Get security beyond Microsoft products with Microsoft 365

Over time, organizations and individuals acquire stuff. Things we love and things we need. Things we don’t need but can’t seem to get rid of. I was confronted with this challenge when we bought a 1908 craftsman home. How could I make my beloved modern furniture and mandatory kid-friendly gear wor...

Steer clear of tax scams

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two weeks leading up to it, when about 25...

Threatlist: IMAP-Based Attacks Compromising Accounts at 'Unprecedented Scale'

Attackers mounting password-spraying campaigns are turning to the legacy Internet Message Access Protocol IMAP to avoid multi-factor authentication obstacles – thus more easily compromising cloud-based accounts. That’s according to researchers with Proofpoint, who found that in the past half year...

Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by "international cyber criminals." Citrix said it was warned by the F...

Houzz Urges Password Resets After Data Breach

Interior decorating website Houzz on Friday issued a notice that user data – including usernames, passwords and IP addresses – had been accessed by an “unauthorized third party.” Houzz connects consumers to varying home-goods departments or professionals for purchasing furniture. The Palo Alto,...

U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks

The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System DNS security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned that multiple government domains have been targeted by DNS...

3 Infosec Reflections to Kick off 2019 & Finally Shift the Balance of Power Back to Defenders

Wow. It's already 2019. Talk about a year in 2018 that flew by! I won’t spend this entire blog talking about 2018 but, needless to say, a lot happened in 2018 and it doesn’t look to slow down anytime soon. This time of year, I like to stop and reflect on the previous year and think about moving...

Step 2. Manage authentication and safeguard access: top 10 actions to secure your environment

This series outlines the most fundamental steps you can take with your investment in Microsoft 365 security solutions. We will provide advice on activities such as setting up identity management through active directory, malware protection, and more. In this post, we explain how to enable single...

Certificate Based Authentication on Gateway Insight

With Client Authentication enabled on an SSL virtual server, the NetScaler appliance asks for the Client Certificate during the SSL handshake. The appliance checks the certificate presented by the client for normal constraints, such as the issuer signature and expiration date. Here are some use...

Linux.org Redirected to NSFW Page Spewing Racial Epithets

The Linux organization said late Friday that its main domain, Linux.org, was hacked and defaced in a DNS hijacking incident. The group said that someone was able to compromise the registrar account for the domain and point its DNS to another server — as well as lock administrators out from changi...

Defending Credentials From Automated Attack Tools

By Danny Wasserman The folks on the Akamai Professional Services team are the people who help implement, configure, and tune the cloud security products that protect our customers' web applications from the daily onslaught of bots blasting login attempts against their websites, mobile apps, and...

A Breach, or Just a Forced Password Reset?

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefil...

CISO series: Secure your privileged administrative accounts with a phased roadmap

In my role, I often meet with CISOs and security architects who are updating their security strategy to meet the challenges of continuously evolving attacker techniques and cloud platforms. A frequent topic is prioritizing security for their highest value assets, both the assets that have the mos...

Zero-Trust Frameworks: Securing the Digital Transformation

Given the ongoing, rapid rise in digital transformation, the “zero-trust” concept is fast gaining traction as the go-to strategy for securing modern business networks. Zero trust refers to the notion of shifting access controls from the perimeter to the individual users and their devices. Thus,...

SMWYG-Show-Me-What-You-Got - Tool To Search 1.4 Billion Clear Text Credentials Which Was Dumped As Part Of BreachCompilation Leak

This tool allows you to perform OSINT and reconnaissance on an organisation or an individual. It allows one to search 1.4 Billion clear text credentials which was dumped as part of BreachCompilation leak. This database makes finding passwords faster and easier than ever before. Screenshot Above...

Passwords: Here to Stay, Despite Smart Alternatives?

The lowly password is much-maligned as being the weakest link in any company’s security defenses. That’s for good reason: It’s a fact that password reuse, a lack of strong passwords, a failure to change them on a regular basis and other human errors plague the efficacy of this de facto standard f...

How to share content easily and securely

This is the seventh post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page. Cumbersome restrictions and limitations on mobile devices, apps, and remote access can be taxing from an IT perspective and frustratin...

Take steps to secure your business and users with our security business assessment

Businesses can no longer afford to take cybersecurity for granted. You cant read the news without seeing a splashy headline about a successful hack or data breach at a well-known company. However, this isnt just a problem for large enterprisesincreasingly small and medium-sized businesses are...

Zero Trust Security Architectures - Akamai's Approach

This is Part 5 of a 5 part blog series. Jump to Part 1: Introduction Jump to Part 2: Network Micro-Segmentation Jump to Part 3: Software Defined Perimeter Jump to Part 4: Identity Aware Proxy Introduction In the first part of this blog series, we covered an overview of zero trust architecture...

Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration

UPDATE An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines. A Cofense analysis, published...