Session hijacking occurs when an attacker steals a valid session token—essentially, the key to a user’s active login session. In the case of Microsoft Teams, once a user logs in, their session token remains active and allows them to continue their work without repeatedly entering their password. While convenient, this token persistence also introduces a … Read more
IT-Boost’s TOTP secrets were exposed due to browser-based OTP calculations, allowing extraction and potential security risks. ConnectWise released a fix using a secure TOTP API. Users should cycle secrets to prevent breaches. Read more in this blog about the vulnerability, risks, and best practices for secure TOTP implementation.
Exciting news! 🎉 We’ve recently created this advanced CSS phishing protection, and we’re making it available for everyone, for free! Threat Actors (TAs) frequently target finance or accounting personnel, and once they gain access, they often send altered invoices to existing customers with fraudulent account details. Depending on the business, the resulting financial and reputational … Read more
I’ve recently encountered an issue where malicious email was imported into the Zendesk platform, while it was successfully quarantined by Microsoft 365. In this post, I go over the options to mitigate this threat. The problem lies in the fact that forwarding takes place prior to the email being processed by Microsoft 365’s spam and … Read more
Schedule a call to talk to one of our Solution Consultants, who can help guide you on your journey to choosing the right IT solution or managed service for your business.
