The types of cyberattacks bad actors gravitate to haven’t changed – only their sophistication. Phishing attacks are more popular than they’ve ever been. Chiefly, because of how accessible they’ve become through AI and machine learning. Staying ahead of modern-day cyber attacks will require organizations to fight fire with fire. This means adopting an AI-driven strategy...
Last Update: Nov 20, 2024
The Cybersecurity and Infrastructure Security Agency (CISA) has alerted that cybercriminals are seizing the turmoil from the recent CrowdStrike outage to launch attacks on affected businesses. The agency warns that these malicious actors are using malicious domains to distribute malware and compromise corporate networks. Last week, cybersecurity firm CrowdStrike released a faulty update for its…
Microsoft has recently published details about a hacking group dubbed Octo Tempest that uses advanced social engineering techniques, SIM swapping, and occasional physical threats to target organizations. Their activities have raised alarms and prompted Microsoft to release recommendations for organizations to strengthen their defenses against this emerging threat. According to the Microsoft Incident Response and…
Security researchers have discovered that hackers are now employing a new zero-point font obfuscation technique to target Microsoft Outlook users. Unlike traditional phishing emails that try to evade automated detection, this novel approach aims to deceive recipients by making emails appear more trustworthy. In a recent report published by the SANS Internet Storm Center, cybersecurity…
Microsoft has warned customers about Adversary-in-the-Middle (AiTM) phishing kit available for sale on a popular cybercrime forum. The software is designed to make it easier for attackers to deploy phishing campaigns to target enterprise accounts. According to the Microsoft Threat Intelligence team, this phishing kit is an open-source tool that is developed by a hacking…
Microsoft has partnered with Yubico to announce new security solutions to help organizations prevent phishing attacks against Azure, Office 365, and remote desktop environments. The new security tools are designed to make it harder for malicious actors to target privileged Azure customers. YubiKey is a USB-like hardware authentication device that lets users secure access to…
Microsoft has unveiled a recent cybersecurity attack that allowed the threat actors to compromise Exchange Online. The attacker abused unsecured administrator accounts to gain access to the cloud tenants and created malicious OAuth applications to reconfigure the victim’s email server to send phishing emails. OAuth is an open-standard authorization protocol that enables users to share…
Microsoft has discovered a new massive AiTM phishing campaign that can steal credentials even if the user account is protected with multi-factor authentication (MFA). The company has warned that the threat actors have targeted over 10,000 organizations since September 2021. According to Microsoft researchers, the AiTM campaign involves inserting a proxy server between a target…
The security analysts at INKY have recently discovered a new phishing campaign that targets Calendly, an automated meeting scheduling tool. The company explained that the campaign aims to steal users’ credentials by embedding malicious links into Calendly event invitations. Calendly is a popular app that allows users to schedule meetings, appointments, and events for individuals…
Last Update: Sep 04, 2024
Microsoft has warned users about a new multi-phase campaign targeting enterprise customers. The Microsoft 365 Defender Threat Intelligence Team detailed its findings on its Security blog, which indicates that these phishing attacks mainly target organizations that haven’t enabled multi-factor authentication (MFA). As the name suggests, multi-factor authentication (MFA) is an authentication technique that requires two…
Last Update: Nov 19, 2024
Protecting your brand and your employees from phishing attacks is a critical first step to keeping your environment secure.
Last Update: Nov 19, 2024
A recent report by a security vendor says that 25% of phishing messages get by Exchange Online Protection (EOP) and arrive into Office 365 user mailboxes. This highlights the need to configure EOP properly and run multiple lines of defense. Microsoft would like you to use Office 365 Advanced Threat Protection (ATP) alongside EOP. Offerings from other security vendors are also available. For better protection against phishing, you should consider something like ATP.