Microsoft is warning of an active scam that diverts employees’ paycheck payments to attacker-controlled accounts after first taking over their profiles on Workday or other cloud-based HR services. Payroll Pirate, as Microsoft says the campaign has been dubbed, gains access to victims’ HR portals by sending them phishing emails that trick the recipients into providing… Read More »
The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple, accessible infrastructure. Given the strategic utility of such equipment, it is highly likely that similar devices are already being exploited in ongoing or future smishing campaigns.” Sekoia said it’s unclear how the devices are being… Read More »
The obfuscated code inside an .svg file downloaded from one of the porn sites. Credit: Malwarebytes The obfuscated code inside an .svg file downloaded from one of the porn sites. Credit: Malwarebytes Once decoded, the script causes the browser to download a chain of additional obfuscated JavaScript. The final payload, a known malicious script called… Read More »
Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises. If true, the attack, reported in a blog post Thursday by security firm Expel, would be huge news, since FIDO is widely… Read More »
Microsoft says it’s making passwordless logins the default means for signing in to new accounts, as the company helps drive an industry-wide push to transition away from passwords and the costly security problems they have created for companies and their users. A key part of the “passwordless by default” initiative Microsoft announced on Thursday is… Read More »
These sorts of adversary-in-the-middle attacks have grown increasingly common. In 2022, for instance, a single group used it in a series of attacks that stole more than 10,000 credentials from 137 organizations, and led to the network compromise of authentication provider Twilio, among others. One company that was targeted in the attack campaign but wasn’t… Read More »
Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers warned. The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication… Read More »
Dialog box finally allows the creation of a passkey on a security key. The dueling dialogs in this example are by no means unique to macOS. Too many cooks in the kitchen “Most try to funnel you into a vendor’s sync passkey option, and don’t make it clear how you can use other things,” Brown… Read More »
“Microsoft assesses that Secret Blizzard either used the Amadey malware as a service (MaaS) or accessed the Amadey command-and-control (C2) panels surreptitiously to download a PowerShell dropper on target devices,” Microsoft said. “The PowerShell dropper contained a Base64-encoded Amadey payload appended by code that invoked a request to Secret Blizzard C2 infrastructure.” The ultimate objective… Read More »
Prosecutors allege that the phishing attacks ran from at least September 2021 to April 2023. During that time, the defendants sent text messages to mobile phones of employees of the targeted companies that purported to come from the IT departments of their employers. The text messages often falsely warned that the employees’ accounts would be… Read More »