Many Gmail users were recently greeted with a message that alerted them that 2-step verification will be required to log into their accounts starting on November 9th (today). While many in the security community have been advising people to turn on 2-factor, 2-step, or any other secondary security method on every account as a way to protect the login process, the Twitterverse showed that many people were unhappy with Google’s implementation of this mandatory change.
I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious.
Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization.
Most users are familiar with Microsoft Exchange Online only as an application for accessing their email inboxes. However, by default, all users also have access to a system called Exchange Online PowerShell. This feature, designed primarily to assist IT administrators, allows a user to programmatically perform actions on a Microsoft 365 (M365) tenant. The specific actions a user can perform depend entirely on the user’s assigned roles.
With the ever-evolving landscape of email security services comes the ‘question’… ‘what are the top email security gateway services’? Our website analytics show that this term is searched for more regularly than most other general searches. A key indicator is that many top email gateway services brands have been tried and tested previously…market research is required to check for innovation – Is there anything you haven’t tried?
It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal. I once worked at a company that prohibited me from offering personal cybersecurity advice.
Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.
