X-Industry

Phishing-as-a-service, or PhaaS, is a cyber threat subscription service, much like any number of other “as a service” types you may be familiar with, such as ransomware-as-a-service.  One of the noted early pioneers of this model is BulletProofLink.  This operation was taken down by Malaysian law enforcement in November of last year in collaboration with the Australian Federal Police and the FBI. 

The general ideal of phishing-as-a-service is that service providers are offering ready-to-use phis

During their test, researchers from JUMPSEC managed to trick Microsoft Teams’ security mechanism into sending malware to the organization’s inbox by making it think that an external user was internal.

JUMPSEC’s Red Team members have discovered a security vulnerability in the External Tenants feature of Microsoft Teams that allows malware to be directly delivered to an organization’s employees.  Attackers can inject malware into any system that uses Microsoft Teams’ default configurations and lev

Phishing Emails are being used with small font size to bypass security filters.  Researchers at Avanan have spotted phishing emails that are using a font size of one (1) to fool email security scanners.  The emails appear to be password expiration notifications from Microsoft 365.  The attackers have inserted benign links that are invisible to the human eye, but trick security scanners into viewing the email as a legitimate marketing email.

“In this attack, hackers utilize a number of obfuscatio

It is the time of year when that little snitch, “The Elf on the Shelf” returns to the bane of most children.  Luckily that tattletale only works for a couple of weeks a year and then is returned to a box in the attic.  There is a new “Elf” in town, who will never take a day off. Do you think there are limits to what your employer can see you do online? Some new Microsoft updates may make you think a little more about that.   It may be that you think your employer is doing evil, unspeakable, or m