compromise – PwnDefend

Minimum Data Requirements for Investigating Email Mailbox Compromise

When a suspected email mailbox compromise is reported, initiating an investigation promptly is critical. However, to ensure the investigation is effective, certain minimum intelligence requirements must be met. This blog outlines the bare minimum data needed to start investigating a suspected email mailbox compromise, whether the intelligence comes from an internal team or a third-party source.

Uncategorized

Living with your password strength head in the sand

Password audits, if you ask some security pros you will hear a million reasons why you would be insane to do them… ask me however and the answer is more nuanced. They are activities that must be handled with the upmost care, however…. they (in my experience) have been incredibly useful to help improve security postures and to enable organisations to understand risk! You are of course free to ignore what I think and live like an ostrich (or it really might not be suitable for your environment). I’m not going to talk about how to do a password audit today, I’m also not going to advise in this post on sourcing strategy (you may want to do in house or you might want to outsource, after all, you normally put all your hashes in someone else’s computer when you use cloud right!?), anyway enough rambling, year ago the NCSC UK did some password auditing research (it was good work – Spray you, spray me: defending against password spraying… – NCSC.GOV.UK) and now the DOI have also done similar, check out the report In the link below:

Defense

Post Business Email Compromise actions for Office 365 Users

If you have a business email compromise incident and you haven’t deteced it in a timely manner your fist notification might be a bad experiance, the threat actors may have commited fraud, attemped fraud or simply launched a phishing If you have a business email compromise incident and you haven’t detected it in a timely manner your fist notification might be a bad experience, the threat actors may have committed fraud, attempted fraud, or simply launched a phishing campaign from your environment. If you are in this position, there are some steps you can take from a technical point of view to limit impact and reduce risk of a re-occurrence. This blog is a high-level view at some of the tactical and longer-term activities you can conduct.