Rockstar 2FA: The New Phishing Toolkit Bypassing Microsoft 365 Security
A sophisticated phishing toolkit called Rockstar 2FA is enabling cybercriminals to bypass Microsoft 365's multi-factor authentication through adversary-in-the-middle attacks. Available for just $200, this accessible platform provides advanced features like cookie harvesting and customizable login pages that pose a significant threat to organizations.
IETF Introduces 'Do-Not-Stab' Web Standard for User Autonomy
The Internet Engineering Task Force has published RFC 35140, introducing a new HTTP header that allows users to opt out of virtual stabbings from websites. The standard addresses the growing 'Stabbings as a Service' industry while highlighting ongoing debates about user autonomy in digital spaces.
Microsoft Takes Down Global Phishing Network in Major Cybersecurity Operation
Microsoft's Digital Crimes Unit has dismantled a sophisticated Egyptian-run phishing operation that sold criminal toolkits targeting financial institutions. The takedown of over 240 websites comes as Microsoft reports a 146% increase in advanced phishing attacks, highlighting escalating efforts to combat cybercrime.
Bitdefender Releases Free Tool to Counter New ShrinkLocker Ransomware Threat
Cybersecurity firm Bitdefender has discovered ShrinkLocker, a new ransomware exploiting Windows BitLocker encryption to lock users out of their systems. In response, they've released a free decryption tool to help victims recover data without paying ransom, dealing a significant blow to cybercriminals.
Critical Flaw in Microsoft Bookings Exposes Users to Account Hijacking and Impersonation
A severe vulnerability in Microsoft Bookings allows unauthorized access and key personnel impersonation, raising cybersecurity concerns. Users are advised to implement additional security measures while Microsoft works on a fix.