Large-Scale Phishing Campaign Can Hijack Accounts Even When They're Protected by MFA
Hackers tried to trick Christine Lagarde, New Spectre-based speculative-execution attack discovered, Windows Autopatch available now, Microsoft issues 86 security fixes, much more
The annual defense spending bill, which has become a primary legislative vehicle for cybersecurity provisions, is headed into the home stretch. Check out my latest CSO column that looks at some critical cybersecurity amendments that could be in this year’s legislation.
Microsoft revealed an ongoing large-scale phishing campaign that can hijack user accounts when they're protected with multifactor authentication measures designed to prevent such takeovers.
The threat actors behind the operation, who have targeted 10,000 organizations since September, have used their covert access to victim email accounts to trick employees into sending the hackers money. "From our observation, after a compromised account signed into the phishing site for the first time, the attacker used the stolen session cookie to authenticate to Outlook online (outlook.office.com)," members of the Microsoft 365 Defender Research Team and the Microsoft Threat Intelligence Center wrote in …
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.