HackRead Media’s Post

New research from Darktrace has uncovered a new phishing campaign that bypassed multifactor authentication (MFA) protocols by using legitimate Dropbox infrastructure. This highlights the importance of staying vigilant and constantly updating security measures to stay ahead of cyber threats. Stay safe out there! #cybersecurity #phishing #multifactorauthentication #Darktrace

A new phishing campaign is sending what appear to be harmless emails from legit Dropbox email addresses, but contain a malicious link. The malware then redirects to a fake Microsoft Office 365 login page to harvest users’ credentials. https://buff.ly/3vweLmS . . Interested in more stories and quick hits and can't miss cyber news? Hit follow and subscribe to our weekly newsletter. . . . #cybersecurity #infosec #cyberattack #news #cybernewsletter #hacking #cybercrime #dropbox #phishing #office365 #microsoft

#cybersecurity #deceptive_tactic #Microsoft is combatting #phishing attacks by creating realistic honeypot tenants on Azure to lure cybercriminals and gather intelligence. This includes a "hybrid high interaction honeypot" on code.microsoft.com. The company monitors 25,000 phishing sites daily, baiting 20% with honeypot credentials. https://lnkd.in/g6ajSBti

To bypass analysis by email detonation systems, the files shared in these phishing attacks are set to ‘view-only’ mode, disabling the ability to download and consequently, the detection of embedded URLs within the file. #phishing #credentialstealer #compromise #microsoft365 #dropbox #darkweb

Microsoft uses honeypots to gain new information on hackers and their patterns. By doing this, the Microsoft team can learn their IP addresses, locations, and even what phishing kits they rely on. To read more check out this article! https://lnkd.in/ex_baB-X #cybersecurity #microsoft #phishers #honeypots

Beware of malicious #PDF files that appear to be from Microsoft and warn you about two-factor authentication (#2FA). These PDFs are #phishing scams that can trick you into scanning QR codes that lead to phishing sites or download malware. These phishing sites can then steal your #Microsoft account credentials. Be cautious of any QR codes you encounter, especially in unsolicited emails or attachments. #cybersecurity #sucurity https://lnkd.in/g7s4AuWa

MFA/2FA: Attackers Successfully Bypassed MFA "The researchers noted that it is “relatively simple” for attackers to abuse legitimate third-party solutions like Dropbox for phishing attacks, rather than relying on their own infrastructure." "[Researcher] Darley noted that generative AI technologies are having a huge impact in enabling attackers to craft more sophisticated phishing messages." https://lnkd.in/eu7R8GcN #MediaHighlights #infosecurity #darley #mfa #2fa #totp #dropbox #breach #insecure #security #cybersecurity #infosec #ictsecurity #itsecurity #threat #ai #phishing

A sophisticated phishing campaign utilizing the Tycoon 2FA Phish-kit and Amazon Simple Email Service (SES) has been discovered. This campaign involves high-profile redirects and compromised domains to steal user credentials. The attack, designed to evade detection, consists of multiple stages and uses various services. In the Phishing sample analysis, it was found that the attack typically starts with an email sent from an Amazon SES client. These emails frequently contain a valid signature, enhancing their credibility. #CyberSecurity #Phishing #AmazonSES #SecurityAwareness https://lnkd.in/ehqYpqgV

A recent report sheds light on a potential security loophole in Dropbox that may compromise multi-factor authentication (MFA). Researchers have uncovered a flaw in allowing unauthorized access, even with MFA enabled. It's crucial to update security settings! #Cybersecurity #DropboxSecurity #MFA #StaySecure 💻🔒 https://lnkd.in/eFZHu9hY

Get The Drop On Phishing Attacks Abusing Dropbox "Phishing attacks are constantly evolving, and Dropbox is their latest target. Our recent analysis at Darktrace dives into these threats and offers actionable insights to keep your data secure. Understanding these tactics is crucial in our fight against cybercrime. If you're interested in how Darktrace ActiveAI Security Platform is changing Email Security, find more insights here https://buff.ly/3WSVneF or contact me. Further information regarding Darktrace Email Security can be found here: https://lnkd.in/esie4qBu #darktrace #email #cybersecurity #phishingprotection"