Phishing

Security researchers have discovered that hackers are now employing a new zero-point font obfuscation technique to target Microsoft Outlook users. Unlike traditional phishing emails that try to evade automated detection, this novel approach aims to deceive recipients by making emails appear more trustworthy. In a recent report published by the SANS Internet Storm Center, cybersecurity…

Microsoft has warned customers about Adversary-in-the-Middle (AiTM) phishing kit available for sale on a popular cybercrime forum. The software is designed to make it easier for attackers to deploy phishing campaigns to target enterprise accounts. According to the Microsoft Threat Intelligence team, this phishing kit is an open-source tool that is developed by a hacking…

Microsoft has partnered with Yubico to announce new security solutions to help organizations prevent phishing attacks against Azure, Office 365, and remote desktop environments. The new security tools are designed to make it harder for malicious actors to target privileged Azure customers. YubiKey is a USB-like hardware authentication device that lets users secure access to…

Protecting your brand and your employees from phishing attacks is a critical first step to keeping your environment secure.

Microsoft has unveiled a recent cybersecurity attack that allowed the threat actors to compromise Exchange Online. The attacker abused unsecured administrator accounts to gain access to the cloud tenants and created malicious OAuth applications to reconfigure the victim’s email server to send phishing emails. OAuth is an open-standard authorization protocol that enables users to share…

Microsoft has discovered a new massive AiTM phishing campaign that can steal credentials even if the user account is protected with multi-factor authentication (MFA). The company has warned that the threat actors have targeted over 10,000 organizations since September 2021. According to Microsoft researchers, the AiTM campaign involves inserting a proxy server between a target…

The security analysts at INKY have recently discovered a new phishing campaign that targets Calendly, an automated meeting scheduling tool. The company explained that the campaign aims to steal users’ credentials by embedding malicious links into Calendly event invitations. Calendly is a popular app that allows users to schedule meetings, appointments, and events for individuals…

Microsoft has warned users about a new multi-phase campaign targeting enterprise customers. The Microsoft 365 Defender Threat Intelligence Team detailed its findings on its Security blog, which indicates that these phishing attacks mainly target organizations that haven’t enabled multi-factor authentication (MFA). As the name suggests, multi-factor authentication (MFA) is an authentication technique that requires two…

A recent report by a security vendor says that 25% of phishing messages get by Exchange Online Protection (EOP) and arrive into Office 365 user mailboxes. This highlights the need to configure EOP properly and run multiple lines of defense. Microsoft would like you to use Office 365 Advanced Threat Protection (ATP) alongside EOP. Offerings from other security vendors are also available. For better protection against phishing, you should consider something like ATP.