Phishing email cyber-attacks have to be the most common cyber-attack directed at any organisation. Most are trying to get the victim to reveal their credentials, often for Microsoft 365. Every week I spend time with clients discussing or investigating phishing emails and helping them put systems in place to help …
Defence in Depth
One of the things that came out of the conference I attended on Tuesday in London, was defence in depth, combatting the ways in which the threat actors have expanded their attack vectors and tactics to evade various modern technical and human defences. The message we should all take from …
Have you ever heard of a ZPAQ file?
I hadn’t, but the threat actors are now using ZPAQ files to distribute malware. A ZPAQ file is an archive file, like .ZIP and .RAR, it is open source and is used on a command line – so not something the average office-based user would need to know about or …
I am out of the office…
I am out of the office this week and that is why I am going to reproduce an article here, that I wrote last year for CyberAwake about the “Out-of-Office” automatic reply. The Out-of-Office Email and How it Compromises Your Organisation’s Cyber Security Before heading out on our leave, we …
CISA Round-up
I am back in the office this week so let’s get a round-up of the security advisories issued by The US government Cybersecurity and Infrastructure Security Agency (CISA), one of my trusted sources for information about cyber security vulnerabilities. Oracle Releases October 2023 Critical Patch Update Advisory | CISA Fortinet …