How SecWise is boosting hospital security for “AZ Mol”

How SecWise is boosting hospital security for “AZ Mol”

When last year the Sacred Heart Hospital of Mol was hit by a ransomware attack, they could have tried to cover up everything and act like nothing ever happened. Instead they decided to draw lessons from their experience, and not only work on improving their own security level, but serve as inspiration for other Belgian hospitals as well.

Read more

This year: Microsoft deprecation of Basic Authentication in Exchange Online

This year: Microsoft deprecation of Basic Authentication in Exchange Online

Microsoft has long announced that it is going to block legacy authentication, due to corona and other reasons, this announcement has been delayed. But now there is no escaping anymore and Microsoft will effectively begin on October 1, 2022 to turn off basic authentication for exchange online in all Microsoft 365 tenants regardless of usage, except for SMTP authentication.

Read more

Major change in Azure AD B2B management

Major change in Azure AD B2B management

Microsoft recently released something that we consider one of the major updates to Azure AD B2B management in years: “Cross-tenant access settings (preview)”. This brand-new feature is allowed to be consumed under the current MAU (monthly active users) licensing of Azure AD External Identities. You will need at least an Azure AD tenant that is linked to a subscription. An Azure AD Premium 1 or 2 license is required. The first 50.000 unique guest users are free each month.

Read more

New phishing vector possible in Microsoft Teams

New phishing vector possible in Microsoft Teams

Microsoft annouced on 26 january that they will enable a new collaboration feature with external customers and partners. This new feature makes it possible to chat with any teams users by entering the full email address or phone number you want to reach and start a 1:1 or group chat with anyone with a Microsoft personal account, no tenant switching required. This also means that external Teams Personal accounts users can start conversation with any teams at work users!

Read more

Law firm Lydian takes pioneering cybersecurity role

Law firm Lydian takes pioneering cybersecurity role

Lydian takes cybersecurity extremely seriously – both because of strict regulations and at the request of its customers. The company wants to take on a pioneering role that matches its tech-savvy ambitions.

Read more

How to bypass MFA in Azure and O365: part 3

How to bypass MFA in Azure and O365: part 3

This is the third and last part of our series about how to bypass MFA in Azure and O365. In this article, we share our advice on how you defend your organization against the attacks we described in parts 1 and 2.

Read more

Authentication context: what, why and when?

Authentication context: what, why and when?

Conditional Access authentication context is currently in public preview. It is a Zero Trust control plane that allows you to apply different access policies within all apps. Why, when, how do we use it?

Read more

Pen-testing in Microsoft Azure

Pen-testing in Microsoft Azure

Pen-testing is not incredibly complex, but doing it with respect for the rules of engagement, state rules, etc. can be very challenging.

Read more

How to bypass MFA in Azure and O365: part 2

How to bypass MFA in Azure and O365: part 2

In the first part of this series about how to bypass MFA in Azure and O365, we discussed how SSO works and how an attacker can abuse this. In this second part, we elaborate on a more complex attack technique based on MFA in Azure and O365.

Read more