#phishingprotection — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #phishingprotection, aggregated by home.social.
-
OpenAI launches Advanced Account Security with YubiKey support to lock down ChatGPT accounts
https://fed.brid.gy/r/https://nerds.xyz/2026/05/openai-advanced-account-security-chatgpt/
-
Bitwarden lets Windows 11 users sign in with passkeys instead of passwords
https://fed.brid.gy/r/https://nerds.xyz/2026/03/bitwarden-passkeys-windows-11-login/
-
Google Chrome Will Let You Turn Off On-device AI Models with Simple Toggle
#GoogleChrome #AI #OnDeviceAI #GeminiNano #Privacy #Security #Cybersecurity #Browsers #ScamDetection #PhishingProtection #WebBrowsers #ChromeCanary
-
Cybercriminals are eyeing Microsoft Exchange Servers like never before. CISA and NSA just laid out a fresh playbook—from tougher logins to bulletproof encryption. Ready to see if your defenses stack up?
https://thedefendopsdiaries.com/securing-microsoft-exchange-servers-key-guidance-from-cisa-and-nsa/
#microsoftexchange
#cybersecurity
#cisa
#nsa
#multifactorauthentication
#networkencryption
#accesscontrol
#patchmanagement
#phishingprotection -
Cybercriminals are eyeing Microsoft Exchange Servers like never before. CISA and NSA just laid out a fresh playbook—from tougher logins to bulletproof encryption. Ready to see if your defenses stack up?
https://thedefendopsdiaries.com/securing-microsoft-exchange-servers-key-guidance-from-cisa-and-nsa/
#microsoftexchange
#cybersecurity
#cisa
#nsa
#multifactorauthentication
#networkencryption
#accesscontrol
#patchmanagement
#phishingprotection -
Cybercriminals are eyeing Microsoft Exchange Servers like never before. CISA and NSA just laid out a fresh playbook—from tougher logins to bulletproof encryption. Ready to see if your defenses stack up?
https://thedefendopsdiaries.com/securing-microsoft-exchange-servers-key-guidance-from-cisa-and-nsa/
#microsoftexchange
#cybersecurity
#cisa
#nsa
#multifactorauthentication
#networkencryption
#accesscontrol
#patchmanagement
#phishingprotection -
Cybercriminals are eyeing Microsoft Exchange Servers like never before. CISA and NSA just laid out a fresh playbook—from tougher logins to bulletproof encryption. Ready to see if your defenses stack up?
https://thedefendopsdiaries.com/securing-microsoft-exchange-servers-key-guidance-from-cisa-and-nsa/
#microsoftexchange
#cybersecurity
#cisa
#nsa
#multifactorauthentication
#networkencryption
#accesscontrol
#patchmanagement
#phishingprotection -
What’s the difference between passwords and passkeys? It’s not just the protection they provide
#Tech #Hacking #CyberSecurity #Passwords #Passkeys #OnlineSecurity #DataProtection #Privacy #Phishing #TechTips #PhishingProtection #DigitalSafety #InfoSec
https://the-14.com/whats-the-difference-between-passwords-and-passkeys-its-not-just-the-protection-they-provide/ -
X users, time is ticking—re-enroll your 2FA keys by November 10, 2025, or risk getting locked out. Find out how this move is set to tackle rising cyber threats and secure your account for the future!
#2fa
#securitykeys
#accountsecurity
#phishingprotection
#cybersecurity2025 -
Imagine getting an email that perfectly mimics a trusted colleague—almost impossible to spot as a scam. Varonis Interceptor’s multimodal AI is stepping in to catch these next-level phishing tricks. Ready to see how it’s changing the game in email security?
#emailsecurity
#artificialintelligence
#phishingprotection
#cyberthreats
#varonisinterceptor -
For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.
Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.
DNS is really your friend as a security practitioner.
Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66
#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention
-
For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.
Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.
DNS is really your friend as a security practitioner.
Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66
#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention
-
For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.
Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.
DNS is really your friend as a security practitioner.
Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66
#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention
-
For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.
Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.
DNS is really your friend as a security practitioner.
Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66
#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention
-
For defending against phishing campaigns, you've got to have sensible security rules in place and a good overall security practice in your organization. You also need to be running EDR tools (EDR/XDR) and edge protection. These practices will all help, though they are not a silver bullet against the problem.
Be aware as a practitioner if DNS over HTTPS is becoming more present on your network. If you control your own DNS resolver, that's the best way to go.
DNS is really your friend as a security practitioner.
