IT-Boost’s TOTP secrets were exposed due to browser-based OTP calculations, allowing extraction and potential security risks. ConnectWise released a fix using a secure TOTP API. Users should cycle secrets to prevent breaches. Read more in this blog about the vulnerability, risks, and best practices for secure TOTP implementation.
Exciting news! 🎉 We’ve recently created this advanced CSS phishing protection, and we’re making it available for everyone, for free! Threat Actors (TAs) frequently target finance or accounting personnel, and once they gain access, they often send altered invoices to existing customers with fraudulent account details. Depending on the business, the resulting financial and reputational … Read more
This improved Sentinel Analytics Rule can be used to detect malicious Inbox Rules used by threat actors to hide invoice fraud activity. I’ve used the Inbox rule currently available as a template within Sentinel, and modified it to alert on Outlook rules I encountered in the wild.
Use this function and logic app, to block abusive IP addresses using a custom rule, that hit a certain block limit on Azure WAF / Frontdoor. Leveraging Log Analytics Alerts. This greatly improves security for your origins, as threat actors won’t be able to scan indefinitely (or until rate limit is reached) for vulnerabilities. In … Read more
Schedule a call to talk to one of our Solution Consultants, who can help guide you on your journey to choosing the right IT solution or managed service for your business.
