本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
THREAT INTELLIGENCE/HUNTING
Phill Moore, Zach Stanford and Ross Brittain at CyberCX
Bill Stearns at Active Countermeasures
Adam Goss
PhishLabs
Phishing-as-a-Service Profile: LabHost Threat Actor Group Posted on February 15, 2024 Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access to an array of...
Anton Chuvakin
Ilay Goldman at Aqua
AttackIQ
Christine Barry at Barracuda
Topics: Feb. 13, 2024 | Christine Barry Tweet Share Share Tweet Share Share The ransomware ecosystem is always changing. The tools of the trade are under constant development, the ransomware operators move from one group to another, and ransomware groups will go dark and rebrand in response to law enforcement, sanctions, or internal politics. Today, we are looking at Royal ransomware, which may be best known as the group that attacked the city of Dallas in May 2023. Who and what is Royal ransomw...
Bitdefender
Vlad CONSTANTINESCU February 15, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Cybersecurity experts noticed a new illicit revenue-generating activity among North Korean hackers: building malware-laced gambling websites and selling them to other cybercriminals.Gambling Websites Turned Into MaaSIn other words, the activity could be perceived as a specific branch of malware-as-a-service (MaaS) that grants access to a fully fledged rogue website instead of a sing...
Martin Zugec February 15, 2024 This month’s Bitdefender Threat Debrief introduces an exciting new wrinkle: the Honeypots Report. A honeypot is a system or network intentionally designed to attack and detect malicious activity. Think of them as decoy systems crafted to attack and analyze cyber threats. In our report, we focus solely on destination countries, not source countries. While we have access to this data, its relevance is limited, given that the majority of attacks are linked to virtual ...
Tyler Cubarney at Blumira
Brad Duncan at Malware Traffic Analysis
2024-02-14 (WEDNESDAY): DANABOT INFECTION FROM ITALIAN LANGUAGE MALSPAM NOTES: Zip files are password-protected. Of note, this site has a new password scheme. For the password, see the "about" page of this website. REFERENCES: //www.linkedin.com/posts/unit42_danabot-malspam-unit42threatintel-activity-7163648622029422592-wDSx //twitter.com/Unit42_Intel/status/1757882997829730662 ASSOCIATED FILES: 2024-02-14-IOCs-from-Danabot-infection.txt.zip 1.5 kB (1,512 bytes) 2024-02-14-Danabot-infection-traf...
CERT-AGID
Il gruppo TA544 cambia ancora strategia sfruttando il malware Danabot 15/02/2024 Agenzia Entrate danabot TA544 Email utilizzata per la campagna Danabot Circa tre mesi dopo l’ultima ondata del mese di novembre 2023, ci troviamo ancora di fronte ad una nuova campagna massiva, rivolta contro gli utenti italiani, che fa leva sul tema “Agenzia delle Entrate” per diffondere malware. Questa nuova minaccia, identificata come opera del gruppo criminale denominato TA544 specializzato in attacchi mirati tr...
Sintesi riepilogativa delle campagne malevole nella settimana del 10 – 16 Febbraio 2024 16/02/2024 riepilogo In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 35 campagne malevole, di cui 34 con obiettivi italiani ed una generica che ha comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 276 indicatori di compromissione (IOC) individuati. Riportiamo in seguito il dettaglio delle tipologi...
Chainalysis
February 15, 2024 | by Chainalysis Team Share The Chainalysis 2024 Crypto Crime Report Coming soon Reserve your copy The goal of money laundering is to obscure the criminal origins of funds so that they can be accessed and spent. In the context of cryptocurrency-based crime, that generally means moving funds to services where they can be converted into cash, while often taking extra steps to conceal where the funds came from. Our on-chain analysis of crypto money laundering therefore focuses on ...
Check Point
CISA
Release DateFebruary 15, 2024 Alert CodeAA24-046A Related topics: Cyber Threats and Advisories, Incident Detection, Response, and Prevention, Malware, Phishing, and Ransomware Actions to take today to mitigate malicious cyber activity: Continuously remove and disable accounts and groups from the enterprise that are no longer needed, especially privileged accounts. Enable and enforce multifactor authentication with strong passwords. Store credentials in a secure manner, such as with a credential ...
Cybereason
Written By Cybereason Security Services Team This Threat Analysis Report will delve into compromised YouTube accounts being used as a vector for the spread of malware. It will outline how this attack vector is exploited for low-burn, low-cost campaigns, highlighting strategies used by threat actors and how defenders can detect and prevent these attacks. KEY POINTS Exploited YouTube Accounts: Cybereason has observed threat actors exploiting older YouTube accounts to host links to malware (includi...
