Microsoft Authenticator: Turn off App Lock

Are you being asked for a PIN when using Microsoft’s Authenticator app? Microsoft Authenticator now has “App Lock” enabled by default and you can see this in action below. This option means that you’ll be asked to put in your mobile pin (or biometric) every time you open the app. App Lock helps to make…

14 days since a client was last hacked

It’s been a year and a half since my last warning about enabling two factor on all internet facing accounts to prevent hacking, but it’s only been 28 days since a client’s Office 365 account was hacked and 14 days since a client’s Facebook was hacked. Neither client had two factor enabled. In a scenario…

IT Security Training Organisation Hacked

It’s big news when one of the largest organisations in the world offering IT certifications and security training gets hacked and this is what happened when an employee of the SANS institute recently fell victim to a phishing attack. The hacker configured a rule to auto-forward emails from the hacked account. This led to an…

Your servers could be at risk right now

Watch this one come around to bite people in a few months. Pretty much every server needs to be patched. The EXTERNAL risk might be quite low if you have correctly configured firewalls and networks. Unfortunately, the INTERNAL risk is immense unless you apply the work around below immediately. This critical vulnerability is as bad…

Dangerous Domain Up For Sale

A dangerous domain – corp.com – is being sold after 26 years of ownership. This domain would allow whoever wields it to have access to an unending stream of passwords, email and other data belonging to systems at hundreds of thousands of major companies worldwide. The current domain owner, Mike O’Connor, hopes that it will…

Windows Remote Desktop Gateway vulnerability

A vulnerability has recently been discovered in Windows Remote Desktop Gateway, which could leave you open to attacks. The vulnerability requires no user interaction and is pre-authentication. The attacker would be able to execute arbitrary code on your system. This means the attacker could install programs; view, change or delete data; or create new accounts…

VPN Vulnerability Could Put You At Risk

A security flaw has been found in Linux, Android, macOS and other Unix-based operating systems that would allow hackers to probe devices and discover details about your VPN (Virtual Private Network) connection status. Attacks could be carried out from a router, or by an attacker present on the same network. The vulnerability would allow attackers…

old laptop

Vulnerability in exposed ports in older Windows OS

A vulnerability has been found existing in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. Microsoft recently issued the first patch for Windows XP in May 2019, years after the last patch was released. Attackers are searching for vulnerable unpatched Windows systems that…

High-severity vulnerability found in Chrome

Over the weekend Google announced a high-severity bug in its Chrome browser that is already actively being used to hijack computers. We have already updated every customer machine that has been turned on this morning and have notified customers that they need to manually restart their browser to update Chrome. To get the latest version…