A recent Bleeping Computer article reported that email security company Proofpoint, had observed a massive increase in credential spraying attacks that target Office 365 and G Suite. These attacks leverage legacy email protocols (IMAP) and credential dumps to bypass the multifactor controls provided by these platforms.

Apr 12
Apr 12 Slides and Content from The Boring Security Talk at CrikeyCon VI

Kieran Jacobsen

Security, Presentations

Last weekend I spoke at CrikeyCon VI. I am always excited to attend and present at CrikeyCon, the attendees are fantastic and overall the organisers have created an amazing conference ❤.

Feb 13
Feb 13 Videos from NDC Sydney 2018

Kieran Jacobsen

Security, Presentations

I forgot to post in December that the video from my NDC Sydney session, The Boring Security Talk, is available on YouTube and Vimeo.

Feb 12
Feb 12 Advice on Mitigating DNS Infrastructure Tampering

Kieran Jacobsen

Security

In January, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) took the unusual step of issuing an emergency directive (EN 19-01) about Mitigating DNS Infrastructure Tampering. Several days, the National Cyber Security Centre (NCSC) which is part of the UK Government Communications Headquarters (GCHQ) also issued an alert on DNS Hijacking activity.