SCWorld.com reported that “Microsoft revealed an ongoing spear-phishing campaign that abuses the legitimate device code authentication flow to gain access to Microsoft 365 accounts. Device code authentication is used to access Microsoft 365 services from “input-constrained devices” such as printers, smart TVs, game consoles and other internet-of-things (IoT) devices that
Continue Reading Spear-Phishing (“Business Email Compromise” or “BEC”) targeted at Microsoft 365 accounts!
MSSPAlert.com reported that “Stolen credentials continue to be ‘coin of the realm’ for threat groups targeting cloud environments, and the range of tactics they use to get them – from phishing and business email compromise (BEC) campaigns to keylogging and brute force – prove that out.” The October 3
Continue Reading Are you surprised that Cloud Credentials are being stolen by Phishing and BEC?
CNN.com reported that “A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.” The February 4, 2024 article entitled “Finance worker pays out
Continue Reading AI helped create “deepfake” CFO for $25million BEC!
Darkreading.com reported that “One trend we’ve seen in recent years is a rise of “as-a-service” offerings. Early hackers were tinkerers and mischief-makers, tricking phone systems or causing chaos mostly as an exercise in fun. This has fundamentally changed. Threat actors are professional and often sell their products for others to
Continue Reading Are we at the Golden Age of AI Spearphishing (BEC) Cybersecurity threats?