Phishing-as-a-Service by Criminals Means More Attacks

Mandiant has a post about a Phishing-as-a-Service that has recently been investigated by Mandiant. This Phishing as a service is of course trying to make things easier for the criminals to set up phishing campaigns. Above is the Dashboard for the Service called “Caffeine V2” As I have mentioned in my book “Too Late you’re … Read more

What Happens When MFA is Hacked? Phishing is Accurate & Effective

We learned  that MFA or 2FA (Multi or Two factor Authentication) is better than just a username and password to authenticate as all security people keep drumming into everyone right? Just to review MFA is a second form if authentication where the first form is a username and password. The second form can be a … Read more

Has cloud account been Hacked? Like Uber did?

Not just Uber but anyone with a cloud account has an admin account which is susceptible to social engineering hacks. (portswigger article link below) Google example: https://support.google.com/a/answer/57919?hl=en This article is for Google Workspace administrators who manage Gmail accounts for a company, school, or other group. To manage your personal Gmail account, go to the Gmail … Read more

2 WordPress Issues to Fix or Get Hacked

1. The BackupBuddy plugin needs to be updated as it has a critical flaw. 2. If one allows the pingback feature (which tries to notify the blog that a someone linked to it) or notifies another blog that got linked to.  It is about a service that notifies when blogs link and get linked. If … Read more

Attack versus Defense – What is Status?

It is September 5th, 2022  and probably as good a time as any to re-evaluate where we are with a general Attack versus Defense analysis: Attackers:  Only need to find one problem in defense to overcome and take advantage of to breach a system or network. Once the system is found that can be overtaken … Read more