New phishing attacks involving compromised Microsoft 365 accounts and encrypted restricted permission message, or RPMSG, files, are being leveraged by threat actors to facilitate the stealthy exfiltration of Microsoft credentials, according to BleepingComputer.
TrustWave researchers discovered that Talus Pay's compromised Microsoft 365 account had been used to deliver phishing emails with an encrypted message that lure targets into clicking the "Read the Message" button that would then redirect to an Office 365 webpage requesting their credentials.
Authentication would then be followed by the appearance of the phishing email that would redirect to a fraudulent SharePoint document, which would eventually result in the deployment of a malicious script with the capability to gather system data, including visitor IDs, system language, video card renderer information, connect token and hash, browser window details, device memory, installed browser plugins, OS architecture, and hardware concurrency, which are then sent to the threat actors' servers.
Organizations have been urged to implement multi-factor authentication and bolster user education efforts to avoid such a compromise.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news