What Happens When MFA is Hacked? Phishing is Accurate & Effective

We learned  that MFA or 2FA (Multi or Two factor Authentication) is better than just a username and password to authenticate as all security people keep drumming into everyone right? Just to review MFA is a second form if authentication where the first form is a username and password. The second form can be a … Read more

Has cloud account been Hacked? Like Uber did?

Not just Uber but anyone with a cloud account has an admin account which is susceptible to social engineering hacks. (portswigger article link below) Google example: https://support.google.com/a/answer/57919?hl=en This article is for Google Workspace administrators who manage Gmail accounts for a company, school, or other group. To manage your personal Gmail account, go to the Gmail … Read more

2 WordPress Issues to Fix or Get Hacked

1. The BackupBuddy plugin needs to be updated as it has a critical flaw. 2. If one allows the pingback feature (which tries to notify the blog that a someone linked to it) or notifies another blog that got linked to.  It is about a service that notifies when blogs link and get linked. If … Read more

Attack versus Defense – What is Status?

It is September 5th, 2022  and probably as good a time as any to re-evaluate where we are with a general Attack versus Defense analysis: Attackers:  Only need to find one problem in defense to overcome and take advantage of to breach a system or network. Once the system is found that can be overtaken … Read more

Anticipating Cyberattacks Too Hard

As per another Black Hat talk by a reporter: “IT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution” Kim Zetter gave a talk at BlackHat USA on August 11 about how the new attacks by cyber adversaries have caught the security community flat-footed. Zetter told Black Hat USA: “[Operation Aurora] was … Read more