HackDig : Dig high-quality web security articles for hackers

Office 365 phishing campaign leverages Oracle and Amazon cloud services

Experts warn of a new sophisticated phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. The new sophisticated phishing scheme was implemented by threat actors for stealing Office 365 credentials, it leverages both cloud services from Oracle and Amazon for their infrastructure. The campaign has been ac
Publish At:2020-11-28 13:18 | Read:179 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phi
Publish At:2020-11-18 11:30 | Read:183 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Microsoft Office 365 phish

Creative Office 365 phishing inverts images to avoid detection bots

Experts spotted a creative Office 365 phishing campaign that inverts images used as backgrounds for landing pages to avoid getting flagged as malicious. Researchers at WMC Global have spotted a new creative Office 365 phishing campaign that has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by security s
Publish At:2020-11-08 09:41 | Read:210 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

O365 Phishing Attack Used Real-Time Validation against Active Directory

A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials.According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world’s Top 50 most innovative companies for 2019 on a Friday evening.The email used s
Publish At:2020-09-10 12:42 | Read:338 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Active

Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

By Marshall Chen, Loseway Lu, Yorkbing Yap, and Fyodor Yarochkin (Trend Micro Research) A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the
Publish At:2020-08-07 22:19 | Read:493 | Comments:0 | Tags:Cloud Targeted Attacks business email compromise credential

Phishers Using Fake Sharepoint Messages to Target Office 365 Details

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials.Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint.To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the
Publish At:2020-07-28 17:17 | Read:317 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Office

Office 365 users that are returning to the workplace targeted with Coronavirus training resources

Experts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In places
Publish At:2020-06-29 03:44 | Read:867 | Comments:0 | Tags:Breaking News Cyber Crime coronavirus Hacking hacking news i

Why Mobile Threat Defense is an Absolute Requirement to Protect O365/Teams Users & Zero Trust Efforts

Government agencies’ usage of Microsoft Office 365 and Teams has skyrocketed (over 900% for some agencies). Unfortunately, the cyber threats to the GFE and BYOD mobile devices that are accessing O365 has also significantly increased. Without implementing mobile threat defense (MTD) solutions, agencies and their “Zero Trust” initiatives are exposed and
Publish At:2020-06-16 14:44 | Read:626 | Comments:0 | Tags:Mobile Threat Defense Endpoint Manager Microsoft mobile thre

Phishers Use Fake VPN Config Notification to Target Office 365 Details

Security researchers observed phishers leveraging a fake VPN configuration notification to target employees’ Office 365 credentials.Abnormal Security found that the campaign attempted to capitalize on the trend of organizations implementing VPNs for the purpose of securing their remote employees during COVID-19. As quoted by the security platform:The a
Publish At:2020-06-04 08:21 | Read:614 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Office

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

byLisa VaasWhen work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misco
Publish At:2020-05-18 12:27 | Read:812 | Comments:0 | Tags:Malware Security threats Vulnerability .net Adobe Flash Apac

Watch out for Office 365 and G Suite scams, FBI warns businesses

byJohn E DunnThe menace of Business Email Compromise (BEC) is often overshadowed by ransomware but it’s something small and medium-sized businesses shouldn’t lose sight of.Bang on cue, the FBI Internet Crime Complaint Center (IC3) has alerted US businesses to ongoing attacks targeting organisations using Microsoft Office 365 and Google G Suite.Warnings
Publish At:2020-03-10 10:50 | Read:1041 | Comments:0 | Tags:BEC Google Microsoft Security threats business email comprom

99% of compromised Microsoft enterprise accounts lack MFA

byJohn E DunnCybercriminals compromise 0.5% of all Microsoft enterprise accounts every month because too few customers are using multi-factor authentication (MFA), the company has revealed.In a presentation uploaded to YouTube from the recent RSA Security Conference, director of Identity Security Alex Weinert said 1.2 million accounts were compromised in Jan
Publish At:2020-03-09 08:17 | Read:917 | Comments:0 | Tags:2-factor Authentication Microsoft Privacy Security threats W

Phishing Campaign Uses Malicious Office 365 App

<p>Most phishing campaigns attempt to take over accounts by tricking the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim’s account without requiring them to give up their credentials to the attackers.</p> <p>
Publish At:2019-12-09 10:40 | Read:924 | Comments:0 | Tags:Email Incident Response Office 365

Unique Countermeasures in Active Phishing Campaign Avoids Security Tools

<p>PhishLabs’ <u>Email Incident Response</u> analysts recently identified a phishing campaign leveraging novel tactics in the ongoing war between threat actors and security teams. In addition to presenting a unique twist on a popular lure theme, the campaign leverages a clever combination of tactics by attackers attempting to defeat email s
Publish At:2019-12-05 16:15 | Read:1081 | Comments:0 | Tags:Email Incident Response Office 365

Active Office 365 Phishing Campaign Targeting Admin Credentials

<p>PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign. In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains - an educational institution for example - not belonging to Micr
Publish At:2019-11-14 16:15 | Read:962 | Comments:0 | Tags:Email Incident Response SOAR Office 365

Tools