Microsoft Lists is an evolution of SharePoint Lists.
Please go thru the below blog post for creating Lists.
Create Microsoft Lists
Thursday, May 21, 2020
Microsoft Lists
Please go thru the below blog post for creating Lists.
Create Microsoft Lists
Clever Phishing throws challenge to Microsoft nabbing Office 365 Credentials bypassing MFA
While Companies are moving fast steps ahead to provide Security to users/clients, the hackers are also following the same, throwing challenges.
"Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a malicious application" said researcher Elmer Hernandez.
The Researchers also warn that the app will allow attackers to access and modify the contents of the victim's account, but also retain that access indefinitely.
The potential victims receives Invitation email pointing to a file hosted on Microsoft SharePoint Online or OneDrive and MS Teams SharePoint site (a web-based collaborative content management platforms which are part of Microsoft/Office 365).
The attackers lure the victims with attractive filenames. For Ex. COVID 19 Quarterly Incentive or Annual Extra Allowance.
With this well-crafted phish, hackers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a malicious SharePoint application.
Remediation
"Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a malicious application" said researcher Elmer Hernandez.
The Researchers also warn that the app will allow attackers to access and modify the contents of the victim's account, but also retain that access indefinitely.
The potential victims receives Invitation email pointing to a file hosted on Microsoft SharePoint Online or OneDrive and MS Teams SharePoint site (a web-based collaborative content management platforms which are part of Microsoft/Office 365).
The attackers lure the victims with attractive filenames. For Ex. COVID 19 Quarterly Incentive or Annual Extra Allowance.
With this well-crafted phish, hackers are trying to bypass the multi-factor authentication (MFA) protection on users’ Office 365 accounts by tricking them into granting permissions to a malicious SharePoint application.
Remediation
The researchers noted that the OAuth2 phish is a relevant example of adversary adaptation. Not only is there no need to compromise credentials, but touted security measures such as MFA are also bypassed; it is users themselves who unwittingly approve malicious access to their data.
“If users fail to act, it will be up to domain administrators to spot and deal with any suspicious applications their users might have misguidedly approved.”
Once the malicious app’s access is revoked, victims must change their O365 account password and check whether the attackers have switched off MFA protection or modified some of its settings/options.
Elmer Hernandez, member of Cofense Phishing Defense Center, told Help Net Security that this although this is not the only instance the company has seen of this particular tactic, this is not a widespread campaign.
“This is due to the fact that common everyday phishing methods still prove very effective. This phish arguably targets above-average users who follow basic security advice such as checking the main domain name in the URL, a certain minority,” he noted.
“If users fail to act, it will be up to domain administrators to spot and deal with any suspicious applications their users might have misguidedly approved.”
Once the malicious app’s access is revoked, victims must change their O365 account password and check whether the attackers have switched off MFA protection or modified some of its settings/options.
Elmer Hernandez, member of Cofense Phishing Defense Center, told Help Net Security that this although this is not the only instance the company has seen of this particular tactic, this is not a widespread campaign.
“This is due to the fact that common everyday phishing methods still prove very effective. This phish arguably targets above-average users who follow basic security advice such as checking the main domain name in the URL, a certain minority,” he noted.
SMiShing Scam alert: Text messages and emails offering free groceries from stores amid coronavirus pandemic is fake
Stating Target store: the text reads that you are qualified for $175 worth of free groceries and comes with a link to redeem the offer. (Received thru Mobile)
Stating Costco store: the text reads that Costco is giving away free grocery worth $125 to everyone this week to support the nation during Corona Pandemic. (Received thru WhatsApp groups)
Few messages were also circulated in different groups of WhatsApp.
“Don’t click on or respond to online ads or websites offering free gift cards or vouchers. These are scams.”
However, the link can install an undetected virus, malware, spyware or ransomware on your device — enabling hackers to obtain personal information, such as passwords to mobile banking and email, as well as credit card information or any other confidential data.
Last December, Kroger was also the victim of a giveaway hoax on social media. A Facebook post from an account disguising itself as the grocery chain under the name “Kroger.com," instead of Kroger's real Facebook page name "Kroger," offered an entire year of free groceries to “four lucky families” who shared and commented on the post.
For more details about SMiShing.
Friday, May 15, 2020
Millions of computers at risk with this new security flaw
On my new laptop, while doing security updates, identified it has the Thunderbolt port.
"If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep," Björn Ruytenberg, a researcher at Eindhoven University of Technology in the Netherlands, who found the vulnerability, calling the attack "Thunderspy".
A recent report from a Dutch security researcher also details a hacking mechanism that targets a common feature on millions of computers: the Thunderbolt port.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. The attack also does not require any engagement on the part of the computer's user, unlike other types of attacks such as phishing.
Unfortunately, the Thunderspy vulnerabilities can't be fixed in software. This will require a silicon redesign down the road, or else it will also hurt the forthcoming Thunderbolt 4 technology.
To protect yourself from the attack, you should first consider running Ruytenberg's Spycheck software, which is free and open source, to verify whether or not your system is vulnerable to a Thunderspy attack. If your system is at risk, Spycheck will guide you through some recommendations to protect yourself.
Beyond that, Ruytenberg recommends the following:
"If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep," Björn Ruytenberg, a researcher at Eindhoven University of Technology in the Netherlands, who found the vulnerability, calling the attack "Thunderspy".