Cyfirma
Published On : 2024-02-15 Share : Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: Ransomware. Target Technologies: MS Windows Introduction CYFIRMA Research and Advisory Team has found Albabat ransomware in the wild while monitoring various underground forums as part of our Th...
EclecticIQ
EclecticIQ analysts observed that cybercriminals increased the delivery of the DarkGate loader following the FBI's takedown of Qakbot infrastructure in August 2023. We assess with high confidence that financially motivated threat actors and Ransomware-as-a-Service (RaaS) organizations primarily use DarkGate and target financial institutions in Europe and the USA. Arda Büyükkaya – February 12, 2024 Executive Summary EclecticIQ analysts observed that cybercriminals increased the delivery of the Da...
EclecticIQ analysts looked at recent Ivanti vulnerabilities and the infrastructure tied to the earliest reporting. They provide a description of new, previously unreported infrastructure that may be tied to similar exploit attempts. Aleksander W. Jarosz – February 15, 2024 Threat actors of advanced capability seek to compromise network edge devices such as Ivanti systems to establish advanced footholds, from which to perform targeted reconnaissance identifying organizations with data of high val...
Eclypsium
Flare
Flashpoint
SHARE THIS: Flashpoint February 16, 2024 “A January 2024 court-authorized operation has neutralized a network of hundreds of small office/home office (SOHO) routers that GRU Military Unit 26165, also known as APT 28, Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit, used to conceal and otherwise enable a variety of crimes. These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such ...
GuidePoint Security
Hornet Security
Oops! Wir konnten dein Formular nicht lokalisieren.
HP Wolf Security
Huntress
RATs! Remote Management Software from the Hackerâs PerspectiveByMatt KielyDownload YourFirst nameLast NameEmailTitleStay up to date with HuntressPrivacy PolicyThank you! Your submission has been received!Oops! Something went wrong while submitting the form.HomeBlogRATs! Remote Management Software from the Hackerâs PerspectiveFebruary 6, 2024RATs! Remote Management Software from the Hackerâs PerspectiveByMatt KielyShareIf you missed Tradecraft Tuesday on January 9, you missed out on a bange...
Threat Intel Accelerates Detection & ResponseByHarlan Carvey Download YourFirst nameLast NameEmailTitleStay up to date with HuntressPrivacy PolicyThank you! Your submission has been received!Oops! Something went wrong while submitting the form.HomeBlogThreat Intel Accelerates Detection & ResponseFebruary 14, 2024Threat Intel Accelerates Detection & ResponseByHarlan Carvey ShareIdentifying the ExploitIn November 2023, the Huntress team identified novel indicators of an attack where the threat act...
whoisDJ at InfoSec Write-ups
Intel471
Feb 13, 2024 Discord, which launched in 2015, quickly became one of the most popular online services due to its focus on serving the communication needs of gamers. Discord experienced a surge during the global pandemic and extended its reach far beyond just the gaming community, now drawing more than 150 million active users each month. Key features that contribute to its popularity include servers — chat rooms akin to the Slack workspace tool — that foster casual conversations about gaming, mus...
KELA Cyber Threat Intelligence
Read more Use Cases Cybercrime Threat Intelligence Fraud Detection Law Enforcement Vulnerability Intelligence Third-Party Intelligence Brand Protection Attack Surface Visibility Platform AiFort IDENTITY GUARD INVESTIGATE MONITOR TECHNICAL INTELLIGENCE THREAT ACTORS THREAT LANDSCAPE KELA Partner Program KELA Partners Partner Program Resources Cyber Intelligence Center Updates KELA Datasheets Cyber Intelligence Webinars KELA Blog Future of Cybercrime Podcast KELA Success Stories Press About Leader...
Kim Zetter at ‘Zero Day’
Malware discovered in 2017 was long classified as a crypto miner. But researchers at Kaspersky Lab say it's actually part of a sophisticated spy platform that has infected more than a million victims. Kim Zetter Oct 25, 2023 • 8 min read When researchers at Kaspersky Lab first discovered the StripedFly malware on customer systems in August 2017, they weren’t impressed. They believed it was a crypto miner crafted by cybercriminals, and not a very successful one at that. It made just $10 in 2017 m...
Thousands of IT workers allegedly working on behalf of North Korea managed to trick U.S. companies into hiring them as remote developers — then used the money to help finance North Korean weapons. Kim Zetter Oct 19, 2023 • 5 min read The web site for a California-based company called Eden Programming Solutions — a developer of mobile apps and web sites — lists workers supposedly available for remote coding work. The FBI, however, says the company was a front operation and that coders hired throu...
