This week’s recap emphasizes the growing sophistication of cyber attackers who utilize fake codes and deceptive emails to access sensitive information. A notable incident involves Russian threat actors utilizing device code phishing to compromise Microsoft accounts, leveraging phishing emails disguised as Teams invitations to prompt user authentication with a malicious code. Additionally, the whoAMI attack exploits an AWS naming confusion, leading to code execution vulnerabilities affecting numerous organizations. Furthermore, RansomHub is identified as a prominent ransomware threat impacting over 600 global organizations, indicating a broad attack strategy across multiple sectors.
The method involves sending phishing emails disguised as Microsoft Teams invitations, prompting users to authenticate with a malicious device code, enabling attackers to hijack their sessions.
The whoAMI attack exploits a naming confusion within Amazon Machine Images, allowing improperly named AMIs to execute code in a vulnerable AWS account.
Collection
[
|
...
]