A recent report from a Dutch security researcher also details a hacking mechanism that targets a common feature on millions of computers: the Thunderbolt port.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. The attack also does not require any engagement on the part of the computer's user, unlike other types of attacks such as phishing.
Unfortunately, the Thunderspy vulnerabilities can't be fixed in software. This will require a silicon redesign down the road, or else it will also hurt the forthcoming Thunderbolt 4 technology.
To protect yourself from the attack, you should first consider running Ruytenberg's Spycheck software, which is free and open source, to verify whether or not your system is vulnerable to a Thunderspy attack. If your system is at risk, Spycheck will guide you through some recommendations to protect yourself.
Beyond that, Ruytenberg recommends the following:
- Connect only your own Thunderbolt peripherals. Never lend them to anybody.
- Avoid leaving your system unattended while powered on, even when the screen is locked.
- Avoid leaving your Thunderbolt peripherals unattended.
- Ensure appropriate physical security when storing your system and any Thunderbolt devices, including Thunderbolt-powered displays.
- Consider using hibernation (Suspend-to-Disk) or powering off the system completely. Specifically, avoid using sleep mode (Suspend-to-RAM).
Just remember: This renders all Thunderbolt ports inoperable, including USB and DisplayPort connectivity. However, USB-C charging will most likely remain functioning.
Thursday, May 14, 2020
Cryptojacking & Guidelines while Working from Home.
Due to COVID 19 situation all over the world, IT professionals started working from home. Cyber Security must be the most important. While working remotely can provide more flexibility and spare people a long commute, it could also come with a notable risk leaving professionals more vulnerable to cyberattacks without the added security of an home/office network.
Cryptojacking has become an increasingly popular way for bad guys to extract money from targets in the form of cryptocurrency.
Cryptojacking is the unauthorized use of a computer, tablet, mobile phone, or connected home device by cybercriminals to mine for cryptocurrency. It is a form of cyber attack in which a hacker hijacks a target's processing power to mine cryptocurrency on the hacker's behalf.
Cryptojackers have more than one way to enslave your computer. One method works like classic malware. You click on a malicious link in an email and it loads cryptomining code directly onto your computer. Once your computer is infected, the cryptojacker starts working around the clock to mine cryptocurrency while staying hidden in the background. Because it resides on your PC, it’s local and persistent threat that has infected the computer itself.
Symptoms of cryptojacking
High processor usage on your device
Sluggish or unusually slow response times
Overheating of your device
Whether you’ve been cryptojacked locally on your system, or through the browser, it can be difficult to manually detect the intrusion after the fact. Likewise, finding the origin of the high CPU usage can be difficult. Processes might be hiding themselves or masking as something legitimate in order to hinder you from stopping the abuse. As a bonus to the cryptojackers, when your computer is running at maximum capacity, it will run ultra slow, and therefore be harder to troubleshoot. As with all other malware precautions, it’s much better to install security before you become a victim.
Turn off your work laptop
Most people aren't in the habit of shutting down their devices at the end of the workday. But it's a simple way to make yourself more secure. Shutting down and powering back up your work laptop can prevent viruses or malware from properly embedding themselves in your devices. Some types of malware that reside on a device's memory and gets erased when it's shut down. It's also as simple as temporarily closing an "open line" for new attacks.
Most people leave it on for days, weeks, or whatever, and they only turn it off when something slows down. They just need to reset, to get in the habit of turning it off so it doesn't become a gateway of malware directly into your company.
It is also recommended to do the same with your smartphone at the end of each workday. They're the greatest risk because we put so much information into our phone.
Cryptojacking has become an increasingly popular way for bad guys to extract money from targets in the form of cryptocurrency.
Cryptojacking is the unauthorized use of a computer, tablet, mobile phone, or connected home device by cybercriminals to mine for cryptocurrency. It is a form of cyber attack in which a hacker hijacks a target's processing power to mine cryptocurrency on the hacker's behalf.
Cryptojackers have more than one way to enslave your computer. One method works like classic malware. You click on a malicious link in an email and it loads cryptomining code directly onto your computer. Once your computer is infected, the cryptojacker starts working around the clock to mine cryptocurrency while staying hidden in the background. Because it resides on your PC, it’s local and persistent threat that has infected the computer itself.
Symptoms of cryptojacking
High processor usage on your device
Sluggish or unusually slow response times
Overheating of your device
Whether you’ve been cryptojacked locally on your system, or through the browser, it can be difficult to manually detect the intrusion after the fact. Likewise, finding the origin of the high CPU usage can be difficult. Processes might be hiding themselves or masking as something legitimate in order to hinder you from stopping the abuse. As a bonus to the cryptojackers, when your computer is running at maximum capacity, it will run ultra slow, and therefore be harder to troubleshoot. As with all other malware precautions, it’s much better to install security before you become a victim.
Turn off your work laptop
Most people aren't in the habit of shutting down their devices at the end of the workday. But it's a simple way to make yourself more secure. Shutting down and powering back up your work laptop can prevent viruses or malware from properly embedding themselves in your devices. Some types of malware that reside on a device's memory and gets erased when it's shut down. It's also as simple as temporarily closing an "open line" for new attacks.
Most people leave it on for days, weeks, or whatever, and they only turn it off when something slows down. They just need to reset, to get in the habit of turning it off so it doesn't become a gateway of malware directly into your company.
It is also recommended to do the same with your smartphone at the end of each workday. They're the greatest risk because we put so much information into our phone.
Subscribe to:
Posts (Atom)