Social Engineering is real and costs organisations money – get your team trained.

Social Engineering

First let’s get a definition of social engineering: Social engineering is the art of manipulating people to give up confidential information. The types of information compromised can vary, but when organisations are targeted, the criminals are usually trying to trick you into giving them your credentials for secure systems you …

The Principle of Least Privilege and Authentication, Authorisation and Accountability – A Primer

AAA

Authentication, Authorisation and Accountability (AAA) and The Principle of Least Privilege (PoLP) come together in this primer to give you a basic understanding of the importance of knowing who is accessing your information and how much they can access. Another important idea covered here is what happens when something goes …

SharePoint – More pain for Microsoft but we still have a free gift for you…

It is never a good cyber security story, when I read there is a security issue with SharePoint – I have written many cyber security plans that depend on the integrity of Microsoft and SharePoint. New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com) Audit logs are a …

HTML emails

For those of you of a certain age, do you remember when we went from plain text email to rich content html emails? Of course, by rich content I mean some bold and italic text and some images! Here is a new attack using old technology – called Kobold Letters. …