Categories
Quotes

Microsoft Details How Phishing Campaign Bypassed MFA

I was quoted in this article. It’s always awesome to get quoted. 🙂

https://www.infosecurity-magazine.com/news/microsoft-phishing-campaign-mfa/

Categories
Quotes

Quoted in Hacker News – Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations

Categories
Quotes

This big phish can swim around MFA, says Microsoft Security

I was quoted in good ‘ol ‘El Reg today. It’s cool to see myself quoted on a page I read every morning as I started the day.

This big phish can swim around MFA, says Microsoft Security

Categories
Quotes

Large-Scale Phishing Campaign Bypasses MFA

I was quoted here about this MFA bypass technique

Carnival gets a $5mil fine, Microsoft changes mind on macros, and more!

The Jerich Show Podcast
The Jerich Show Podcast
Carnival gets a $5mil fine, Microsoft changes mind on macros, and more!



Loading





/

In this episode, Erich and Javvad talk about fake copyright infringement emails, Carnival cruise line is fined $5 for not having MFA, A Dutch univeristy makes money off a paid ransom, unemployment payments taken offline by ransomware and more. 

Stories from the show:

Fake copyright infringement emails install LockBit ransomware
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/

Cruise line operator Carnival hit with $5m fine for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff.
https://www.itpro.co.uk/security/cyber-security/368362/carnival-hit-with-5-million-fine-over-cyber-security-violations

Dutch University retrieves Bitcoin ransomware payment and makes a profit
https://www.theregister.com/2022/07/05/maastricht_university_ransom_return/

Cyberattack shuts down unemployment, labor websites across the US
https://www.theregister.com/2022/07/01/gsi-cyberattack-state-unemployment/

Supermarket chain Wegmans settles with New York over data breach
https://www.reuters.com/business/retail-consumer/supermarket-chain-wegmans-settles-with-new-york-over-data-breach-2022-06-30/

Google Updates Password Manager With New Security, Management Tools 
https://uk.pcmag.com/password-managers/141268/google-updates-password-manager-with-new-security-management-tools

Microsoft rolls back decision to block Office macros by default
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-block-office-macros-by-default/

 

Voices from the dead, CISA gets serious, and much more!

The Jerich Show Podcast
The Jerich Show Podcast
Voices from the dead, CISA gets serious, and much more!



Loading





/

In this episode, Javvad and Erich chat about Alexa bringing voices from the dead, CISA getting serious about Log4Shell, AI being alive and much, much more.

Stories from the show: 

CISA: Log4Shell exploits still being used to hack VMware servers
https://www.bleepingcomputer.com/news/security/cisa-log4shell-exploits-still-being-used-to-hack-vmware-servers/

Conti ransomware hacking spree breaches over 40 orgs in a month
https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/

Google engineer put on leave after saying AI chatbot has become sentient
https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine

Alexa could soon speak in a dead relative’s voice
https://www.npr.org/2022/06/23/1107079194/amazon-alexa-dead-relatives-voice 

Categories
Cybersecurity Quotes

I Was Quoted in Dark Reading

It’s always cool to be quoted. This time it was about Microsoft 365 users and how they are being targeted by voicemail-themed phishing attacks.

https://www.darkreading.com/remote-workforce/microsoft-office-365-users-raging-spate-attacks

Categories
Cybersecurity Quotes

Quoted in TechRepublic About the Voicemail Phishing Attacks

Here is another publication that picked up my quote about Microsoft 365 credential phishing via phishes that appear to be realted to voicemails.

https://www.techrepublic.com/article/targeted-voicemail-phishing-attacks/

Categories
Uncategorized

I Was a Guest on the Layer 8 Podcast

Here is a link to the podcast I did with Patrick Laverty for the Layer 8 Podcast. Patrick also runs the annual Layer 8 Conference, which is focused on OSINT and social engineering. It’s a great conference that won’t break the bank. After listening to the podcast, check out the conference.

https://anchor.fm/layer-8-podcast/episodes/Episode-85-Erich-Kron—Phishing-As-A-Service-e1jmi3a/a-a82vh3l

Categories
Cybersecurity Quotes

Quoted in Threatpost Today

It’s always cool to be quoted in an article. This one was about an ongoing vishing campaign using voicemail notifications to steal credentials. An old tactic, but very effective.

https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/