all InfoSec news
Microsoft 365 accounts of execs, managers hijacked through EvilProxy
Help Net Security www.helpnetsecurity.com
A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. The rise of phishing-as-a-service As organizations increasingly employ multi-factor authentication (MFA), threat actors have switched to using phishing services such as EvilProxy, which uses reverse proxy and cookie injection methods to steal authentication credentials and session cookies (and thus bypass the extra protection offered by MFA). … More
The post …
account hijacking accounts as-a-service authentication campaign don't miss evilproxy executives factor hijacked hot stuff managers mfa microsoft microsoft 365 multi-factor multi-factor authentication organizations phaas phishing phishing-as-a-service phishing campaign proofpoint service services targeting threat threat actors tool world