Authentication, Authorisation and Accountability (AAA) and The Principle of Least Privilege (PoLP) come together in this primer to give you a basic understanding of the importance of knowing who is accessing your information and how much they can access. Another important idea covered here is what happens when something goes …
What the “Principle of Least Privilege” does for you? (pt. 1)
This article follows on from last week’s Why the “Principle of Least Privilege” works and something for free…. If you want the something for free, then you had better read that article first! Let’s start with a simple definition. The Principle of Least Privilege (PoLP) is a fundamental concept in …
Continue reading “What the “Principle of Least Privilege” does for you? (pt. 1)”
Devices and Cyber Security – A Primer
I have written a number of articles over the past few weeks about how organisations need to be thinking about theirs’s and their employee’s devices and cyber security. Device Security (Pt. 1) Device Security (Pt. 2) Device Security Just One More Thing… When hardware reaches EOL – Device Security These …
Why the “Principle of Least Privilege” works and something for free…
The Principle of Least Privilege (PoLP) is a fundamental concept in cybersecurity. It ensures that users are granted only the minimum necessary access rights required to perform their job functions. This principle is one I always enforce in cyber security as it is a powerful way of defending the most …
Continue reading “Why the “Principle of Least Privilege” works and something for free…”
The Threat Actors will abuse any service for their own ends
Researchers are warning that threat actors are abusing the Google Cloud Run – an application and website development and management service – to distribute banking trojans on an industrial scale: Hackers abuse Google Cloud Run in massive banking trojan campaign (bleepingcomputer.com) Your takeaway Any applications or software you have written …
Continue reading “The Threat Actors will abuse any service for their own ends”
“View Document”
Sometimes a cyber-attack is something as easy as adding a button saying “view document” when whale phishing senior people in an organisation. Ongoing Microsoft Azure account hijacking campaign targets executives (bleepingcomputer.com) Your takeaway When was the last time you audited the credentials and associated authorisations of those credentials? If you …
Credentials – A Primer
Today I am going to look at why credentials are so important in cyber security? Credentials for identity The management of credentials across your organisation for all services is an important impact of your cyber security, whether it is someone using the global administrator account as their “daily driver” work …