- Complicated 365 Breach with 2FA enabled (Hypothetical of course) https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ 14 comments sysadmin
- From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ 6 comments netsec
Linking pages
- Ongoing phishing campaign can hack you even when you’re protected with MFA | Ars Technica https://arstechnica.com/information-technology/2022/07/microsoft-details-phishing-campaign-that-can-hijack-mfa-protected-accounts/ 31 comments
- New Gmail Attack Bypasses Passwords And 2FA To Read All Email https://www.forbes.com/sites/daveywinder/2022/08/02/gmail-warning-as-new-attack-bypasses-passwords--2fa-to-read-all-email/?sh=3b037a13a120 8 comments
- New Gmail Attack Bypasses Passwords And 2FA To Read All Email https://www.forbes.com/sites/daveywinder/2022/08/02/gmail-warning-as-new-attack-bypasses-passwords--2fa-to-read-all-email/ 2 comments
- Office 365 phishing campaign that can bypass MFA targets 10,000 organizations | CSO Online https://www.csoonline.com/article/3666697/office-365-phishing-campaign-that-can-bypass-mfa-targets-10-000-organizations.html 2 comments
- DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit - Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/ 0 comments
Linked pages
- Executive Order on Improving the Nation's Cybersecurity | The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ 127 comments
- GitHub - drk1wi/Modlishka: Modlishka. Reverse Proxy. https://github.com/drk1wi/modlishka 23 comments
- GitHub - kgretzky/evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication https://github.com/kgretzky/evilginx2 7 comments
- Franken-phish: TodayZoo built from other phishing kits - Microsoft Security Blog https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/ 0 comments