Listen to the full episode of the Breaking Badness Cybersecurity Podcast here: https://www.domaintools.com/resources/podcasts/morphing-meerkat-proton66-how-cybercrime-is-getting-easier/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Proton66
#DNS #cybersecurity #infosec #infosecurity #phishing #phishingprotection #phishingprevention
-
When Strong Passwords Fail: Lessons from a Silent, Persistent Attack
1,038 words, 5 minutes read time.
As an IT professional, I pride myself on maintaining robust security practices. I use unique, complex passwords, enable two-factor authentication (2FA), and regularly monitor my accounts. Despite these precautions, I recently experienced a security breach that served as a stark reminder: even the most diligent efforts can fall short if certain vulnerabilities are overlooked.
The Unexpected Breach
I maintain a Microsoft 365 Developer account primarily for SharePoint development. This account isn’t part of my daily workflow; it’s used sporadically for testing and development purposes. To secure it, I employed a 36-character random password—a combination of letters, numbers, and symbols. This password was unique to the account and stored securely.
Despite these measures, I received a notification early one morning indicating a successful login attempt from an unfamiliar location. Fortunately, 2FA was enabled, and the unauthorized user couldn’t proceed without the second authentication factor. This incident prompted an immediate investigation into how such a breach could occur despite stringent password security.
The Silent Persistence of Attackers
Upon reviewing the account’s activity logs, I discovered a disturbing pattern: months of failed login attempts originating from various IP addresses. These attempts were methodical and spread out over time, likely to avoid triggering security alerts or lockouts. This tactic, known as a “low and slow” brute-force attack, is designed to fly under the radar of standard security monitoring systems.
Such persistent attacks underscore the importance of not only having strong passwords but also implementing additional security measures. According to the Cybersecurity and Infrastructure Security Agency (CISA), 2FA is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless .
The Vulnerability of Dormant Accounts
One critical oversight on my part was the assumption that an infrequently used account posed less of a security risk. In reality, dormant accounts can be prime targets for attackers. These accounts often retain access privileges but are not actively monitored, making them susceptible to unauthorized access. As noted by security experts, dormant accounts often fly under the radar, making them perfect targets for threat actors. Since they aren’t actively monitored, cybercriminals can exploit them for weeks—or even months—before being detected .
This realization led me to reassess the security of all my accounts, especially those not regularly used. It’s imperative to treat every account with the same level of scrutiny and protection, regardless of its frequency of use.
Immediate Actions Taken
In response to the breach, I took several immediate steps to secure the compromised account and prevent future incidents:
First, I changed the account’s password to a new, equally complex and unique one. Recognizing that the email address associated with the account might have been targeted, I updated it to a more obscure variation, reducing the likelihood of automated credential stuffing attacks.
Next, I thoroughly reviewed the account’s security settings, ensuring that all recovery options were up-to-date and secure. I also examined the activity logs for any other suspicious behavior and reported the incident to Microsoft for further analysis.
Finally, I conducted a comprehensive audit of all my accounts, focusing on those that were dormant or infrequently used. I enabled 2FA on every account that supported it and closed any accounts that were no longer necessary.
Lessons Learned
This experience reinforced several critical lessons about cybersecurity:
Firstly, password strength alone is insufficient. While complex passwords are a fundamental aspect of security, they must be complemented by additional measures like 2FA. According to research, implementing 2FA can prevent up to 99.9% of account compromise attacks .
Secondly, dormant accounts are not inherently safe. Their inactivity can lead to complacency, making them attractive targets for attackers. Regular audits and monitoring of all accounts, regardless of usage frequency, are essential.
Thirdly, attackers are persistent and patient. The “low and slow” approach to brute-force attacks demonstrates a strategic method to bypass traditional security measures. Staying vigilant and proactive in monitoring account activity is crucial.
Strengthening Security Measures
In light of this incident, I have adopted several practices to enhance my cybersecurity posture:
I now regularly audit all my accounts, paying special attention to those that are dormant or infrequently used. I ensure that 2FA is enabled wherever possible and that all recovery options are secure and up-to-date.
Additionally, I have started using a reputable password manager to generate and store complex, unique passwords for each account. This tool simplifies the process of maintaining strong passwords without the need to remember each one individually.
Furthermore, I stay informed about the latest cybersecurity threats and best practices by subscribing to security newsletters and participating in professional forums. This continuous learning approach helps me adapt to the evolving threat landscape.
Conclusion
This incident served as a sobering reminder that no one is immune to cyber threats, regardless of their expertise or precautions. It highlighted the importance of a comprehensive security strategy that includes strong passwords, multi-factor authentication, regular account audits, and continuous education.
