Sneaky 2FA: Exposing a New AiTM Phishing-as-a-Service

, , ,

TLDR: Sekoia.io identified a new phishing kit named “Sneaky 2FA,” part of a phishing-as-a-service operation targeting Microsoft 365 accounts. Discovered in December 2024, it utilizes advanced techniques, including autograb for email input and anti-bot measures. The service is marketed via a Telegram bot and relies on compromised domains. It captures session cookies post-authentication, making it a significant threat. Detection measures focus on identifying inconsistent user-agent strings indicative of phishing attempts.

https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/

Microsoft Patches Windows to Eliminate Secure Boot Bypass Threat

,

Microsoft patched a Secure Boot vulnerability (CVE-2024-7344) that allowed attackers with privileged access to bypass protections and load malicious firmware. This threat persisted for over seven months and affected various recovery software. While Microsoft removed the vulnerable digital signatures in a recent update, it remains unclear if Linux systems were also impacted. Concerns have been raised about the safety of third-party UEFI apps.

https://arstechnica.com/security/2025/01/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat/

The Current State of Ransomware: Weaponizing Disclosure Rules and More

Ransomware threats are evolving, leveraging AI for sophisticated phishing and social engineering attacks, adopting “living-off-the-land” techniques to avoid detection, and exploiting legal disclosure regulations to pressure victims. Cybercriminals also use ransomware as a geopolitical weapon, targeting critical sectors like healthcare and public administration. Attack rates and recovery costs are rising significantly, with overall cybersecurity defenses needing to adapt to these complex challenges. Proactive measures, such as vulnerability management and incident response, are essential to counter these threats.

https://securityintelligence.com/articles/the-current-state-of-ransomware-weaponizing-disclosure-rules/

The Great Google Ads Heist: Criminals Ransack Advertiser Accounts Via Fake Google Ads

,

Extreme TLDR: Criminals are phishing Google Ads accounts by creating fake Google ads leading to counterfeit login pages on Google Sites. They steal credentials to resell accounts and finance other scams, targeting ads' profitability. Major phishing operations linked to Brazilian and Asian groups have been identified, exploiting vulnerabilities in Google's ad ecosystem.

https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads

How to Defend Against Hijacking and Trojanization of Chrome Extensions

Legitimate Chrome extensions are stealing Facebook passwords via a sophisticated multi-stage attack. Cybercriminals compromised popular extensions, resulting in trojan updates that harvested user data and credentials for Meta services, allowing attackers to misuse business accounts for ad placements. Developers were tricked into authorizing malicious updates through phishing attempts disguised as Google alerts. Users with infected extensions were at risk of losing sensitive information, prompting urgent advice to uninstall compromised updates and reset passwords. This incident highlights the dangers of supply-chain attacks and the need for stronger security measures in extension management.

https://www.kaspersky.com/blog/chrome-extension-malicious-updates-and-mitigations/52871/

What’s Happening in the Cybersecurity Market?

Cybersecurity market complexity: WEF's “Global Cybersecurity Outlook 2025” reveals escalating challenges due to tech advancements, geopolitical tensions, regulatory fragmentation, supply chain risks, and workforce shortages. Key issues include supply chain vulnerabilities, geopolitical risks, AI impact, advanced cyber threats, regulatory compliance burdens, and talent gaps. Emphasizes need for resilience over traditional defense approaches and collaboration between sectors for effective cybersecurity leadership and readiness in a volatile digital landscape.

https://www.insurancebusinessmag.com/us/news/cyber/whats-happening-in-the-cybersecurity-market-520553.aspx

Microsoft January 2025 Patch Tuesday Fixes 8 Zero-days, 159 Flaws

,

Microsoft's January 2025 Patch Tuesday addresses 159 vulnerabilities, including 8 zero-days, with 3 actively exploited. Key fixes include 12 critical vulnerabilities affecting remote code execution, information disclosure, and privilege elevation. Notable vulnerabilities include flaws in Windows Hyper-V and Microsoft Access, which could lead to serious security risks. The total comprises 40 elevation of privilege vulnerabilities, 58 remote code execution vulnerabilities, and others across various categories. Other vendors like Adobe, Cisco, and Fortinet also released updates this month.

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/

4 Reasons Your SaaS Attack Surface Can No Longer Be Ignored

SaaS attack surfaces increasingly threaten organizations due to sprawl, making identity, data, and third-party risks worse. Reasons to prioritize SaaS security in 2025 include: 1) Dominance of SaaS in work leading to frequent new account creation, 2) Vulnerability of SaaS to attacks, 3) GenAI reliance on SaaS requiring governance, and 4) Legal repercussions linked to inadequate SaaS security. Discovery and management tools are essential to mitigate risks and comply with evolving regulations.

https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html

Millions of Accounts Vulnerable Due to Google’s OAuth Flaw

,

Google's OAuth Flaw Risks Millions of Accounts: A security issue allows anyone purchasing domains of defunct startups to access former employee accounts across various SaaS platforms, compromising sensitive data. Despite the risk affecting potentially over 10 million accounts, Google marks it as “won't fix” initially but later reopens the issue after a researcher’s talk. Proposed solutions include adding immutable identifiers to improve user security. Until addressed, many remain vulnerable to misuse of their accounts.

https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw

Hackers Use FastHTTP in New High-speed Microsoft 365 Password Attacks

,

Hackers are using the FastHTTP Go library to execute high-speed brute-force password attacks on Microsoft 365 accounts globally, with a 10% success rate. The campaign began on January 6, 2025, targeting Azure Active Directory. Most attacks originate from Brazil, and they involve overwhelming multi-factor authentication (MFA) attempts. Microsoft warns that these takeovers can lead to data breaches. Administrators can use a provided PowerShell script to identify affected accounts and are advised to take immediate security measures if malicious activity is detected.

https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/

5 Key Cyber Security Trends for 2025

, , , , ,

TLDR: In 2025, key cyber security trends include: 1) AI's role in cyber warfare and disinformation, 2) ransomware evolving into data exfiltration, 3) increased threats from infostealers targeting sensitive data, 4) vulnerabilities in edge devices as entry points for attacks, and 5) cloud security challenges due to misconfigurations. Organizations must adopt proactive risk management and unified security strategies to combat advanced threats.

https://blog.checkpoint.com/research/5-key-cyber-security-trends-for-2025/

Analyzing CVE-2024-44243, a macOS System Integrity Protection Bypass Through Kernel Extensions

,

CVE-2024-44243, found by Microsoft Threat Intelligence, is a serious macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) by loading unauthorized kernel extensions. This compromise could lead to the installation of rootkits and other malicious activities by enhancing the attack surface. Microsoft collaborated with Apple for a fix included in December 2024 security updates. The importance of monitoring specially entitled processes is emphasized due to their potential in bypassing security measures. The research underlines the necessity of proactive monitoring and cooperative efforts in enhancing cybersecurity across platforms.

https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/

Scroll to Top