Security News > 2024 > November > Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
2024-11-29 10:06
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials. "This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
News URL
https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html
Related news
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)