Last updated at Wed, 25 Jan 2023 20:23:13 GMT
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too.
Rapid7 is responding to various compromises arising from the exploitation of CVE-2022-47966, a pre-authentication remote code execution (RCE) vulnerability impacting at least 24 on-premise ManageEngine products.…
On January 4, 2023, we alerted customers to a security incident. Today, we want to share with you what happened, what we’ve learned, and what our plans are to continuously improve our security posture for the future.
We would like to thank our customers for your attention to rotating and revoking secrets, and apologize for any disruption this incident may have caused to your work.…
Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) usingOffice 365. The attackers combine high-end spear-phishing with an adversary-in-the-middle (AiTM) attack to circumvent multi-factor authentication (MFA) and a Microsoft 365 design flaw that allows them to create access persistency with MFA.…
IP;C&C domains
45[.]76[.]80[.]199;twiiio-sso[.]com, box-okta[.]org, kucoin-pin[.]com, boxokta[.]com, kucoin-sso[.]com 66[.]42[.]107[.]233;slack-mailchimp[.]com 45[.]32[.]66[.]165;microsoft-sso[.]net, sendgrid-okta[.]org, mlcrosoft[.]info, mlcrosoft[.]cloud 45[.]76[.]238[.]53;ouryahoo-okta[.]org, ouryahooinc-okta[.]com 155[.]138[.]240[.]251;sykes-sso[.]com, internai-customer[.]io, ouryahoo-okta[.]com, ouryahoo-okta[.]net, techmahindra-sso[.]com 149[.]28[.]37[.]137;qualfon-sso[.]com, twiiio[.]net, twiiio[.]org, teleperformanceusa-sso[.]com, tmo-sso[.]net, okta-sso[.]net 149[.]248[.]1[.]50;att-mfa[.]com, att-rsa[.]com 108[.]61[.]119[.]20;mcsupport-okta[.]com, mailgun-okta[.]com, sprint-idg[.]net 149[.]28[.]212[.]53;tmobie[.]net 140[.]82[.]63[.]209;kucoinpin[.]com, kucoinpin[.]net, twiiio-okta[.]net 144[.]202[.]82[.]47;kucoin-pin[.]net, kucoin-sso[.]net 45[.]63[.]39[.]116;telus-sso[.]com 149[.]248[.]62[.]54;rogers-rci[.]net, rogers-ssp[.]com, iqor-duo[.]net, iqor-portal[.]com, cgslnc-okta[.]com, conexusonline[.]com, klaviyo-sso[.]com 66[.]42[.]91[.]138;arise-okta[.]com 216[.]128[.]141[.]52;rogers-rci[.]com,…
Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks use a custom phishing infrastructure, as well as a wide array of fake email accounts to impersonate trusted parties.…
Phishing has been a prominent cyber threat for decades, stealing the spotlight as the most prevalent attack vector for years, but the latest breed of attacks is more sophisticated and complicated to protect against than ever before. Attackers are always looking for new techniques to bypass security measures and remain undetected by victims.…