October 8, 2024 at 04:32PM The Mamba 2FA platform is an emerging phishing-as-a-service (PhaaS) tool, targeting Microsoft 365 accounts through AiTM attacks. It offers a competitive price of $250/month and has evolved to enhance stealthiness and longevity. It specifically targets Microsoft 365 users and offers phishing templates for various services. This platform poses a significant … Read more
January 25, 2024 at 05:22AM A new China-aligned threat actor, tracked by ESET under the name Blackwood, has been linked to AitM attacks deploying the sophisticated NSPX30 implant via software update mechanisms. This multistage implant allows for packet interception, network information harvesting, and bypassing of anti-malware solutions. Information suggests a network implant is being deployed … Read more
December 4, 2023 at 08:36AM New BLUFFS vulnerabilities, detailed in CVE-2023-24023 with a 6.8 CVSS score, compromise Bluetooth Classic’s forward and future secrecy by enabling adversaries to impersonate devices and intercept communications between paired devices. Researchers suggest mitigation by using secure connection modes and sufficient key entropy. Key Takeaways from the Meeting on Bluetooth Vulnerability … Read more