I bumped intothis site (Dresec) latest post is “Phishing with Google calendar” His first sentence is a disclaimer as he does not want other people to use the information to send phishing calendar invites. To him (and me) it is only designed to be a test within our organizations. Here is the sample … Read more
It is September 5th, 2022 and probably as good a time as any to re-evaluate where we are with a general Attack versus Defense analysis: Attackers: Only need to find one problem in defense to overcome and take advantage of to breach a system or network. Once the system is found that can be overtaken … Read more
What is Vishing? Voice phishing, also known as vishing, is the practice of eliciting information or attempting to influence action via the telephone.(from hhs.gov site) Recently, a large U.S. company fell victim to a cyber attack that leveraged sophisticated phishing techniques involving phone calls to gain access to the victim organization. Phishing campaigns continue to … Read more
The Myth of Lightning not striking the same place again and again should be broken by now as in tomorrow.io post: What about ransomware, does it hit in the same place twice? Unfortunately just like lightning can hit the same place twice especially if it is a Metal rod on top of a tall building, … Read more
Patch your software and hardware (portswigger article) Password management – Keep passwords locked – 2FA MFA, Backup and test backups – social engineering – Phishing education (CISA – Cybersecurity& Infrastructure Security AgencyTips) Test your environment Why did i give the patching/upgrade the highest importance, because a policy of upgrading can lead your environment … Read more