Bert-Jan Pals at KQL Query
Bert-Jan Pals included in KQL Azure Data Explorer PowerShell Incident Response 2024-02-14 928 words 5 minutes DFIR PowerShell V2The DFIR PowerShell script has gotten a major update! The script provides you with a single script to collect forensic artefacts on Windows devices. Whether you are responding to incidents with Security E5 licenses or without a security budget, this tool can be executed to collect the needed information to perform the first response.This blog will discuss the following ...
Malachi Walker at DomainTools
Malwarebytes
Posted: February 12, 2024 by Threat Intelligence Team This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In January, we recorded a total of 261 ransomware victims, the lowest number of attack...
Posted: February 13, 2024 by Malwarebytes Labs Remote Monitoring & Management (RMM) software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to infiltrate company networks and pilfer sensitive data. The modus operandi of these threat actors involves deceiving employees through sophisticated scams an...
Posted: February 14, 2024 by Mark Stockley In 2023, the CL0P ransomware gang broke the scalability barrier and shook the security world with a series of short, automated campaigns, hitting hundreds of unsuspecting targets simultaneously with attacks based on zero-day exploits. The gang’s novel approach challenged a bottleneck that makes it hard to scale ransomware attacks, and other gangs may try to replicate its approach in 2024. Big game ransomware attacks are devastating but relatively rare c...
Posted: February 15, 2024 by Malwarebytes Labs For many households, energy costs represent a significant part of their overall budget. And when customers want to discuss their bills or look for ways to save money, scammers are just a phone call away. Enter the utility scam, where crooks pretend to be your utility company so they can threaten and extort as much money from you as they can. This scam has been going on for years and usually starts with an unexpected phone call and, in some cases, a ...
MalwareTech
Marcus Hutchins Previously, I wrote an article detailing how system calls can be utilized to bypass user mode EDR hooks. Now, I want to introduce an alternative technique, âEDR-Preloadingâ, which involves running malicious code before the EDRâs DLL is loaded into the process, enabling us to prevent it from running at all. By neutralizing the EDR module, we can freely call functions normally without having to worry about user mode hooks, therefore do not need to rely on direct or indirect s...
MatheuZ
Learn about persistence in Linux and how to hunt14 min · 0xMatheuZHello everyone, welcome to this post, where I will cover the topic “Linux Threat Hunting Persistence”.The objective of this post is to learn how to hunt for persistence on Linux machines, without using paid tools/framework, just using the tools that are already available (open source) for anyone to download and use and also using Linux’s own resources to be able to do hunt for persistence.Below is what we will cover in this post.S...
MDSec
Home < Knowledge Centre < Insights < Active Directory Enumeration for Red Teams The Directory Service is the heart and soul of many organisations, and whether its Active Directory, OpenLDAP or something more exotic, as a source of much knowledge it often acts as a conduit for internal reconnaissance and other attacks during red team operations. With this in mind, it is common to see blue teams invest heavily in securing and monitoring access to the directory, whether this is through honey tokens...
Microsoft Security
Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:United States English Microsoft Homepage
Jon Baker and Denise Davenport at MITRE-Engenuity
Monty Security
Nasreddine Bencherchali
Northwave Cyber Security
Skip to content arrow-alt-circle-up icon Cyber Incident Call arrow-alt-circle-up icon 00800 1744 0000 arrow-alt-circle-up icon Services Incident Response Intelligent Security Operations Business Managed Security & Privacy office State of Security Assessment Data Protection Impact Assessment Security Roadmap Audit & Control ISO 27001 FastTrack Bytes Managed Detection & Response Rapid Response Red Teaming Pentest Vulnerability Management Behaviour Managed Cyber Awareness & Behaviour Cyber Resilien...
NSB Cyber
0 Skip to Content Specialist Services Cyber Resilience Cyber Response & Recovery Cyber Regulatory & Dispute Advisory Managed Services Cyber Defence About Origins Team Hub Signals Press Library Partners Contact Report Cyber Attack Open Menu Close Menu Specialist Services Cyber Resilience Cyber Response & Recovery Cyber Regulatory & Dispute Advisory Managed Services Cyber Defence About Origins Team Hub Signals Press Library Partners Contact Report Cyber Attack Open Menu Close Menu Folder: Speciali...
Patrick Garrity at VulnCheck
Patrick Garrityin/patrickmgarrity/Taking a data-driven approach to visualizing the profile of threat actors can provide meaningful information without the time-consuming process of sifting through lengthy reports of information.Let’s explore how we can accomplish this through the exercise in exploring a threat actor with a simple question… What do Cozy Bear, APT29, Midnight Blizzard, Zimbra, Exchange, TeamCity, CVE-2023-42793, CVE-2021-1879, China, United States, TI053-005 and TI548-002 all have...
