Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks

October 9, 2024 at 09:11AM Threat actors are enhancing business email compromise (BEC) campaigns by using legitimate cloud file-sharing services like Dropbox and OneDrive, combined with social engineering tactics. This approach bypasses traditional security measures, allowing attackers to phish credentials and conduct further malicious activities. Microsoft advises enterprises to implement extended detection and response (XDR) … Read more

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

August 12, 2024 at 11:54AM Vulnerabilities in Google’s Quick Share utility allowed man-in-the-middle attacks and unauthorized file transfers to Windows devices. SafeBreach discovered 10 vulnerabilities, prompting two CVEs, and detailed their findings at DEF CON 32. The flaws have been addressed, but the utility remains under scrutiny. A scheduled task vulnerability was also exploited. The … Read more

Fresh MOVEit Bug Under Attack Mere Hours After Disclosure

June 25, 2024 at 05:59PM A critical security flaw in Progress Software’s MOVEit Transfer enables attackers to bypass authentication protocols and has been actively exploited shortly after being disclosed. The vulnerability, CVE-2024-5806 with CVSS 7.4, affects specific versions of MOVEit Transfer. Urgent patching is recommended due to the potential for cybercriminal exploitation and compromise of … Read more