Authentication, Authorisation and Accountability (AAA) and The Principle of Least Privilege (PoLP) come together in this primer to give you a basic understanding of the importance of knowing who is accessing your information and how much they can access. Another important idea covered here is what happens when something goes …
SharePoint – More pain for Microsoft but we still have a free gift for you…
It is never a good cyber security story, when I read there is a security issue with SharePoint – I have written many cyber security plans that depend on the integrity of Microsoft and SharePoint. New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com) Audit logs are a …
Continue reading “SharePoint – More pain for Microsoft but we still have a free gift for you…”
More pain for Microsoft and something free for you
Hot on the heels of “New Outlook – Surveillance in the name of profit” comes a report from the US Government’s Homeland Security on how Microsoft handled the 2023 Exchange Online cyber attack. Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (bleepingcomputer.com) Whatever Microsoft says about …
Continue reading “More pain for Microsoft and something free for you”
It is a month to our webinar…
We are privileged to have John O’Mahony, one of the keynote speakers from the Connect London 2023 conference, coming to speak to us, our clients and guests about how smaller organisations can now access corporate level 24/7 continuous cyber security – for a surprisingly low cost per head. John is …
What the “Principle of Least Privilege” does for you? (pt. 1)
This article follows on from last week’s Why the “Principle of Least Privilege” works and something for free…. If you want the something for free, then you had better read that article first! Let’s start with a simple definition. The Principle of Least Privilege (PoLP) is a fundamental concept in …
Continue reading “What the “Principle of Least Privilege” does for you? (pt. 1)”
Why the “Principle of Least Privilege” works and something for free…
The Principle of Least Privilege (PoLP) is a fundamental concept in cybersecurity. It ensures that users are granted only the minimum necessary access rights required to perform their job functions. This principle is one I always enforce in cyber security as it is a powerful way of defending the most …
Continue reading “Why the “Principle of Least Privilege” works and something for free…”
“View Document”
Sometimes a cyber-attack is something as easy as adding a button saying “view document” when whale phishing senior people in an organisation. Ongoing Microsoft Azure account hijacking campaign targets executives (bleepingcomputer.com) Your takeaway When was the last time you audited the credentials and associated authorisations of those credentials? If you …