How to prevent weak MFA session token theft
Microsoft recently published an analysis of the techniques used by one popular phishing-as-a-service provider. We'll take that analysis and implement a solution based upon it
security
34 posts
Blocking malicious activity – too many email updates
I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.
Blocking Fileless malware
It's an Attack Surface Reduction rule and it is exploited in the wild, so it's import to close up this vulnerability to fileless attacks.
Where should you configure ASR rules?
Where should you configure ASR rules? I had this question, so I asked a contact in Endpoint Management at Microsoft.
Locking down device access to Azure AD
entities. Two of them are particularly good ideas to limit how a domain can be accessed and will create significant hurdles for criminals
Using user agent string to block USA based attacks
Recently, we've noticed more USA based attacks. Using MCAS we can block those attempts
If they are attacking this website, then they are attacking …
If you're mhklassen@aol.com, your account has been compromised and is being used by criminals to attack my website. I do hold you responsible because you've ignored that message to change your password to something more complex and use two-factor authentication.
Split an MCAS Alert to get the notification you need
What if we want both low and high severity alerts from a policy? Technically MCAS can't do this.
Exchange server vulnerability summary
There's been a lively discussion with "breaking news" about the extent of the intrusion into networks and the solution to it over on our Ransomware and Security group. Now that it seems to have reached a stable information point I thought I would summarize that you need to know.
MSP’s must do a security audit
Managed Service Providers are now a favorite target of hackers and their ransomware attacks. Everyone should now be woke and perform an internal security audit.