CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime…
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to…
Hijacked Microsoft web domain injects spam into SharePoint servers
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all…
Cloudflare now blocks all unencrypted traffic to its API endpoints
Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. [...]
Coinbase phishing email tricks users with fake wallet migration
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with…
New Microsoft 365 outage impacts Teams, causes call failures
Microsoft is investigating a new Microsoft 365 outage that is affecting Teams customers and causing call failures. [...]
New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint
A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for…
Attackers Target Education Sector, Hijack Microsoft Accounts
A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications…
How attackers abuse S3 Bucket Namesquatting — And How to Stop Them
AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or…
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed…