From The Blog

Displaying items by tag: IAM

After a recent attack on Federal Civilian Execute Branch (FCEB) Agencies by an APT (Advanced Persistent Threat) group currently suspected of being a nation-state group from China, (whew that was a long start), It has come to the attention of some cloud researchers that these signing keys are not just useful for attacking Exchange Online. According to cloud security company Wiz these MSA Keys can be used to forge tokens for anything that relies on Microsoft Azure AD (Entra ID) Identity services.

Published in News
Thursday, 13 January 2022 13:05

Secure Infrastructure in the distributed workplace

There was a time when the thought of secure infrastructure would bring items like properly configured IDS/IPS, Firewalls, Switches and Routers with hefty ACLs and 802.1x to mind. However, after Covid and even a bit before the traditional walled layout of the business network design was starting to become outdated. Remote workers and BYOD meant that not everyone could shelter safely inside the castle walls (not that they were safe before). Now IT and Security teams now had a much bigger area to observe and protect. The task becomes harder; much, much harder, but not impossible. The tools change and how you deploy, monitor, and update these tools also change. Let’s look at how to expand the concept of secure infrastructure into the modern distributed workforce.

Published in Security Talk