Microsoft is warning business email customers about a large-scale phishing campaign that circumvented multifactor authentication to break into inboxes in a bid to commit fraud by obtaining payment data from corporate vendors. The email exchange giant says multiple iterations of the phishing campaign have targeted more than 10,000 organizations since last September. Read More
A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google’s email security by […]
Researchers have uncovered a new way to abuse a workflow automation feature in Microsoft 365 to exfiltrate data. Eric Saraga from cybersecurity firm Varonis discovered how Power Automate, a feature found in Microsoft 365 for Outlook, SharePoint, and OneDrive, can be abused to automatically share or send files, or forward emails, to unauthorized third parties. […]
Latest Comments