Symetri

Stay Ahead of Evolving Security Threats

27 June 2025

Cybercriminals are always evolving, and so should your defences. This month, we shine a spotlight on three often-overlooked yet critical security concerns that could put your business at risk. From app-based phishing scams to hijacked phone numbers and forgotten employee accounts, it’s never been more important to stay informed.

Stay Ahead of Evolving Security Threats

Consent Phishing in Microsoft 365: When Apps Are the Attack Vector

Not all phishing attacks try to steal your password. In consent phishing, attackers trick users into granting a malicious third-party app access to their Microsoft 365 data. Once consent is granted, attackers can read emails, access files, and even send messages—all without needing login credentials.

Why It Matters:

Users think they’re connecting to a legitimate app.

Admins may not realise the app has excessive permissions.

It bypasses traditional credential security tools.

How to Stay Safe:

Educate users to check app permission prompts carefully.

Review and audit all connected apps in your Microsoft 365 admin portal.

Use Conditional Access policies to restrict app authorisations.

SIM Swap Scams: Hijacking Your Mobile Identity

SIM swapping is a form of identity theft where attackers trick your mobile provider into switching your number to their device. Once they control your number, they can intercept SMS-based 2FA codes and reset account credentials.

 

Real-World Impact:

Social media and email accounts can be compromised in minutes.

Banking and payment apps may be taken over.

Victims often don’t realise until it’s too late.

How to Protect Yourself:

Use app-based authentication like Microsoft Authenticator or Google Authenticator.

Monitor mobile account changes and watch for loss of signal.

Use internal security codes or keywords for financial approvals.

The Dangers of Unused Accounts and Dormant Credentials

Old accounts don’t just clutter your user directory—they pose a serious security risk. Whether it’s an ex-employee’s login still active or unused admin credentials, attackers actively look for these weak points.

Why You Should Act:

Dormant accounts often lack modern MFA protection.

They’re rarely monitored, making them easy targets.

Attackers can move laterally through your network once inside.

Best Practices:

Conduct regular user audits to identify and remove stale accounts.

Implement automated offboarding procedures.

Use identity governance tools to enforce access reviews.

Vulnerabilities to Be Aware Of:

Cybercriminals are constantly looking for new ways to exploit both enterprise software and home devices. Here are some notable security threats disclosed in June 2025 that you should be aware of:

  • Critical ASUS Router Vulnerability
    A severe flaw in ASUS routers could allow attackers to gain admin-level access. If exploited, it gives full control over your network configuration.
    Read more ›

  • Microsoft 365 Copilot Security Flaw
    A critical vulnerability in Copilot for Microsoft 365 could allow unauthorised access to sensitive content and data summaries. Microsoft is investigating and has issued interim mitigation advice.
    Read more ›

  • Microsoft June 2025 Patch Tuesday
    This month's updates fixed over 60 vulnerabilities, including a zero-day actively exploited in the wild. Ensure your systems are patched promptly.
    Read more ›

  • Millions of Home Devices Targeted
    New reports show that millions of home internet devices—especially those with weak default credentials—are being targeted for botnet activity.
    Read more ›

  • OpenVPN Driver Flaw
    A vulnerability in the OpenVPN driver could allow attackers to crash Windows systems using malicious input, affecting many remote access setups.
    Read more ›

  • New Security Defaults for Windows 365 Cloud PCs
    Microsoft has introduced stronger default security configurations to better protect Windows 365 Cloud PC users—aimed at reducing identity compromise.
    Read more ›

  • Veeam Fixes Another Critical RCE Flaw
    For the third time in a year, Veeam has patched a critical Remote Code Execution vulnerability in its Backup & Replication software. Organisations using Veeam should update immediately.
    Read more ›


CAD and PLM: Why It’s the Solution for Manufacturing and Engineering Companies

CAD and PLM: Why It’s the Solution for Manufacturing and Engineering Companies

29 July 2025

Efficiency, accuracy, and innovation are crucial for staying competitive in the industrial landscape of today. Manufacturing and engineering companies face increasing challenges in managing product development, ensuring design accuracy, and optimising workflows. That’s where Computer-Aided Design (CAD) and Product Lifecycle Management (PLM) come into play.

PLM Implementation Best Practices

PLM Implementation Best Practices

29 July 2025

Implementing a Product Lifecycle Management (PLM) system can be transformative for any manufacturing or engineering organization, but success doesn’t happen by chance. It takes careful planning, collaboration, and the right tools. In this article, we’ll walk you through what PLM implementation involves, why it’s critical to your organization, the benefits it delivers, and the best practices to follow. We’ll also touch on common challenges to avoid, expected timelines, and how Sovelia Core can support your implementation journey.

PLM vs ERP: What's the Difference?

PLM vs ERP: What's the Difference?

29 July 2025

Manufacturing companies today need robust systems to manage their operations and product development efficiently. Two of the most important systems in this regard are Enterprise Resource Planning (ERP) and Product Lifecycle Management (PLM). While they serve different purposes, both play a crucial role in streamlining business processes, improving collaboration, and enhancing overall productivity.


Show more
Symetri
+44345 370 1500 · info@symetri.co.uk