The original post was published on 16 September 2022 This is a real problem, no software or system should keep any security token in plain text, any time during operation. The user base for Microsoft Teams is in excess of 270 million users – we are part of that number …
Credential stuffing attacks
This research by Okta highlights the issue of users recycling passwords: Okta: Credential stuffing accounts for 34% of all login attempts (bleepingcomputer.com) There were more login attempts by threat actors than legitimate ones! They were just trying out passwords to see if someone was stupid, (sorry if you do not …
If there is way for threat actors to abuse legitimate tools, of course they do it! No, it is not deja vu!
The headline equally applies to the abuse of LinkedIn Smart Links: LinkedIn Smart Links abused in evasive email phishing attacks (bleepingcomputer.com) This is a feature in the LinkedIn Sales Navigator and Enterprise versions and allows packages of documents to be sent out and the metrics for the documents can be …
Be careful of security theatre and user security fatigue
Would your Global Administrator account security up to our standard? Protecting credentials is an important step in any cyber security plan. One of the first things we always do when taking on a cyber security client, before we even embark on the fact finding and documentation, is make sure everyone …
Continue reading “Be careful of security theatre and user security fatigue”
American Airlines data breach due to employee email accounts being compromised
American Airlines had to write to customers to explain that personal data had been stolen through a cyber-attack – although they did state in the letter that there was no evidence of that personal data having been misused! I would like to see their evidence of that, because I think …
Continue reading “American Airlines data breach due to employee email accounts being compromised”
