5 tips for SMEs to defend themselves against deception via the internet – Zolder BV

by Prapattimynk, Saturday, 22 July 2023 (7 months ago)
5 tips for SMEs to defend themselves against deception via the internet – Zolder BV


Blogs

In the digital world, SMEs are increasingly confronted with the threat of social engineering. In this blog post, we share valuable insights about two common forms of social engineering, phishing and CEO fraud. However, we emphasize the best practices that SMBs can follow to effectively protect themselves against these cyberthreats. Phishing and CEO Fraud Phishing includes (…) read more

Rick van Duin – 11 jul 2023

TLDR: you can use mitmproxy to modify stuff before it sent to Burp Proxy. Instruction below. Recently we were asked to asses a oldschool Java client server application. After configuring BurpSuite as a proxy and trusting the CA cert, we noticed the client communication still gave an error. It turned out the client and server (…) read more

Zolder BV – 04 jul 2023

The composite conclusion I get from CSBN and DBIR is that organizations are (still) mainly victimized via leaked credentials and email and that they can almost always prevent data breaches by implementing basic measures. And the basic measure that fits leaked credentials is Multi-Factor Authentication (MFA). read more

Erik Remmelzwaal – 22 jun 2023

Many organizations can only look back 7 days in their Microsoft365 logs. Far too little to adequately respond to incidents such as CEO Fraud and Ransomware. It is therefore important to understand the possibilities for extending that term. read more

Attic for healthcare is currently under development. We are particularly focused on the future availability of this powerful security solution and we invite healthcare institutions to participate in our beta testing phase. Partnership with Z-CERT In collaboration with Z-CERT, the leading provider of threat intelligence in the Dutch healthcare sector, Attic offers healthcare a unique (…) read more

Microsoft has recently made some improvements to the APIs that provide access to your tenant. GDAP Currently, Attic uses DAP, or Delegated Admin Privileges, to access your environment. Microsoft recently introduced an improved version of this functionality called GDAP, or granular delegated admin privileges. This new version (…) read more

Wesley Neelen – 08 mei 2023

Attic is a powerful platform that offers a lot of possibilities. Attic has a modular structure so that the platform can be supplemented with additional services, developed by Zolder, but in the future also by external suppliers. A few months ago I launched a free application called didsomeoneclone.me. This service is based on Microsoft Azure and fully cloud (…) read more

Zolder BV – 11 apr 2023

The time has almost come: roadmap technically we are approaching the point where we will complete the link of Attic with Microsoft Sentinel. And with that the opportunity to provide organizations with an affordable SOC service on a large scale. During our participation in the RSA conference, we will offer visitors to our stand and website to register (…) read more

Erik Remmelzwaal – 10 mrt 2023

The treasurer of Hockeyclub Zevenbergen received an attempted scam. Fortunately, it was recognized, but will that happen everywhere, now that internet scammers have apparently aimed their arrows at sports clubs? read more

Erik Remmelzwaal – 14 nov 2022

Microsoft’s Digital Defense Report 2022 has been released. What are the highlights and key takeaways? read more

Erik Remmelzwaal – 07 nov 2022

The TBX2022 fair took place on 2 and 3 November in the Jaarbeurs Utrecht. Like last year, Zolder was present as an exhibitor and hosted a master class on both days. Our main goal was to announce our new proposition of Attic for MSPs. With this new release, we introduce other (…) read more

Wesley Neelen – 05 sep 2022

Recently I came across an interesting cryptocurrency project called Helium. Its a wireless network built by people all around the world. The people that help expanding the network by adding a hotspot receive the Helium cryptocurrency coin by providing the coverage. During my research I decided to order one of those Helium miners. I ordered (…) read more

Wesley Neelen – 19 jul 2022

This year I decided to start a new study, the PEN-300 course of Offensive Security. In 2012 I did the OSCP course and in 2013 OSCE. In 2016 I took the OSEE class in Vegas, unfortunately never took the exam (one of my biggest mistakes ever🥴). I liked all the courses very much at that (…) read more

Zolder BV – 04 jul 2022

The NCTV has again published the annual Cyber ​​Security Assessment Netherlands. The CSAN-2022. A good reason to write down what I’ve had in my head for a long time. Three persistent and erroneous assumptions that people have about digital threats. So three misunderstandings, which in my experience are the main reason why we hardly get ahead with (…) read more

Erik Remmelzwaal – 02 jun 2022

Erik Remmelzwaal, co-owner and Managing Director of Zolder BV, recently took part in a table discussion of Data Value Center – Smart Industry (DVC-SI). The theme was Cyber ​​Resilience and Operational Technology, and the conversation was recorded at the Breda Robotics campus, of which Zolder is a member. The recording is now available and can be viewed (…) read more

Zolder BV – 01 nov 2021

Many companies are using cloud services such as Microsoft 365 for email, file sharing and communicating. If an attacker gains access to valid credentials that allows them to authenticate to the account, all information within the account is usually instantly accessible. Therefor, implementing multi factor authentication is one of the most important steps while securing (…) read more

Wesley Neelen – 16 sep 2021

During one of our engagements we were investigating a Microsoft 365 environment. My colleague Rik discovered that many SharePoint sites were publicly available within the organization. We were surprised by the amount sites that were wide open this way. A lot of sensitive information was located on those sites, for example PII-information and passwords for (…) read more

Rick van Duin – 29 aug 2021

During a recent engagement we encountered Xerox WorkCentre printers using default credentials (admin:1111). Usually it’s just another finding, but this time we noticed the printer had SMB and e-mail credentials configured. For LDAP we usually point the printer to our own IP and get access to the plaintext creds that way. But in the case (…) read more

Rick van Duin – 19 aug 2021

It’s important to enable audit logging for o365 even if you are not monitoring them actively. Atleast if you get hacked there’s logging to investigate :). The audit log is not always enabled by default, it seems to rely on license levels. However there are some important things to take into consideration. You can enable (…) read more

Erik Remmelzwaal – 04 aug 2021

If there is 1 digital threat that is in the news a lot, it is ransomware. There is even talk of a national crisis. read more



Source link

Comments

Your email address will not be published. Required fields are marked *

Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.