I was quoted in this article. It’s always awesome to get quoted. 🙂
https://www.infosecurity-magazine.com/news/microsoft-phishing-campaign-mfa/
I was quoted in good ‘ol ‘El Reg today. It’s cool to see myself quoted on a page I read every morning as I started the day.
This big phish can swim around MFA, says Microsoft Security
Categories
Large-Scale Phishing Campaign Bypasses MFA
I was quoted here about this MFA bypass technique
/
RSS Feed
In this episode, Erich and Javvad talk about fake copyright infringement emails, Carnival cruise line is fined $5 for not having MFA, A Dutch univeristy makes money off a paid ransom, unemployment payments taken offline by ransomware and more.Â
Stories from the show:
Fake copyright infringement emails install LockBit ransomware
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/
Cruise line operator Carnival hit with $5m fine for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff.
https://www.itpro.co.uk/security/cyber-security/368362/carnival-hit-with-5-million-fine-over-cyber-security-violations
Dutch University retrieves Bitcoin ransomware payment and makes a profit
https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/
Cyberattack shuts down unemployment, labor websites across the US
https://www.theregister.com/2022/07/01/gsi-cyberattack-state-unemployment/
Supermarket chain Wegmans settles with New York over data breach
https://www.reuters.com/business/retail-consumer/supermarket-chain-wegmans-settles-with-new-york-over-data-breach-2022-06-30/
Google Updates Password Manager With New Security, Management ToolsÂ
https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools
Microsoft rolls back decision to block Office macros by default
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/
Â
/
RSS Feed
In this episode, Javvad and Erich chat about Alexa bringing voices from the dead, CISA getting serious about Log4Shell, AI being alive and much, much more.
Stories from the show:Â
CISA: Log4Shell exploits still being used to hack VMware servers
https://www.bleepingcomputer.com/news/security/cisa-log4shell-exploits-still-being-used-to-hack-vmware-servers/
Conti ransomware hacking spree breaches over 40 orgs in a month
https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/
Google engineer put on leave after saying AI chatbot has become sentient
https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine
Alexa could soon speak in a dead relative’s voice
https://www.npr.org/2022/06/23/1107079194/amazon-alexa-dead-relatives-voiceÂ
Categories
I Was Quoted in Dark Reading
It’s always cool to be quoted. This time it was about Microsoft 365 users and how they are being targeted by voicemail-themed phishing attacks.
https://www.darkreading.com/remote-workforce/microsoft-office-365-users-raging-spate-attacks
Here is another publication that picked up my quote about Microsoft 365 credential phishing via phishes that appear to be realted to voicemails.
https://www.techrepublic.com/article/targeted-voicemail-phishing-attacks/
Here is a link to the podcast I did with Patrick Laverty for the Layer 8 Podcast. Patrick also runs the annual Layer 8 Conference, which is focused on OSINT and social engineering. It’s a great conference that won’t break the bank. After listening to the podcast, check out the conference.
Categories
Quoted in Threatpost Today
It’s always cool to be quoted in an article. This one was about an ongoing vishing campaign using voicemail notifications to steal credentials. An old tactic, but very effective.
https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/