During War are we getting Attacked More?

I am talking about the Russian war against Ukraine which started on Feb 2022. Do you have 80 computes, more than a dozen? Then it should be obvious that they all need to be standardized and if standardized and wrong they will all get hacked. So paying attention to details in your environment pays dividends. … Read more

Calendar Invite Phish Attack Also

I bumped intothis site  (Dresec)   latest post is “Phishing with Google calendar”   His first sentence is a disclaimer as he does not want other people to use the information to send phishing calendar invites. To him (and me) it is only designed to be a test within our organizations. Here is the sample … Read more

Microsoft Vulnerabilities Cause Special Problems

Nothing to see here – in Microsoft Land – Portswigger has the story: Apparently there is a feature in Microsoft Office Online Server that causes a Remote Code Execution(RCE) vulnerability. After hackers use a SSRF (Server Side Request forgery) attack, they can attack the systems with RCE. When Microsoft was told about this vulnerability they … Read more

Patching and Upgrading is Good Right? Hackers Take advantage of Updates!

So we are always telling everyone one of the things you must do is to patch and update our computers, so what happens… Someone figured out how to take advantage of this.  Of course this has an acronym: BYOVD- “Bring Your Own Vulnerable Driver”.  Arstechnica story You may know one of the axioms – everything … Read more