In today’s threat landscape, cybercriminals are getting smarter, and phishing attacks are more sophisticated than ever. Attackers use tools like Evilginx to bypass traditional security measures by stealing session tokens, or they simply export cookies from browsers on a compromised device, and they can impersonate users without ever needing their passwords or MFA codes. Possibly … Read more
How it works Previously, I’ve blogged about two variants that we used at Prof-IT Services to block malicious IP addresses on Azure Frontdoor that were going over a certain threshold. We’ve now created a more simplified version, that only uses a C# function app, managed identity, and log analytics workspace. Blocking abusive IP addresses that … Read more
It’s time to secure Google Workspace—even if you’re not using it. Read about our recent discovered vulnerability, called ‘G-Door’, which allows users to bypass Microsoft 365 conditional access rules.
Session hijacking occurs when an attacker steals a valid session token—essentially, the key to a user’s active login session. In the case of Microsoft Teams, once a user logs in, their session token remains active and allows them to continue their work without repeatedly entering their password. While convenient, this token persistence also introduces a … Read more
Schedule a call to talk to one of our Solution Consultants, who can help guide you on your journey to choosing the right IT solution or managed service for your business.