Prodaft
By PRODAFT Team on February 13, 2024 Back Understanding The Cyber Kill Chain: Staying Ahead of Cyber Threats Share Back to main blog Share Due to increased cyber risks, organizations must comprehend and counter various attack techniques in the modern digital era. Cybercriminals use advanced strategies to break into systems, steal confidential information, and interfere with business operations. Understanding The Cyber Kill Chain helps recognize the stages of a cyberattack, which is necessary to ...
Proofpoint
Bumblebee Buzzes Back in Black Share with your network! February 13, 2024 Axel F, Selena Larson and the Proofpoint Threat Research Team What happened Proofpoint researchers identified the return of Bumblebee malware to the cybercriminal threat landscape on 8 February 2024 after a four-month absence from Proofpoint threat data. Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023...
Saeed Abbasi at Qualys
Rapid7
Feb 15, 2024 7 min read Rapid7 Last updated at Thu, 15 Feb 2024 19:38:59 GMT Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog.Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions. Rapid7 identified evidence of exploitation for CVE-2023-22527 within available Confluence l...
Recorded Future
Navigating 2024's Geopolitical Fault LinesPosted: 17th February 2024By: Insikt Group® New research from Recorded Future’s Insikt Group assesses the likelihood of four major conflict escalation scenarios that have the potential to materialize across the globe, detailing diplomatic, informational, military, and economic (DIME) signposts and indicators of those scenarios transpiring, and analyzes other global conflict flashpoints. It is unlikely that the Russia-Ukraine conflict will escalate into a...
Posted: 16th February 2024By: Insikt Group® Recorded Future’s Insikt Group has identified TAG-70, a threat actor likely operating on behalf of Belarus and Russia, conducting cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. In its latest campaign, which ran between October and December 2023, TAG-70 exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers in its targeting o...
Red Alert
Executive Summary NSHCの脅威解析研究所(Threat Research Lab)は、2023年の上半期にランサムウェア(Ransomware)を使ったハッキンググループのハッキング活動情報を分析した。ランサムウェアを使ったハッキング活動は、最近まで継続的に発生している攻撃タイプであり、金銭を目的としたランサムウェアの配布による影響は非常に大きいと確認されている。つまり、最近のランサムウェアを利用したハッキンググループの攻撃方法や攻撃ツールに関する情報に基づき、予防や対応体制を準備する必要がある。このレポートでは、ランサムウェアを利用したハッキンググループが利用した攻撃方法や攻撃ツール、インフラに関した情報を述べている。 ンサムウェアを利用したハッキンググループの活動 2023年1月1日から6月30日まで、NSHCの脅威分析研究所(Threat Research Lab)で収集及び分析したデータと情報に基づいて分析されたランサムウェアに関係あるハッキング活動は、2023年の上半期に141件のランサムウェア関係のハッキングイベントが確認された。 [図 1:2023年の...
ReliaQuest
Resecurity
Cyber Threat Intelligence 12 Feb 2024 Dark Web, data leak, data breach, election security, voters Intro According to Time Magazine, “2024 is not just an election year. It’s perhaps the election year.” With “more voters than ever in history” heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time Magazine notes that ...
Rootdevsec
SANS Internet Storm Center
Exploit against Unnamed “Bytevalue” router vulnerability included in Mirai Bot, (Mon, Feb 12th)
[Guest Diary] Learning by doing: Iterative adventures in troubleshooting, (Thu, Feb 15th)
SentinelOne
Dakota Cary / February 12, 2024 Executive Summary China launched an offensive media strategy to push narratives around US hacking operations following a joint statement by the US, UK, and EU in July 2021 about China’s irresponsible behavior in cyberspace. Some PRC cybersecurity companies now coordinate report publication with government agencies and state media to amplify their impact. Allegations of US hacking operations by China lack crucial technical analysis to validate their claims. Until 2...
February 14, 2024 by Jim Walter PDF One of the key drivers behind the explosion in ransomware attacks over the last five years and more has been the development and proliferation of the ransomware-as-a-service model, a means of providing cybercriminals with easy to use, low cost tools with which to undertake and manage ransomware campaigns. Developers benefit from a steady stream of income from subscription sales while avoiding directly engaging in criminal acts. The recently observed Kryptina R...
