The reuse of password by users is still probably the most common cyber security mistake organisations and individuals make – making a credential stuffing attacks profitable for threat actors. Once a threat actor has gathered their lists of credentials then they – or rather their automated tools will attempt to …
Microsoft takes action to disrupt ongoing persistent phishing and credential theft campaigns
Microsoft’s Threat Intelligence Centre (MSTIC) has shared an article outlining how the actions they have undertaken to disrupt the Russian threat actor, SEABORGIUM, phishing and credential theft campaigns. Disrupting SEABORGIUM’s ongoing phishing operations – Microsoft Security Blog
Microsoft 365 credentials stolen through redirects
Threat actors abused open redirects on the Snapchat and American Express websites to steal credentials for Microsoft 365 accounts. URL Redirection to Untrusted Site (‘Open Redirect’) (mitre.org) Get some training sop this does not happen to you, or worse, your team. Cyber Awake | Train Your Team To Protect Against …
Continue reading “Microsoft 365 credentials stolen through redirects”
How do threat actors get hold of your login credentials? They just ask you to send them over!
The US Government has issued a warning over the growth of text messages that are designed to manipulate you into giving away your secret information. US govt warns Americans of escalating SMS phishing attacks (bleepingcomputer.com) If it is happening in the US, why not extend the attacks to other English …
Brute force attacks on Window 11
Disabling risky services for any OS or software “out-of-the-box” is always a good idea. If you need it, then you or your system administrators can enable it. A brute force attack is where a threat actor – or normally a threat actor computer – will try a range of different …
