This original post was made on 23 August 2022 Update 21 October 2022 There has been another “mis-configuration story this week – Microsoft exposed thousands of client records when they mis-configured a server. Following a report in the summer of patient information leaking from a health care company because of …
My latest article on our training website CyberAwake.co.uk
Yesterday CyberAwake published my article looking at how snippets of information can leak out of a company and aid a threat actor:
If there is way for threat actors to abuse legitimate tools, of course they do it!
Google’s Tag Manager (GTM) is a system for managing HTML and Javascript analytic tags on website, especially ecommerce sites. A report by The Recorded Future has found that threat actors have been installing malicious e-skimmers scripts that can steal customer card data and other personally identifiable information exploiting GTM. Google …
Do you use FishPig ecommerce software? You don’t know. Then check now because it may have been compromised.
This is a classic supply chain attack. UK based FishPig, seller of Magento WordPress integrations, ecommerce software has discovered that its distribution server had been compromised, which allowed threat actors backdoor access to the customer’s systems. The ecommerce software is believed to be used by more than 200,000 websites. Breach …
Microsoft 365 credentials stolen through redirects
Threat actors abused open redirects on the Snapchat and American Express websites to steal credentials for Microsoft 365 accounts. URL Redirection to Untrusted Site (‘Open Redirect’) (mitre.org) Get some training sop this does not happen to you, or worse, your team. Cyber Awake | Train Your Team To Protect Against …
Continue reading “Microsoft 365 credentials stolen through redirects”