service to access computers – all of them implement our security policy. Do you have a security policy that covers this type of software and access? Over 9,000 VNC servers exposed online without a password (bleepingcomputer.com)
Brute force attacks on Window 11
Disabling risky services for any OS or software “out-of-the-box” is always a good idea. If you need it, then you or your system administrators can enable it. A brute force attack is where a threat actor – or normally a threat actor computer – will try a range of different …
This is a technology exercise in when everything goes wrong!
I was put onto this blog post via Bruce Schneier’s blog. I’ve locked myself out of my digital life – Terence Eden’s Blog (shkspr.mobi) This is why role play and thinking about your operation, is a vital part of creating a cyber security plan that is resilient and provides for …
Continue reading “This is a technology exercise in when everything goes wrong!”
