Cybersecurity Starts in the Boardroom
I have written a number of articles over the past few weeks about how organisations need to be thinking about theirs’s and their employee’s devices and cyber security. Device Security (Pt. 1) Device Security (Pt. 2) Device Security Just One More Thing… When hardware reaches EOL – Device Security The …
The Principle of Least Privilege (PoLP) is a fundamental concept in cybersecurity. It ensures that users are granted only the minimum necessary access rights required to perform their job functions. This principle is one I always enforce in cyber security as it is a powerful way of defending the most …
Continue reading “Why the “Principle of Least Privilege” works and something for free…”
Researchers are warning that threat actors are abusing the Google Cloud Run – an application and website development and management service – to distribute banking trojans on an industrial scale: Hackers abuse Google Cloud Run in massive banking trojan campaign (bleepingcomputer.com) Your takeaway Any applications or software you have written …
Continue reading “The Threat Actors will abuse any service for their own ends”
Sometimes a cyber-attack is something as easy as adding a button saying “view document” when whale phishing senior people in an organisation. Ongoing Microsoft Azure account hijacking campaign targets executives (bleepingcomputer.com) Your takeaway When was the last time you audited the credentials and associated authorisations of those credentials? If you …
Today I am going to look at why credentials are so important in cyber security? Credentials for identity The management of credentials across your organisation for all services is an important impact of your cyber security, whether it is someone using the global administrator account as their “daily driver” work …
