WithSecure Cloud Protection’s Post

As companies affected by the Crowdstrike outage begin to recover, here's what you need to know: ⚠️ Beware of phishing emails posing as CrowdStrike support. Cybercriminals will take advantage of the confusion created by the recent update issue of phishing employees and attempt to steal credentials and sensitive information.  Remind employees to be vigilant and refresh their memory on how to spot phishing emails. Be on alert when there are well-publicized issues with popular technology companies. 🚫 Suspicious Domains: As of today, suspicious domains have been registered, and they may be leveraged in upcoming campaigns. These look-alike domains do not belong to Crowdstrike, and we recommend blocking them in advance. View a list of these domains and everything you need to know about the outage in our threat advisory here: https://lnkd.in/g92RSmp3 #CyberSecurity #CrowdStrike #Phishing #InfoSec

🦠 How a backup of Office 365 could save your data after a phishing attack. 👉 Check the full story: https://lnkd.in/d3QhizbX   Your data stored in the cloud can be impacted by #ransomware, #malware and #phishing attacks that will encrypt your data and possibly stop your organization. Check the real reason to have a #backup solution nowadays for Microsoft 365 and secure your environment. Review how you protect your environment from phishing, and malware attacks and prepare yourself.   🗃️Check the Microsoft documentation on how to protect Microsoft 365 from Phishing and encryption of your data: - Microsoft 365 and phishing: https://lnkd.in/dgC5hYUz - Microsoft 365 and ransomware: https://lnkd.in/dYYTXhSF - Protect your Microsoft 365: https://lnkd.in/dssUeFAV   🎁 Get FREE access to afi.ai backup for 4 weeks: https://lnkd.in/d8nUbK4Y   #microsoft #office365 #microsoft365   - - - If you want to stay on top hit 👍 and click 🔔 on my profile.

There's a new phishing scheme making the rounds, and cybersecurity teams should be on the lookout. The new "My Slice" campaign harnesses an adaptive phishing technique that makes it even more difficult to identify. In adaptive phishing, attackers gather information about their victims from sources such as social media and previous data breaches to create targeted phishing messages that appear legitimate. They may even use personal details to trick victims into thinking they are a trusted contact. My Slice, specifically, comes packaged as an email prompt that their email has exceeded its limit. #Cybersecurity #Phishing #AdaptivePhishing #MySlice https://lnkd.in/gvNnQrm9

🔒 Stay ahead of the game! 🚨 2024 brings forth 9 Salesforce Security Threats you can't afford to ignore: 1️⃣ The Battle of AI 🤖 2️⃣ The Compound Effect of Security Gaps 🕵️♂️ 3️⃣ The Persistent Threat of Phishing: Beyond the Inbox 🎣 4️⃣ Accelerating Threats: The New Pace of Ransomware Attacks ⚡️💻 5️⃣ Visibility: The Foundation of Security 🔍 6️⃣ A Cautionary Tale ⚠️ 7️⃣ ‘Big Game’ Hunting in Cybersecurity 🎮🕵️♀️ 8️⃣ Ignorance Is Not Bliss 🚫😓 9️⃣ Arrogance Is Expensive 💸💼 Level up your Salesforce security with Nlineaxis IT Solutions Pvt Ltd today! 💼🔒 For More, Visit: https://nlineaxis.com/ #SalesforceSecurity #Cybersecurity #Nlineaxis #StaySecure

There's a new phishing scheme making the rounds, and cybersecurity teams should be on the lookout. The new "My Slice" campaign harnesses an adaptive phishing technique that makes it even more difficult to identify. In adaptive phishing, attackers gather information about their victims from sources such as social media and previous data breaches to create targeted phishing messages that appear legitimate. They may even use personal details to trick victims into thinking they are a trusted contact. My Slice, specifically, comes packaged as an email prompt that their email has exceeded its limit. #Cybersecurity #Phishing #AdaptivePhishing #MySlice https://lnkd.in/d_kRxHx4

