Cyber Security ⁽⁷⁾

Firstly, if you haven’t updated Google Chrome on all your devices, go and do so. Whilst the headlines around CVE-2026-0628 have mostly been exaggerated fearmongering, it has raised a very serious issue for administrators - do you let users install whatever browser extensions they want?…

In previous posts we looked at different authentication methods and evaluated their strengths and weaknesses, then looked at session hijacking and device-bound session credentials. We’re now going to put that knowledge to practical use by auditing the MFA methods in use in a Microsoft environment.

In the last post I looked at all the different methods of multi factor authentication, and evaluated the strength of each type. Passkeys came out as a clear winner, as they mitigate both fake domains and users being tricked into giving out their one time…

It's 2026, and identity is the new perimeter. The Crowdstrike Global Threat Report 2025 focuses heavily on the identity and key methods used to compromise accounts. Sure, attackers and bots are still hammering away at public IP addresses, looking for that RDP server you forgot…

I'm currently locked in a battle with a senior member of our organisation who is annoyed that someone they contact regularly at another organisation gets quarantined by our email security. Do you want to know why? They are not sending from an IP address specified…