I encourage everyone to take a proactive approach to cybersecurity. Regularly review your accounts, enable 2FA, use a password manager, and stay informed about emerging threats. Remember, security is not a one-time setup but an ongoing process.
If you found this account insightful, consider subscribing to our newsletter for more cybersecurity tips and updates. Share your thoughts or experiences in the comments below—we can all learn from each other’s stories.
D. Bryan King
Sources
- CISA – Multi-Factor Authentication (MFA)
- arXiv – Understanding Multi-Factor Authentication Efficacy
- Microsoft – Why MFA Is a Must
- NCSC – Password Guidance: Simplifying Your Approach
- Tekie Geek – The Danger of Dormant Accounts
- OWASP – Authentication Cheat Sheet
- Bruce Schneier – Low and Slow Brute-Force Attacks
- Have I Been Pwned – Check if Your Email Was Compromised
- Australian Cyber Security Centre – Securing Your Accounts
- NIST – Updated Guidance on Digital Identity
- Kaspersky – Password Security Tips
- 1Password Blog – The Importance of MFA
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#2FA #accountHacking #accountMonitoring #accountTakeover #bruteForceAttack #cloudAccountProtection #cloudSecurity #compromisedAccount #compromisedCredentials #compromisedMicrosoftAccount #credentialStuffing #credentialTheft #cyberattack #cybercrime #cybersecurity #cybersecurityAwareness #cybersecurityLessons #developerAccountSecurity #dormantAccounts #emailSecurity #hackerPrevention #howHackersBypassMFA #identityProtection #infosec #ITProfessionals #ITSecurity #ITSecurityIncident #loginSecurity #lowAndSlowAttack #MFA #MFAImportance #Microsoft365Security #MicrosoftLogin #passwordAloneNotEnough #passwordBreach #passwordEntropy #passwordHygiene #passwordManagement #PasswordSecurity #passwordVulnerability #persistentThreats #phishingProtection #randomHashPassword #realWorldBreach #realWorldCybersecurity #securePasswords #securingDormantAccounts #securityAudit #securityBestPractices #securityBreach #SharePointDeveloperAccount #SharePointSecurity #strongPasswords #techSecurityBreach #tokenHijacking #TwoFactorAuthentication
-
Passwords are on the way out. Discover how U2F security keys are stopping phishing attacks and winning over tech giants. Could this be the future of online safety?
https://thedefendopsdiaries.com/universal-2nd-factor-u2f-a-new-era-in-online-security/
#u2f
#onlinesecurity
#cybersecurity
#phishingprotection
#authentication -
In Part 2 of our BEC-ware the Phish blog series, Rachel Rabin dives into the crucial steps for responding to and remediating Business Email Compromise (BEC) incidents in M365. 💻
We'll delve into the key response actions to contain a live attacker, looking at the complexities of token revocation and password resets in hybrid environments.
An effective response requires a proactive setup. Implement pre-configured response accounts and automation to take actions consistently and without delay.
Short-term remediations help get back to business as usual, and our long-term suggestions will protect against future phishing attacks.
We'll explore hardening measures such as Conditional Access policies, phishing-resistant authentication, token protections, and app consent policies to protect against AiTM and OAuth phishing frameworks.
Lastly, we'll look at dedicated controls to protect privileged accounts from phishing, such as cloud-only identity for cloud administrative activities.
Get the full technical breakdown in the latest blog: https://www.pentestpartners.com/security-blog/bec-ware-the-phish-part-2-respond-and-remediate-incidents-in-m365/
#CyberSecurity #BusinessEmailCompromise #M365Security #PhishingProtection #InfoSec #CloudSecurity #ZeroTrust #TechCommunity
-
Protecting Your Law Firm from Digital Threats: My Guest Appearance on Counsel Cast Podcast https://steelefortress.com/protecting-your-law-firm-from-digital-threats/ #BusinessEmailCompromise #Cybersecurity #DigitalThreats #LawFirmSecurity #PhishingProtection #Privacy
-
Protecting Your Law Firm from Digital Threats: My Guest Appearance on Counsel Cast Podcast https://steelefortress.com/protecting-your-law-firm-from-digital-threats/ #BusinessEmailCompromise #Cybersecurity #DigitalThreats #LawFirmSecurity #PhishingProtection #Privacy
-
Protecting Your Law Firm from Digital Threats: My Guest Appearance on Counsel Cast Podcast https://steelefortress.com/protecting-your-law-firm-from-digital-threats/ #BusinessEmailCompromise #Cybersecurity #DigitalThreats #LawFirmSecurity #PhishingProtection #Privacy
-
Protecting Your Law Firm from Digital Threats: My Guest Appearance on Counsel Cast Podcast https://steelefortress.com/protecting-your-law-firm-from-digital-threats/ #BusinessEmailCompromise #Cybersecurity #DigitalThreats #LawFirmSecurity #PhishingProtection #Privacy
-
In my latest appearance on Counsel Cast Podcast, I dive into a critical topic: How Can Your Law Firm Stay Ahead of Digital Hackers? 🖥️🔐 We discuss everything from phishing attempts to business email compromise, and I share actionable tips to protect your law firm from becoming a target. Don't wait until it’s too late—get proactive about your firm's cybersecurity today!
