#OnlineSecurity

What to do when receiving unprompted MFA OTP codes

by

December 17, 2023 at 04:44PM Summary: Receiving an unprompted one-time passcode (OTP) in an email or text suggests stolen credentials, highlighting the theft of legitimate corporate network access. Cyberattacks exploit these credentials for data theft, espionage, ransomware, and financial fraud. Multi-factor authentication (MFA) enhances security, reducing successful breaches but caution is advised with SMS and … Read more

Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel

by

November 6, 2023 at 04:06AM Google has issued a warning about a public proof-of-concept exploit called Google Calendar RAT (GCR) that utilizes its Calendar service for command-and-control infrastructure. The exploit creates a covert channel by manipulating event descriptions in Google Calendar. Although not yet observed in the wild, the exploit has been shared on underground … Read more