My Ubuntu-certified HP EliteBook greeted me this morning with a lovely blue GRUB screen. Memory test, UEFI Firmware Settings, the works.

apt full-upgrade installed a new OEM kernel and Canonical forgot 3 lines of GRUB config in their package.

This is the kind of detail that kills the Linux desktop experience. On a *certified* laptop.

When you try to join a local cybersecurity association and they ask for your number to add you to the WhatsApp group.

Am I the only one seeing a slight consistency issue here? 😅

I wish I was kidding.

#infosec #cybersecurity

EvilTokens; new PhaaS actively targeting Microsoft 365 via Device Code Flow abuse.

The attack abuses the legitimate OAuth Device Authorization Grant. The attacker sends you a code, you enter it on the REAL microsoft.com/devicelogin page and they get your tokens. MFA bypassed. Password reset won't revoke access.

Check if the flow is used in your tenant:
Entra Sign-in logs → filter "Authentication Protocol: Device code" → Last 30 days → check all 4 tabs.
All empty? You can block safely.

Block it:
Conditional Access → New policy → All users → All resources → Conditions: Authentication flows > Device code flow → Grant: Block access → ON.

Takes 5 minutes. Do it now.

#Microsoft365 #EntraID #CyberSecurity #EvilTokens #InfoSec