August 24, 2022

Scammers exploit Office 365 to target high-ranking executives

A sophisticated business email compromise (BEC) campaign targets CEOs and CFOs to drain millions from corporate accounts.

August 24, 2022

Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams

A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.

August 24, 2022

Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication

Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).

August 24, 2022

Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets

Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA,Microsoft Authenticator, and Microsoft 365 Identity Protection

August 24, 2022

How attackers use and abuse Microsoft MFA

Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers.

August 24, 2022

Advanced business email compromise campaign targeting Microsoft 365 organizations

Researchers spotted a sophisticated business email compromise (BEC) campaign targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 Multi-Factor Authentication (MFA), Microsoft Authenticator, and Microsoft 365 Identity Protection.

August 18, 2022

Cyber breach: 5 Steps to a rapid business recovery

Cyberattacks are constant and security breach incidents inevitable. The National Cyber Security Centre offers guidance for public and private sector organisations to help minimise harm from breaches, while the UK’s data watchdog, the Information Commissioner’s Office (ICO) is focused on addressing the issues in the public sector that result in avoidable data breaches by raising data protection standards and preventing harm from occurring.

August 12, 2022

Five tips to deal with Slack’s data breach

Slack has admitted to accidentally exposing the hashed passwords of workspace users. The company says: “we notified approximately 0.5% of Slack users that we had reset their passwords in response to a bug that occurred when users created or revoked a shared invitation link for their workspace.”

July 28, 2022

Compromised Platforms – Ofer Maor, Mitiga

Mitiga CTO Ofer Maor explains how platforms such as Slack and Microsoft Office 365 are being compromised by cybercriminals.