Listen now for key insights and takeaways that every law firm should be thinking about.
🎧 Tune in here: https://www.youtube.com/watch?v=8splSgkbpKE
#Cybersecurity #LawFirm #DigitalPrivacy #PhishingProtection #BusinessEmailCompromise #LegalTalk #CyberThreats #DataProtection #FamilyLaw #ChicagoLawyer #JonathanSteele #CyberAware #DigitalDefense #PrivacyMatters #LawFirmSecurity
-
In my latest appearance on Counsel Cast Podcast, I dive into a critical topic: How Can Your Law Firm Stay Ahead of Digital Hackers? 🖥️🔐 We discuss everything from phishing attempts to business email compromise, and I share actionable tips to protect your law firm from becoming a target. Don't wait until it’s too late—get proactive about your firm's cybersecurity today!
Listen now for key insights and takeaways that every law firm should be thinking about.
🎧 Tune in here: https://www.youtube.com/watch?v=8splSgkbpKE
#Cybersecurity #LawFirm #DigitalPrivacy #PhishingProtection #BusinessEmailCompromise #LegalTalk #CyberThreats #DataProtection #FamilyLaw #ChicagoLawyer #JonathanSteele #CyberAware #DigitalDefense #PrivacyMatters #LawFirmSecurity
-
In my latest appearance on Counsel Cast Podcast, I dive into a critical topic: How Can Your Law Firm Stay Ahead of Digital Hackers? 🖥️🔐 We discuss everything from phishing attempts to business email compromise, and I share actionable tips to protect your law firm from becoming a target. Don't wait until it’s too late—get proactive about your firm's cybersecurity today!
Listen now for key insights and takeaways that every law firm should be thinking about.
🎧 Tune in here: https://www.youtube.com/watch?v=8splSgkbpKE
#Cybersecurity #LawFirm #DigitalPrivacy #PhishingProtection #BusinessEmailCompromise #LegalTalk #CyberThreats #DataProtection #FamilyLaw #ChicagoLawyer #JonathanSteele #CyberAware #DigitalDefense #PrivacyMatters #LawFirmSecurity
-
In my latest appearance on Counsel Cast Podcast, I dive into a critical topic: How Can Your Law Firm Stay Ahead of Digital Hackers? 🖥️🔐 We discuss everything from phishing attempts to business email compromise, and I share actionable tips to protect your law firm from becoming a target. Don't wait until it’s too late—get proactive about your firm's cybersecurity today!
Listen now for key insights and takeaways that every law firm should be thinking about.
🎧 Tune in here: https://www.youtube.com/watch?v=8splSgkbpKE
#Cybersecurity #LawFirm #DigitalPrivacy #PhishingProtection #BusinessEmailCompromise #LegalTalk #CyberThreats #DataProtection #FamilyLaw #ChicagoLawyer #JonathanSteele #CyberAware #DigitalDefense #PrivacyMatters #LawFirmSecurity
-
🔒 Protect Yourself from Phishing! 🚫
Phishing is a common cyber fraud where attackers try to steal your sensitive information. 🎣 Learn to recognize and prevent phishing attacks with our tips on identifying suspicious emails, verifying links, and safeguarding your data.
Stay safe online and share this post to help protect your friends too! 🛡️✨
#CyberSecurity #StaySafeOnline #PhishingProtection #TechTips
-
A lot of email sent to my employer wouldn't be delivered if we hadn't added allow-list exceptions to our phishing protections, because the sending organisations haven't setup their email correctly. With Google already blocking email which fails SPF and DKIM and due in February to require DMARC for bulk senders this is a ticking time bomb for marketing and communication teams who rely mailing list emails being delivered to customers and supporters. Fix your email people!
#dmarc #spf #dkim #phishingprotection #emailmarketing https://www.rgbartlett.co.uk/your-email-is-going-into-a-black-hole/
