OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.
Source: Threat Post – Web Security –
[...]
AuthorTara Seals
Facebook Small Business Grants Spark Identity-Theft Scam
The cybercrooks spread the COVID-19 relief scam via Telegram and WhatsApp, and ultimately harvest account credentials and even pics of IDs.
Source:
[...]
Zerologon Attacks Against Microsoft DCs Snowball in a Week
The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active
[...]
Joker Trojans Flood the Android Ecosystem
September saw dozens of Joker malware variants hitting Google Play and third-party app stores.
Source: Threat Post – Mobile Security – Joker
[...]
FortiGate VPN Default Config Allows MitM Attacks
The client’s default configuration for SSL-VPN has a certificate issue, researchers said.
Source: Threat Post – Web Security – FortiGate VPN Default
[...]
Free Apple iPhone 12? Chatbot Scam Spreads Via Texts
Convincing SMS messages tell victims that they’ve been selected for a pre-release trial for the soon-to-be-launched device.
Source: Threat Post – Web
[...]
Activision Refutes Claims of 500K-Account Hack
The Call of Duty behemoth said that the reports of widespread hacks are false.
Source: Threat Post – Web Security – Activision
[...]
Fileless Malware Tops Critical Endpoint Threats for 1H 2020
When it comes to endpoint security, a handful of threats make up the bulk of the most serious attack tools and tactics.
[...]
Firefox for Android Bug Allows ‘Epic Rick-Rolling’
Anyone on the same Wi-Fi network can force websites to launch, with no user interaction.
Source: Threat Post – Web Security –
[...]
The TikTok Ban: Security Experts Weigh in on the App’s Risks
With no hard evidence of abuse, are bans warranted? The real security concerns will likely come after the ban goes into effect, researchers
[...]