Browsing Tag
Microsoft 365
11 posts
Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack
A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.
Telegram-Based “Sneaky 2FA” Phishing Kit Targets Microsoft 365 Accounts
Sneaky 2FA: New Phishing-as-a-Service targets Microsoft 365, leveraging sophisticated evasion techniques and a Telegram-based platform to steal credentials.…
New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails
Fortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim.
New Rockstar 2FA Phishing-as-a-Service Kit Targets Microsoft 365 Accounts
SUMMARY Cybersecurity researchers at Trustwave have discovered “Rockstar 2FA,” a phishing-as-a-service platform designed to help hackers and script…
Iranian Hackers Target Microsoft 365, Citrix Systems with MFA Push Bombing
Iranian hackers are targeting critical infrastructure organizations with brute force tactics. This article explores their techniques, including MFA…
Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings
A vulnerability in Microsoft 365’s anti-phishing measures allows malicious actors to deceive users into opening harmful emails by…
Cross Tenant Microsoft 365 Migration
With the massive adoption of Microsoft 365, encountering complex environments involving multiple tenants is becoming increasingly common.
New Phishing Attack Spoofs Microsoft 365 Authentication System
Vade, a provider of email security and threat detection services, has released a report on a recently discovered…
Hackers are using Microsoft Teams chat to spread malware
So far, researchers have identified thousands of these attacks involving abuse of the Microsoft Teams chat feature.
Conti ransomware affiliates hit Exchange Servers with ProxyShell exploits
Conti ransomware affiliates are exploiting 3 unpatched vulnerabilities that allow unauthenticated, remote code execution on MS Exchange Servers.