Cybersecurity research analysts at Zscaler have uncovered a new large-scale phishing campaign targeting Microsoft email users. The main targets of the campaign are corporate users, specifically end users in Enterprise environments that use Microsoft email services. image credit: Zscaler The attackers use so-called Adversary-in-The-Middle (AiTM) techniques to bypass … [Read more...] about Another phishing attack that bypasses multi-factor authentication targets Microsoft email users
attack
Cybercriminals take shortcuts to attack business PCs
Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods. A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email … [Read more...] about Cybercriminals take shortcuts to attack business PCs
Office Phishing Attack circumvents multi-factor authentication
Microsoft security researchers and engineers discovered a massive phishing attack that has been targeting more than 10,000 organizations since September 2021. The malicious actors used adversary-in-the-middle (AiTM) phishing sites to steal passwords and session data; this allowed them to bypass multi-factor authentication protections to access user email inboxes and run … [Read more...] about Office Phishing Attack circumvents multi-factor authentication
Azure stops biggest DDoS attack ever, according to Microsoft
Microsoft stopped over 350,000 DDoS attacks just in the second half of 2021. What you need to know Microsoft's Azure DDoS Protection team mitigated an 'unprecedented level' of attacks in the second half of 2021. At one point in 2021, Microsoft stopped an average of 1,955 DDoS attacks per day. Microsoft mitigated an attack with a throughput of 3.47 Tbps in November, … [Read more...] about Azure stops biggest DDoS attack ever, according to Microsoft
Beware: Walmart phishing attack says your package was not delivered
A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks. A new email phishing campaign pretends to be from Walmart with a subject line of "Your Package delivery Problem Notification lD#" stating that they could not deliver your package because your address is incorrect. "Unfortunately we … [Read more...] about Beware: Walmart phishing attack says your package was not delivered
SolarWinds attack group targeted US government agencies in email attack
The Nobelium group behind the SolarWinds attack allegedly mounted another attack on U.S. government agencies. What you need to know The group behind the SolarWinds attack is allegedly behind another attack on U.S. government agencies. Microsoft detected the attack and shared details about it this week. The attack used the United States Agency for Internal … [Read more...] about SolarWinds attack group targeted US government agencies in email attack
Microsoft posts final update on Solarwinds attack, reveals which Microsoft product source code hackers were targeting
Microsoft has posted their final update on the Solarwinds attack which infected 18,000 companies last year, including Microsoft’s network. Microsoft says based on their investigation, more than 1,000 enemy engineers have worked on the attack. “When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. … [Read more...] about Microsoft posts final update on Solarwinds attack, reveals which Microsoft product source code hackers were targeting
New phishing attack uses Morse code to hide malicious URLs
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire. When using Morse code, each letter and number is encoded as a series of dots (short sound) and dashes (long sound). Starting … [Read more...] about New phishing attack uses Morse code to hide malicious URLs
WiFi Key Reinstallation Attack breaks WPA2 encryption
Researchers have discovered a flaw in the Wi-Fi standard that attackers may use to eavesdrop on wireless network traffic even if WPA2 is used for protection. Key Reinstallation Attacks, or Krack Attacks, work against all Wi-Fi networks protected by WPA2, and may in some cases be used to inject and manipulate data as well. The attack works against WPA and WPA2 standards, and … [Read more...] about WiFi Key Reinstallation Attack breaks WPA2 encryption
WiFi WPA2 Krack Attack, Flaw: Here's How To Stay Safe From Vulnerability
Monday morning brought the startling discovery that Wi-Fi Protected Access 2 (WPA2), a common protocol for securing wireless networks, suffers from a number of vulnerabilities that may expose sensitive information to attackers. Make no mistake, the threat posed by the exploits—dubbed as KRACK, short for Key Reinstallation Attacks, by the researchers who discovered the … [Read more...] about WiFi WPA2 Krack Attack, Flaw: Here's How To Stay Safe From Vulnerability