5 matches found
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service PhaaS operation called BulletProofLink. The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police AFP and the U.S. Federal Bureau of Investigation...
Token tactics: How to prevent, detect, and respond to cloud token theft
As organizations increase their coverage of multifactor authentication MFA, threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team DART has seen an increa...
Evilgophish - Evilginx2 + Gophish
Combination of evilginx2 and GoPhish. Credits Before I begin, I would like to say that I am in no way bashing Kuba Gretzky and his work. I thank him personally for releasing evilginx2 to the public. In fact, without his work this work would not exist. I must also thank Jordan Wright for...
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server
A phishing-as-a-service PhaaS platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day...
Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations
Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication MFA. "The attackers then used the stolen credentials and session...