Lessons from the JLR and M&S Cyber Attacks: What These High-Profile Breaches Reveal About Modern Threats
Two Breaches, One Pattern: What the JLR and M&S Cyber Attacks Tell Us About Where We’re Headed Over the past 18 months, two of the UK’s most recognisable brands, Marks & Spencer and Jaguar Land Rover have made headlines for serious cyber incidents. In both cases, the public was told little. No detailed technical disclosures. […]
Protecting Your M365 Accounts: The Domino Effect of Domain Impersonation and Phishing
In the fast-paced world of digital transformation, cybersecurity threats are constantly evolving, and domain impersonation is a significant concern. This sophisticated scam can set off a chain reaction leading to phishing attacks, Microsoft 365 account compromise, and session token hijacking. Understanding Domain Impersonation Domain impersonation, also known as spoofing, is a technique where cybercriminals create […]
Understanding Domain Impersonation: Protect Yourself Against Growing Cyber Threats
Introduction In today’s digital age, businesses face countless cyber threats, but one of the fastest growing and most damaging is domain impersonation. Cybercriminals use deceptive domain names to trick customers, steal data, and tarnish a brand’s reputation. In this post, we’ll break down what domain impersonation is, why it’s on the rise, and how Domain […]
Storm-2372 Device Code Phishing: How Thea Microsoft 365 Account Compromise Protection Shields Your Organisation
In recent months, a threat actor identified as Storm-2372 has been actively conducting device code phishing campaigns, targeting Microsoft 365 accounts across various sectors, including government, NGOs, IT services, defence, telecommunications, health, and energy. This sophisticated attack method exploits the OAuth2 device code authentication flow, enabling attackers to hijack authentication tokens and gain unauthorised access […]