SMB

491 articles

Why using Google OAuth in work applications is unsafe

Google OAuth and phantom accounts

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

What’s wrong with cloud SSO implementations, and how to reduce attack risks

Securing cloud providers’ SSO

Single sign-on is supposed to enhance corporate security, but it’s essential that cloud vendors have the information security team’s back.

What is the principle of least privilege?

The principle of least privilege: what is it and why is it needed?

What’s the principle of least privilege, why’s it needed, and how does it help secure corporate information assets?

Scamming Booking.com clients through hotel accounts

Hacked hotel accounts on Booking.com

Attackers are hijacking hotel accounts on Booking.com, and stealing their clients’ banking data through its internal messaging system.

How cybercriminals disguise URLs

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.

Letters with Remcos RAT hosted in Discord

Remcos RAT via Discord

Cybercriminals send the Remcos remote-access trojan under the guise of letters from a new client.

What security issues does WordPress have?

WordPress security issues

Typical security issues of WordPress, and how they can be addressed to protect your website or online store from cybercriminals.

How to protect corporate routers and firewalls against hacking

Outdated Cisco equipment under threat from firmware

Espionage operations to hack corporate routers are now commonplace — and all organizations need to be aware of this.

Malware that steals Facebook accounts

How attackers use infected archives and malicious browser extensions to steal Facebook Business accounts.

How to lock your screen quickly and easily on Windows and macOS

Four ways to lock your screen on Windows and macOS

Four handy ways to lock your screen on Windows and macOS.

How to deploy an information security solution in a midsize business

Should the c-suite be worried about Gen AI?

Generative AI is now a common tool for many, but should business leaders be concerned?

Vulnerability in Confluence Data Center and Confluence Server

A good reason to update Confluence

It’s time to update Confluence Data Center and Confluence Server: they contain a serious vulnerability that allows unauthorized creation of administrator accounts.

Bad password policies and how to avoid them

A how-not-to guide to password policies

Examples of password policies that will have users tearing their hair out — and why you shouldn’t employ them.

GPU.zip: deft theft of secrets from video chips

We look at a new sophisticated attack on AMD and Intel integrated graphics cards.

How to properly store your user passwords

Password storage as the cornerstone of security

How online services should store user passwords, and how to minimize the damage in the event of a leak or hack.

Are Electron-based desktop applications secure?

Security of Electron-based desktop applications

A few words on why desktop applications based on the Electron framework should be approached with caution.

System time jumps in Windows: possible cause

Wrong system time and insecure Secure Time Seeding 

Why the Windows system time can suddenly change, and how to stop it from happening.

Ways to protect WordPress sites and blogs from hacking

How to stop your site from being a partner in crime

Why criminals want to hack your website, how they might use it in new attacks, and how to stop them.

What to patch first: prioritizing updates

Some thoughts on what PC software patches should be prioritized and why.

Information security gadgets

Gadgets to help protect employees’ devices against hackers and other threats.

TunnelCrack vulnerabilities in VPN clients

How to fix TunnelCrack VPN leaks

What caused a mass vulnerability in VPN clients, and how to keep them working.

Privacy & Kids

SMB