Malicious Connectors Potentially Impact Hundreds of Millions of Microsoft 365 Users
Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector.
MFA
Malicious Connectors Potentially Impact Hundreds of Millions of Microsoft 365 Users
Most Microsoft 365 users aren’t aware of this recently growing serious email threat vector.
Hackers Use Social Engineering to Target Expert on Russian Operations
Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.
AWS launches new cloud security features
Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to …
Fake MFA Reset Warning Message
A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish).
Smart Cars, Dumb Passwords: Auto Industry Still Runs on Weak Passwords
A new study by NordPass and NordStellar reveals the automotive industry is plagued by weak, reused, and common…
You Are Still Vulnerable to Password Attacks When Using Passkeys
Just because you’re using a passkey doesn’t mean your password is gone.
A Sneaky T-Mobile Scam and Lessons That Were Learned
A friend of mine got a call on his phone and he regrettably picked it up. The number was 267-332-3644. The area code is from Bucks County, PA, where he used to live many years ago.
What Is Device Code Phishing?
Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using “device code phishing,” many people have been wondering what it is.
This post will tell you what device code phishing …
New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins
SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…