Careful
Security

BEC phishing campaign 

Microsoft issues warning on BEC phishing campaign 

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud  A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials …

Microsoft issues warning on BEC phishing campaign  Read More »

Phishing

Spokane Residential Health District (Phishing)

SRHD Apologizes and Commits to Corrective Actions Spokane Regional Health District (SRHD) confirmed personal data may have been disclosed after the discovery of an unauthorized breach of personal health information via a phishing email, occurring on February 24, 2022.

Careful Security

PCI Compliance On A Penny

We recently worked with a client to build a PCI compliant infrastructure in the cloud. Here are some key takeaways from that experience. Becoming PCI compliant is often perceived as a daunting task, as there are approximately 200 requirements that an organization needs to adhere to. However, just like Pareto’s 80-20 principle, here are some …

PCI Compliance On A Penny Read More »

Zero Trust

Zero Trust In The Time Of Covid19

What is Zero Trust Network? Zero Trust is somewhat like navigating through a high-security airport where we scan our ticket and validate our identity at multiple points of entry. It is about implementing and monitoring user-access control at a granular level. Zero Trust Network Access (ZTNA) ensures that only authorized users can access specific applications …

Zero Trust In The Time Of Covid19 Read More »

Careful Security

Recovering Hacked Website

Websites can be hacked because of multiple reasons. Some of the most common reasons that we’ve seen are account compromise, insecure plugins, non-restrictive file permissions. We’ve secured these weaknesses through simple steps such as implementing two factor authentication, updating old software, cleaning up malware and setting up a web application firewall to block future attacks.

Careful Security

Securing your Database

During a customary search for vulnerable databases, the team at Comparitech discovered a vulnerable and unprotected MongoDB database belonging to FarFaira, a website designed to promote literacy for children as young as 2 years old. The information on this database includes user sign-in information, email addresses, and social media tokens. Attack Outline While the Comparitech …

Securing your Database Read More »