How To Attack Office 365 and MFA
Demo video. Trick a user into entering creds into our fake O365 login page with MFA.
Author: John Boulanger
Fake Email and Deepfakes
SPF, DKIM, and DMARC: Essential Explanations Everyone wants a magic bullet to mitigate the risk of email spoofing, as well as advice from security professionals on how to configure systems to prevent their domains being used as the source of fake emails. Security professionals know you can never remove all risk, but you can reduce […]
PCI DSS 4.0 Release Date: Late 2020
Six specific areas that may change with the credit card data security standards. The areas will focus on security, customized implementation, authentication, encryption, monitoring, and critical control testing methods. PCI DSS 4.0 release date is projected for November 2020 or moved back into 2021. The standards from version 3 have remained fundamentally unchanged over 10 […]
Features of Office365 Advanced Threat Protection
Microsoft 365 cloud platform provides special protection solutions within the Microsoft 365 suite that can be used to protect your data against threats. Today’s cybersecurity landscape is changing to remote and threats are changing daily. It’s important to know what tools are out there to protect your organization. In recent months, organizations have been forced […]
Office 365 How Malicious actors are using your account to scam others
The problem is certainly getting worse and some security awareness training can help, but individuals feel safe within Office 365. But Microsoft doesn’t protect everything. They operate under a model of “shared responsibility” – this means they’re responsible for securing some things, and the customer is responsible for securing some things. Office 365 is a […]
The Employee Awareness iPhone attacks
There are more than 2 billion smartphones around the globe, making mobile devices a rich target I was at the Hacker Halted Conference in Atlanta, GA this year. One touch point sounded in every event fromthe keynote to session speakers “social engineering”. The topic socialengineering is one of the main attack vectors into a company […]
GDPR in the Cloud can CASB work for you
Everyone is looking at GDPR compliance, but what if you process data through cloud services. Companies using cloud services such as Salesforce and Dropbox have to ensure that the data practices at each of them are compliant with GDPR. GDPR data subjects need to be well-informed about the use of their data and trust that […]
The Biggest Obstacles to Multicloud Deployments
As cloud adoption rates have increased and cloud models for enterprise IT mature, multicloud deployments have become more and more popular. They happen for a variety of reasons: some cloud platforms are better suited for specific applications, others may have security or compliance measures that are necessary. They might be located in different physical sites, […]
8 Security Practices You Need in Your Employee Training
This might be hard to believe, but it is true: 59 percent of data breaches are happening not because of some smart hacker who wants to do harm to your company but because of your own employees. In order to stop these incidents, you have to focus on two things (other than investing in new technology): set […]
Cyber Insurance – A Guide: To Buy or Not to Buy
Cyber insurance: what is it, do I need it, and what does it cost? Those are just some of the questions around cyber insurance. Cyber security is not just technology, but it involves the whole business and how well risks are managed. Today a firm must understand the inherent risk, risk mitigation and residual risk. […]