all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Defending against AiTM phishing and BEC - suggestions?

Add to bookmarks
July 29, 2022, 5:10 p.m. | /u/dklopfer

cybersecurity www.reddit.com

From the article on Microsoft Threat Intelligence Center, an attacker attempts to obtain a target user’s session cookie so they can skip the whole authentication process and act on the latter’s behalf by using a proxy server. Once the target entered their credentials and got authenticated, they were redirected to the legitimate office.com page, However, in the background, the attacker intercepted said credentials and got authenticated on the user's behalf. This allowed the attacker to perform follow-on activities

[https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/](https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/)


Would …

aitm phishing bec cybersecurity phishing

Visit resource

More from www.reddit.com / cybersecurity

MITRE says state hackers breached its network via Ivanti zero-days 9 hours ago | www.reddit.com
breached cybersecurity hackers ivanti +4
MITRE says state hackers breached its network via Ivanti zero-days 13 hours ago | www.reddit.com
amp att cybersecurity mitre +2
How does your organization handle software requests that have not made it to the approved … 13 hours ago | www.reddit.com
cyber cybersecurity government helpdesk +5
Any thoughts on making Dropbox less blacklistable more secure? 13 hours ago | www.reddit.com
cybersecurity docs documents dropbox +13
Chinese Government Poses 'Broad and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says 14 hours ago | www.reddit.com
cybersecurity
Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam 15 hours ago | www.reddit.com
cybersecurity lastpass master passwords +2
The big hack at VW - China in focus 15 hours ago | www.reddit.com
big case china chinese +15
All versions of Crush FTP are vulnerable 16 hours ago | www.reddit.com
action april crushftp cybersecurity +10
Cyber Awareness 17 hours ago | www.reddit.com
adjust asking can certificate +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Officer Level 1 (L1)

@ NTT DATA | Virginia, United States of America
View on infosec-jobs.com

Alternance - Analyste VOC - Cybersécurité - Île-De-France

@ Sopra Steria | Courbevoie, France
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote US or Remote CAN
View on infosec-jobs.com

Cyber Security Engineer Lead

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com
View more jobs