Hacks

A new phishing campaign aimed to steal employees’ login credentials by impersonating Microsoft Teams’ notifications. Due to this COVID-19 pandemic situation, many companies moved to full-time remote work, attackers taking advantage of it. Fake Microsoft Teams Notifications Attackers use crafted emails that appear to be automated notifications emails coming from Microsoft Teams. Once the user click’s in the email it takes them to the fake landing that impersonates the real webpages of Microsoft Teams. The campaign was  observed  by Abnormal Security, according to researchers the “sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated with either Microsoft or the IRS.” Malicious Email Attackers used numerous URL redirection to evade malicious link detection and hide the original URL used to launch the attack. Researchers observed two such attacks that try to steal employee login credentials In one such attack,

Elliot Alderson's Tweet Claiming Issues in the Application. Well, you heard right, this is the same person who had earlier provided many issues regarding the Indian Government various applications from DigiLocker to Aadhar application, etc. Well, this time it seems the findings posted by him are not completely right rather say just a twist of some technical words so that his wast audience who is mostly non-technical and very less to no knowledge of technicality of android/application environment/ space or even what is classified as a violation of privacy. A team of Indian Security researchers  Sri Ram, Nidhish Pandya, Biprodeep Roy, Kunwar Atal & Sunny Nehra have gone into depts and length of the posted privacy issues and have explained the findings. A Quick Gist of the Blog Here is the link to a blog post published in their findings. Let me know your thoughts and comments on it.