Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/114451022500331814">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 05-May-2025 03:40:23 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20250225114715.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a><div><a href="https://cyberplace.social/@GossiTheDog/114449279832078227" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p>Great NCSC piece by <a href="https://infosec.exchange/@ollie_whitehouse">@ollie_whitehouse</a> </p><p>I’d add - block by Entra policy specifically High risk logins (below is too FP prone), and SOC monitor them. SOC playbook = account probably compromised. How? </p><p><a href="https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers" rel="nofollow noreferrer">https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4992102#notice-9807075">In conversation</a><time datetime="2025-05-05T03:40:23+09:00" title="Monday, 05-May-2025 03:40:23 JST">about a month ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/114451022500331814" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/114451022500331814">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.ncsc.gov.uk</div><h5><a href="https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers">Incidents impacting retailers – recommendations from the NCSC</a></h5><div></div></header><div>A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 05-May-2025 03:40:23 JSTKevin Beaumont
in reply to
- Ollie Whitehouse
Great NCSC piece by @ollie_whitehouse
I’d add - block by Entra policy specifically High risk logins (below is too FP prone), and SOC monitor them. SOC playbook = account probably compromised. How?
https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
In conversationabout a month ago from cyberplace.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.ncsc.gov.uk
  Incidents impacting retailers – recommendations from the NCSC
  A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.

Public

Embed Notice

HTML Code

Corresponding Notice