credential theft

In a chilling demonstration of how well-coordinated phishing campaigns can wreak havoc, attackers recently targeted corporate Microsoft Azure environments by wielding malicious DocuSign PDF files. These attacks, according to Palo Alto Networks' Unit 42, aimed at infiltrating European automotive...

The Hidden Threat Lurking in Legitimate Platforms A phishing campaign with a particularly devious strategy has emerged, targeting Microsoft's Azure account users through an exploitation of HubSpot, a popular customer relationship management (CRM) platform. This campaign focuses on industries...

When we think of phishing, we traditionally imagine poorly executed emails riddled with typos that even the most casual observer could spot as fraudulent. But let’s be crystal clear: phishing isn’t what it used to be. Welcome to "HubPhish," an advanced phishing initiative targeting 20,000...

In the ever-evolving landscape of cybersecurity, a recent report sheds light on a sophisticated cyber-espionage campaign orchestrated by suspected Chinese state-backed hackers. Dubbed Operation Digital Eye, this malicious campaign employed an array of advanced tactics, leveraging tools such as...

In a grim reminder of cybersecurity's ever-evolving landscape, researchers have uncovered a new and sophisticated adversary-in-the-middle (AiTM) cyberattack targeting Microsoft 365 credentials. This campaign is powered by the upgraded Rockstar 2FA, a phishing-as-a-service (PhaaS) platform that...

Cybersecurity experts worldwide are buzzing about a new and daunting threat: the “Rockstar 2FA” phishing kit. This tool has been making waves as it exploits adversary-in-the-middle (AiTM) techniques to harvest credentials from Microsoft 365 users despite their use of multifactor authentication...

In an ever-evolving landscape of cybersecurity threats, Microsoft has taken a formidable step with its latest feature, Administrator Protection, in Windows 11. This innovative approach is designed to tackle the rising trend of credential theft and bolster administrative security. But how exactly...

In a dramatic escalation of cyber espionage tactics, the OilRig hacking group—known by various aliases such as Earth Simnavaz and APT34—has recently turned its focus to Microsoft Exchange servers, leveraging vulnerabilities to pilfer sensitive login credentials. This troubling development aligns...

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...

Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and...

Original release date: August 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a...

Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...

Original release date: October 3, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...

Original release date: October 03, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...

Original release date: July 20, 2018 Systems Affected Network Systems Overview Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state...

Original release date: April 27, 2017 Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial...

In this video Seth Moore describes another benefit of the Windows 10 Isolated User Mode: credential theft mitigation. He first describes the kinds of credentials that can be stolen and how a hacker gains access to them. He then describes how the Windows 10 Isolated User Mode prevents the typical...