Phishing Archives - ThreatsHub Cybersecurity News

Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks

August 8, 2023 TH Author Phishing, ransomware

Microsoft Defender is our toolset for prevention and mitigation of data exfiltration and ransomware attacks. Microsoft Purview data security offers important mitigations as well and should be used as part of a defense-in-depth strategy.
The post Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Threat actors strive to cause Tax Day headaches

April 13, 2023 TH Author Cybersecurity, Microsoft Defender for Office 365, Microsoft security intelligence, Phishing

With U.S. Tax Day approaching, Microsoft has observed phishing attacks targeting accounting and tax return preparation firms to deliver the Remcos RAT and compromise target networks.
The post Threat actors strive to cause Tax Day headaches appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit

March 13, 2023 TH Author adversary-in-the-middle, Cybersecurity, Man in the Middle, Microsoft, Microsoft security intelligence, Phishing, Security

DEV-1101 is an actor tracked by Microsoft responsible for the development, support, and advertising of several AiTM phishing kits, including an open-source kit capable of circumventing MFA through reverse-proxy functionality.
The post DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

November 17, 2022 TH Author Cybersecurity, Microsoft security intelligence, Phishing, ransomware

DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
The post DEV-0569 finds new ways to deliver Royal ransomware, various payloads appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Disrupting SEABORGIUM’s ongoing phishing operations

August 15, 2022 TH Author Callisto, COLDRIVER, Cybersecurity, Microsoft security intelligence, Phishing, SEABORGIUM

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.
The post Disrupting SEABORGIUM’s ongoing phishing operations appeared first on Microsoft Security Blog. READ MORE HERE…

Networkworld

Cisco admits hack on IT network, links attacker to LAPSUS$ threat group

August 11, 2022 TH Author cyberattacks, data breach, Phishing

Cisco says an employee’s credentials were compromised after an attacker gained control of a personal Google account. READ MORE HERE…

Microsoft Secure

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

July 12, 2022 TH Author Business Email Compromise (BEC), Cybersecurity, Microsoft security intelligence, Phishing

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).
The post From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

‘Ice phishing’ on the blockchain

February 16, 2022 TH Author Blockchain, Cybersecurity, Microsoft security intelligence, Phishing

Our recent analysis of a phishing attack connected to the blockchain reaffirms the durability of threats like social engineering, as well as the need for security fundamentals to be built into related future systems and frameworks.
The post ‘Ice phishing’ on the blockchain appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA

January 26, 2022 TH Author Cybersecurity, MFA, Microsoft security intelligence, Phishing

We uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign.
The post Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

Franken-phish: TodayZoo built from other phishing kits

October 21, 2021 TH Author Cybersecurity, Microsoft security intelligence, Phishing, zero-point font

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today.
The post Franken-phish: TodayZoo built from other phishing kits appeared first on Microsoft Security Blog. READ MORE HERE…

← Previous