Azure is one of the most heavily targeted technologies in the world as it allows for integration with Active Directory (AD) which is run by around 90% of large corporations.This presents an extremely alluring target for malicious threat actors and has necessitated a response from Microsoft with ways to deal with the illicit consent grants of consent phishing. In this second blogpost of the Consent Phishing series, Jonathon Everatt explores the execution of a consent phishing attack from both a red team perspective and how a blue team could detect the path of compromise, as well as some actions that can be taken to make it more difficult for the attacker to get back in. Take a read here: https://lnkd.in/d4dgM75K #phishing #consentphishing #socialengineering #credentials #remediation #recommendations #azure #redteam #blueteam #cybersecurity #informationsecurity #mwrcybersec

Don't Get Hooked: Defending Against Fake Microsoft Account Team Emails in 2024 In an era of rampant phishing attacks, distinguishing between legitimate communications and cleverly crafted scams is more critical than ever. With Microsoft account team emails increasingly targeted by cybercriminals, staying vigilant is the key to safeguarding your data and maintaining a secure digital environment. Join us as we unravel the complexities of identifying phishing attempts and explore actionable strategies to fortify your defenses against malicious actors. https://lnkd.in/er-3yeeq #Cybersecurity #PhishingScams #MicrosoftSecurity

ONNX phishing service targets Microsoft 365 accounts at financial firms   In the ever-evolving landscape of cyber threats, a new phishing-as-a-service (PhaaS) platform, ONNX Store, has emerged as a significant threat to financial institutions. This sophisticated platform targets Microsoft 365 accounts using QR codes in PDF attachments to bypass traditional security measures.   As a cybersecurity company, we must emphasise the importance of vigilance and advanced protective measures. The ONNX Store's ability to circumvent two-factor authentication and mimic legitimate Microsoft 365 login interfaces poses a serious risk to financial firms and their employees.   We urge organisations to educate their staff on the latest phishing tactics and to implement robust security protocols to defend against such targeted attacks. It's a stark reminder that in the digital age, our defenses must be as dynamic and innovative as the threats we face. Stay safe, stay informed, and prioritie cybersecurity in your organisation.   https://lnkd.in/dtgJ6jJE #CyberSecurity #Phishing #FinancialSector #Microsoft365 #ONNXStore #CyberThreats #InfoSec

Have you secured keys to your Microsoft Azure accounts? Different #attacks have happened on #microsoftazure in last 24 months that have exposed data of thousands of accounts which are now being used to conduct #phishing campaigns targeting senior executives from multiple organizations. Targets are sent a shared document with a malicious link hidden behind ‘view document’ taking user to a phishing page and stealing their credentials when they try to authenticate. Once an account is compromised, attackers add their own phone number or authenticator app for #MFA. Hackers also use frequently alternating proxy services to mask their true location and evade geo-fencing policies. This proves one thing. It doesn’t matter how sophisticated your solution is, if you can’t protect keys to your account, you are gone. How much longer do we have to wait and how many more breaches do we need to witness to understand the importance of 'Going Passwordless'? At Zaperon, we have developed a #passwordless technology that can easily integrate with #microsoft365 products and make them secure. Reach out to us to know more. #zaperon #Gopasswordless #cybersecurity #zerotrustsecurity Vineet Madan Vineet Gupta Vinayak Godse Sanjiv Agarwal Lt. Col. Raakesh Thayyil (Retd.) Zakir Hussain Rangwala Rajiv Warrier

Educating employees around threats that can come in via email is vital for the security of your business data. Here are some email threats to watch out for: • Business email compromise (BEC): Fraudsters can impersonate trusted sources to deceive employees into sharing sensitive data.  • Account takeover (ATO): Legitimate email accounts are compromised to launch email attacks.  • Phishing and spear phishing: Sophisticated attacks leverage company profiles and social media to execute successful spear phishing attempts.  • Malware and ransomware: Emails containing malicious URLs and attachments can lead to the download of malware or ransomware Get in touch today to see how we can support your business in protecting your data. #phishing #datasecurity #businesssecurity #data #malware #ransomware