Kowatek Solar LTD
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
17:54
HVR Solar signs MoU for 1.2GW TOPCon cell manufacturing plant
Largest wind farm in the United States slated to begin commercial operations
17:53
Largest wind farm in the United States slated to begin commercial operations
RETC PV Module Index highlights panel reliability concerns
14:31
RETC PV Module Index highlights panel reliability concerns
SEIA: AI is fueling a massive US energy storage boom
07:36
SEIA: AI is fueling a massive US energy storage boom
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
17:55
Intermodal Shifts and Retail Consolidation De-Carbonize Logistics Freight — Environmental Protection
France VAT compliance
17:59
France VAT compliance
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid

SharePoint Phishing Scam Targets 1600 Across US, Europe

A new phishing scam that relies on legitimate servers for Microsoft’s collaboration platform SharePoint uses native notification mechanisms to target at least 1,600 individuals in Europe, the United States, and other countries.

Kaspersky security researchers explain their findings in a new advisory released today, showing that cybercriminals have used this scam to entitle various email accounts including Yahoo!, AOL, Outlook and Office 365. He added that he stole the information.

You can read more about Microsoft 365-focused attacks here: Microsoft 365 Apps continues to be the most exploited cloud service

Kaspersky Spam Analysis Expert Roman Dedenok writes: “This is unlikely to raise suspicion […] Because it’s a real notification.

Clicking on the link takes the victim to a real SharePoint server hosting a OneNote file containing another link. This is malicious.

“The link then opens a standard phishing site that mimics the OneDrive login page and easily steals credentials for Yahoo!, AOL, Outlook, Office 365 or other email services,” said Dedenok. is writing

According to Kaspersky, this isn’t the first time attackers have used SharePoint-based phishing. However, the attack method is new as it hides the phishing link on the SharePoint server and distributes it via the platform’s notification feature.

“This is possible because, thanks to Microsoft developers, SharePoint has the ability to share files on corporate SharePoint sites with external participants who may not have direct access to the server,” explains Dedenok.

“All an attacker would have to do is gain access to someone’s SharePoint server. […] Once that’s done, they upload the file with the link and add a list of emails to share it with.SharePoint itself provides helpful notifications to the email owner. ”

To protect against this phishing campaign, Kaspersky recommends that system defenders conduct regular security awareness training for their employees.

The phishing scam the company discovered comes weeks after Menlo Security researchers shed light on threat actors using OneNote to deliver malware.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us