Most phishing clicks have been aimed at cloud apps, the most targeted of which were those made by Microsoft as threat actors sought to compromise Microsoft 365 and Microsoft Live credentials, according to a report from Netskope.
"This means that passwords used for mail access may be intercepted by a network sniffer. Additionally, service exposure may enable password guessing attacks against the server," said Shadowserver.
In the enterprise security news, a final few fundings before the year closes out, Arctic Wolf buys Cylance from Blackberry for cheap, a sentence that feels very weird to say, the quiet HTTPS revolution, passkeys are REALLY catching on, resilience keeps showing up in the titles of news items, Apple Intelligence insults the BBC’s intelligence, MITRE ...
Increasingly prevalent sophisticated phishing kits and growing generative artificial intelligence adoption have prompted credential phishing intrusions to increase by 703% during the second half of this year, SiliconAngle reports.
After email bombing targeted users, Black Basta impersonates IT staff or support personnel on Microsoft Teams to trick users into downloading AnyDesk, Microsoft Quick Assist, and other legitimate remote access software according to a Rapid7 analysis.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
