Discussion of public breaches of security
Mandiant has a post about a Phishing-as-a-Service that has recently been investigated by Mandiant. This Phishing as a service is of course trying to make things easier for the criminals to set up phishing campaigns. Above is the Dashboard for the Service called “Caffeine V2” As I have mentioned in my book “Too Late you’re … Read more
We learned that MFA or 2FA (Multi or Two factor Authentication) is better than just a username and password to authenticate as all security people keep drumming into everyone right? Just to review MFA is a second form if authentication where the first form is a username and password. The second form can be a … Read more
Not just Uber but anyone with a cloud account has an admin account which is susceptible to social engineering hacks. (portswigger article link below) Google example: https://support.google.com/a/answer/57919?hl=en This article is for Google Workspace administrators who manage Gmail accounts for a company, school, or other group. To manage your personal Gmail account, go to the Gmail … Read more
1. The BackupBuddy plugin needs to be updated as it has a critical flaw. 2. If one allows the pingback feature (which tries to notify the blog that a someone linked to it) or notifies another blog that got linked to. It is about a service that notifies when blogs link and get linked. If … Read more
It is September 5th, 2022 and probably as good a time as any to re-evaluate where we are with a general Attack versus Defense analysis: Attackers: Only need to find one problem in defense to overcome and take advantage of to breach a system or network. Once the system is found that can be overtaken … Read more
