Entries by Mihai

Identity & Access Management (Entra ID)

Microsoft Entra ID is a cloud-based identity and access management service for applications like Office365 and Azure. Entra ID Security Defaults Security defaults are a group of settings that help protect your organization from emerging threats and cyberattacks like brute force attacks, password spraying, phishing, etc. Security defaults include the following requirements: Register a multi-factor […]

File Share Phishing: Overview

Cybercriminals’ favorite way to break into a company right now is by sharing a document that leads to a fake Microsoft login page. The link could direct you to SharePoint, OneDrive, Dropbox, or another site, but the goal is always the same – they want access to your email account. Because this attack has become […]

The Cross-site Scripting (XSS)

Cross-site scripting, also known as XSS, is a web security vulnerability that enables hackers to manipulate user interactions with compromised applications. Through cross-site scripting, the perpetrator can impersonate a user, execute any actions the user is able to, also can access and manipulate their data. If the user has privileges within the application, the perpetrator […]

The Man-In-The-Middle Attack

This type of cyberattack occurs each time a hacker intercepts and manipulates communications between two parties. So, once positioned as Man in the Middle, usually between a client and a server, the perpetrator will: Intercept data in transit. The attacker becomes a transit point for all data exchanged and can potentially intercept sensitive information, for […]

The Annual IT Security Assessment

Regular IT security assessments identify and address any weaknesses in networks, systems, and applications, to protect the organization from potential cyber threats. Such assessments are essential for organizations of all sizes. Why Are Security Assessments So Important? Security assessments are crucial because they objectively evaluate the state of security of an organization identifying potential security […]

SMTP Smuggling: Overview

The landscape of cybersecurity is evolving, so modern threats like SMTP smuggling are a stark reminder of the importance of staying up to date on defending against such cyberattacks. But what is SMTP smuggling, how does it work? What is Simple Mail Transfer Protocol? Simple Mail Transfer Protocol is a TCP/IP network protocol utilized to […]

Security Fatigue on Management

Stress and burnout caused by difficult situations, such as the pressure to understand and choose from all different cybersecurity solutions: multi-factor authentication, managed detection and response, mobile device management, DNS filtering, etc., can impact not only the decision-making process, but also the cybersecurity posture of your organization. One of the reasons why managers get to […]

Security Fatigue on End Users

As information security threats are multiplying, security measures are multiplying too. Employees are regularly informed of more threats to watch out for and more security policies to follow, creating additional workflows and distractions for their already busy days. This is very likely to have an impact on their daily tasks. For instance, just a simple […]

Types & Signs Of Brute Force Attacks

A brute force attack is just another hacking method where an attacker tries many password combinations or encryption keys until the right one is discovered. Basically, this method relies on the perpetrator’s skills and tools used to crack a password through multiple attempts to eventually get access to a system, account, database, or network. Brute […]

The Supply Chain Attack: Overview

This type of cyberattack occurs when the perpetrator gains illegitimate access to your organization’s digital infrastructure just by utilizing a third-party system (provider or partner) that is already connected to your infrastructure. Basically, because the third party has been granted the rights to use and modify areas of your network, your applications, or sensitive data, […]