Collaborate Disseminate
Webshells explained, with some (safe) examples you can try at home if you want to learn more. Continue reading Serious Security: Webshells explained in the aftermath of HAFNIUM attacks
Deepfake video and audio has really advanced in recent years. Will this technology start to erode trust in the media we consume? Microsoft Exchange zero-days in the wild, and why is it that IT security investment on cybersecurity is at an all time high… Continue reading The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments
The Microsoft Exchange Zero-day exploit drop this week is a big one for 2021. The actions everyone needs to take when these exploits are being used in the wild is: 1. Take inventory Do you host an on-prem exchange server? Is the exchange server vulnera… Continue reading HAFNIUM Exchange Zero-Day Scanning
We have recently implemented an automated OCR, email scanning program that connects to our exchange email service, This service will open attached invoice and insert them into our accounting software program automatically. This program is … Continue reading Automatic OCR Document Capture Security Risks
Microsoft offers RAP as a Service for various platforms like AD, Exchange, Windows Servers/Desktops etc. Does anyone have an insight about these services from Microsoft vs other free tools like for AD Bloodhound is a really good one to hig… Continue reading RAP as a Service vs other freeware software tools
EXMO says that it is the latest in a longer line of cryptocurrency exchanges to have suffered at the hands of hackers, having spotted suspicious activity in the early hours of yesterday morning, where client’s accounts were accessed and large amounts w… Continue reading UK cryptocurrency exchange EXMO suffers breach, funds stolen
Cryptocurrency exchange Liquid has revealed that it was hacked last week, after a malicious attacker managed to seize control of its DNS records, seized control of some internal email accounts, and gained access to the firm’s document storage infrastru… Continue reading Cryptocurrency exchange Liquid suffers security breach, user data exposed
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities. Continue reading Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
365 provides an attack simulator where you can try out a dictionary attack on the users of the tenant. For testing I set up a demo user and selected it as a target. Then I provided a small list with passwords containing the actual password… Continue reading Microsoft 365 Attack Simulator – Brute Force [closed]
Are there any security issues on IMAP or Exchange where you could know whether the server was contacted before or not?
Background: I came across a product that claims that it can identify whether you have contacted a mail server via some e… Continue reading By sending an email to a server, can you identify whether it was contacted before?