Alex Delamotte / February 15, 2024 Executive Summary SNS Sender is a script that enables bulk SMS spamming using AWS SNS, aka Smishing, a previously unseen technique in the context of cloud attack tools. The script author is currently known by the alias ARDUINO_DAS and is prolific in the phish kit scene. The script requires valid AWS SNS credentials compromised from an environment not subject to the SNS sandbox restrictions. We identified links between this actor and numerous phishing kits used ...
Simone Kraus
SOCRadar
How Does ScarCruft / APT37 Attack? Malware Used by ScarCruft / APT37 Vulnerabilities Exploited by ScarCruft / APT37 What Are the Countries/Industries Targeted by ScarCruft / APT37? Campaigns Related to ScarCruft / APT37 Conclusion Recommendations: Guarding Against ScarCruft MITRE ATT&CK TTPs of ScarCruft / APT37 Indicators of Compromise (IoCs) Related to ScarCruft / APT37 HomeResources BlogFeb 16, 202416 Mins ReadThreat Actor Profile: ScarCruft / APT37ScarCruft, also widely known as APT37 or Rea...
Who is 3AM Ransomware Modus Operandi Attack Scheme in Failed LockBit Deployment Targets and Impact Alleged Ties and What to Come? Conclusion Possible MITRE ATT&CK Framework TTPs HomeResources BlogFeb 13, 202410 Mins ReadDark Web Profile: 3AM RansomwareIn late 2023, a new and distinct ransomware group named 3AM Ransomware emerged. It came to the forefront as a fallback for other ransomware, notably during failed deployments of the infamous LockBit ransomware and later their interesting choice in ...
Jonas Bülow Knudsen at SpecterOps
Splunk
Add to Chrome? - Part 1: An Analysis of Chrome Browser Extension Security By Shannon Davis Share on X Share on Facebook Share on LinkedIn Welcome to the wonderful world of browser extensions! These tools promise efficiency, entertainment, and customization at your fingertips. But could those promises come with any hidden danger? In this blog series, we provide an overview of SURGe research that analyzed the entire corpus of public browser extensions available on the Google Chrome Web Store. Our ...
By Mauricio Velazco Share on X Share on Facebook Share on LinkedIn This blog is an independent publication and is neither affiliated with, nor authorized, sponsored, or approved by, Microsoft Corporation. On January 19, Microsoft issued an advisory disclosing a cybersecurity incident targeting their M365 tenants and attributing the attack to Midnight Blizzard, a state-sponsored actor also known as Nobelium and APT29. Following this, on January 24, the Microsoft team expanded on the initial annou...
Steven Lim
Symantec Enterprise
Emergent ransomware operation has strong links with shuttered NetWalker.Alpha, a new ransomware that first appeared in February 2023 and stepped up its operations in recent weeks, has strong similarities to the long-defunct NetWalker ransomware, which disappeared in January 2021 following an international law enforcement operation. The NetWalker ConnectionAnalysis of Alpha reveals significant similarities with the old NetWalker ransomware. Both threats use a similar PowerShell-based loader to de...
David Merian at System Weakness
Thomas Joos at 4sysops
Home Blog Analyzing Windows Event Logs with Security Onion4sysops - The online community for SysAdmins and DevOps Thomas Joos Tue, Feb 13 2024Tue, Feb 13 2024 monitoring, security 0 Security Onion is an open-source platform for threat hunting, security monitoring, and log management. It aggregates free tools such as Kibana, Elastic Fleet, InfluxDB, CyberChef, and Suricata. The solution provides access to these tools via a web console. I'll demonstrate how it can be used for analyzing Windows log...
Trellix
Peter Girnus, Aliakbar Zahravi, Simon Zuckerbraun at Trend Micro
CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative. By: Peter Girnus, Aliakbar Zahravi, Simon Zuckerbraun February 13, 2024 Read time: ( words) Save to Folio Subscribe ...
Ankur Saini, Callum Roxan, Charlie Gardner, and Damien Cash at Volexity
February 13, 2024 by Ankur Saini, Callum Roxan, Charlie Gardner, Damien Cash Facebook Twitter Email Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observes, is the Iranian-origin threat actor CharmingCypress (aka Charming Kitten, APT42, TA453). Volexity assesses that CharmingCypress is tasked with collecting political intelligence against foreign targ...
Jamie Tolles at ZeroFox
Wesley Neelen at Zolder B.V.
The beginning of January we released a new way to detect AiTM attacks on your Microsoft 365 environment. In just one month, we are protecting over 100 tenants with this new approach. We were able to protect so many tenants in a short time due to our existing customers of the Attic app. Also, our previous blog resulted in many sign-ups to didsomeoneclone.me. This blog describes the lessons learned until now. More phishing attempts then expected Our system detects more AiTM phishing sites then I e...
