Why the “Principle of Least Privilege” works and something for free…

“Principle of Least Privilege”

The Principle of Least Privilege (PoLP) is a fundamental concept in cybersecurity. It ensures that users are granted only the minimum necessary access rights required to perform their job functions. This principle is one I always enforce in cyber security as it is a powerful way of defending the most …

The Threat Actors will abuse any service for their own ends

Researchers are warning that threat actors are abusing the Google Cloud Run – an application and website development and management service – to distribute banking trojans on an industrial scale: Hackers abuse Google Cloud Run in massive banking trojan campaign (bleepingcomputer.com) Your takeaway Any applications or software you have written …

“View Document”

Credentials and AAA

Sometimes a cyber-attack is something as easy as adding a button saying “view document” when whale phishing senior people in an organisation. Ongoing Microsoft Azure account hijacking campaign targets executives (bleepingcomputer.com) Your takeaway When was the last time you audited the credentials and associated authorisations of those credentials? If you …