What is there to worry about Microsoft Teams and Slack?

Third-Party Apps are a big threat to Microsoft and Slack Microsoft and Slack allow third-party app inclusion. This leads to security threats these platforms. Although, Microsoft Teams and Slack are the biggest communication and collaboration platforms today, the security threat is a nightmare for users. According to researchers, Slack and Microsoft Teams do not review the code of third-party apps. Sometimes it reviews those apps but very superficially. The rest

Read More »

Window 11 sends alerts when typing passwords in insecure Applications

Enhanced Phishing protection in Windows 11 Windows 11 comes with an advanced feature of enhanced protection. When users type their passwords in insecure applications this feature warns them. Typing passwords in spreadsheets, word processor, and text editor are enough for attackers to steal the passwords and get access to the important data. According to Sinclaire Hamilton Security Product Manager at Microsoft, SmartScreen recognizes applications that are connected to phishing websites

Read More »

Microsoft Exchange servers are under attack for phishing via OAuth App

Attackers get access to Microsoft Exchanges Servers and use them for phishing emails. Attackers adopt various ways of getting access to the important information of users. Attack through Oauth App is one of the attempts to hijack systems to send phishing emails to the users. According to Microsoft 365 Defender team, the attackers attack those accounts which are high risk. This means such accounts have not enabled MFA (multi-factor authentication),

Read More »

Why are cybercriminals using more Domain Shadowing?

There have been 12,197 cases reported for domain shadowing between April 2022 and June 2022. Domain Shadowing is a subdomain of DNS hijacking. In domain shadowing, the hijacker compromises the DNS of a legitimate domain to use in malicious activities but will never compromise the legitimate DNS that already exists.  The attacker uses these subdomains in malicious activities and the owner will never realize that their page has been hijacked

Read More »