Microsoft 365 accounts of execs, managers hijacked through EvilProxy | allinfosecnews.com

Aug. 10, 2023, 11:41 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. The rise of phishing-as-a-service As organizations increasingly employ multi-factor authentication (MFA), threat actors have switched to using phishing services such as EvilProxy, which uses reverse proxy and cookie injection methods to steal authentication credentials and session cookies (and thus bypass the extra protection offered by MFA). … More →

The post …

account hijacking accounts as-a-service authentication campaign don't miss evilproxy executives factor hijacked hot stuff managers mfa microsoft microsoft 365 multi-factor multi-factor authentication organizations phaas phishing phishing-as-a-service phishing campaign proofpoint service services targeting threat threat actors tool world

More from www.helpnetsecurity.com / Help Net Security

Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 6 hours ago | www.helpnetsecurity.com

actor adaptive security articles asa +27

Most people still rely on memory or pen and paper for password management 2 days, 9 hours ago | www.helpnetsecurity.com

accounts australia authentication bitwarden +24

LSA Whisperer: Open-source tools for interacting with authentication packages 2 days, 9 hours ago | www.helpnetsecurity.com

authentication azuread cybersecurity github +16

What AI can tell organizations about their M&A risk 2 days, 10 hours ago | www.helpnetsecurity.com

acquisition adoption ai adoption amp +19

Breaking down the numbers: Cybersecurity funding activity recap 2 days, 10 hours ago | www.helpnetsecurity.com

10 million aim aim security alethea +55

New infosec products of the week: April 26, 2024 2 days, 11 hours ago | www.helpnetsecurity.com

april capabilities cyber cyberint +21

Net neutrality has been restored 2 days, 19 hours ago | www.helpnetsecurity.com

actions broadband communications consumers +24

Stellar Cyber and Acronis team up to provide optimized threat detection solutions for MSPs 3 days ago | www.helpnetsecurity.com

acronis aim and response cloud +22

Edgio Client-Side Protection enables organizations to secure critical customer data 3 days, 1 hour ago | www.helpnetsecurity.com

apis browser client client-side +26

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Network Security Engineer

@ Meta | Menlo Park, CA | Remote, US

View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Washington, DC

View on infosec-jobs.com

Threat Investigator- Security Analyst

@ Meta | Menlo Park, CA | Seattle, WA | Washington, DC

View on infosec-jobs.com

Security Operations Engineer II

@ Microsoft | Redmond, Washington, United States

View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Bug Bounty -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com