[Threatview.io] ⚡ Latest collection of #evilproxy domains on #virustotal as seen from our proactive hunter domain telemetry 👇

virustotal.com/gui/collection…

#Threatintel
#CTI
#Phishing
#DFIR
#cybersecurity

Microsoft 365 accounts of execs, managers hijacked through EvilProxy - helpnetsecurity.com/2023/08/10/evi… - Proofpoint Shachar Gritzman Tim Kromphardt Microsoft Microsoft365 #CyberSecurity #security #InfoSecurity #ITsecurity #CyberSecurity News #SecurityNews #Microsoft365 #phishing

Chase EvilProxy like a bloodhound,
1. Measure authentication properties between themselves where there's a short difference in time with datetime_diff('minute', TimeGenerated, prev(TimeGenerated, 1))

2. Look for Entra ID screaming at you with queries across these data fields /1

Published: How ‘EvilProxy’ #phishing attack is targeting top-level executives? #cybersecurity #CyberAttack #hacking

buff.ly/3YBVdrq - Technicity Magazine

🟣Tyler Cohen Wood Fawad Khan Greg Valancius Sahba Ferdowsi DO (conciergedoc) Peter Tendekayi Chingonzo Enrico Molinari #CES2024 Avrohom Gottheil Kohei Kurihara - Privacy for all together 🌍 Shane Fogle drhiot

Proofpoint researchers observed an increase in account takeovers among tenants that have MFA protection, as threat actors are increasingly employing Adversary-in-the-Middle (AitM) phishing kits (such as EvilProxy). proofpoint.com/us/blog/email-…

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives techrepublic.com/?p=4173467 via @techrepublic

James @AnFam17 Gi7w0rm proxylife Igal Lytzki🇮🇱 So this looks like it might be some #EvilProxy stuff based on behavior. This IP has had so many DGA's stood up over the last few days. all but a few are 0/88 on VT. All samples are 'F12' resistant.

virustotal.com/gui/ip-address…

EvilProxy uses indeed.com open redirect for Microsoft 365 phishing - Bill Toulas
bleepingcomputer.com/news/security/…

Cybercriminal Service ‘EvilProxy’ Seeks to Hijack Accounts. (Data Breach Today) #CyberSecurity #Cloud buff.ly/3TJj6ur

EvilProxy phishing malware is once again on the rise⚠️👿
More security info: redfox.ntrigo.com

.
#cybersecurity #nodejs #opensource #Pune #jeru #indiedev #Mentalhealth #SocEnt #Trending #Android #gamedev #HR #Phishing #malware #infosec #Ransomware
siliconangle.com/2023/08/09/ris…

“EvilProxy” Phishing Tool Puts Microsoft Outlook Users at Risk: How to Protect Your Network.

Read more eitex.co.uk/microsoft-365/…

#cyberrisks #cyberprotection #cyberattack #cyberriskmanagement #cyberessentials #microsoft

Some badness to look for in the logs.

If you’ve had users going to rambollmx[.]com - especially since 22nd October - then they’ve probably given their credentials away.

You can check sign in logs for intrusion from 40[.]119[.]40[.]147

#EvilProxy

Detect #phishing by using Any.RUN! 👨‍💻

Our service detects various phishing-as-a-service platforms such as #storm1575 , #greatness , #evilproxy , and more.

These services are responsible for some of the highest volumes of phishing attacks, which are detected by our

EvilProxy phishing campaign targets 120,000 Microsoft 365 users - Bill Toulas
bleepingcomputer.com/news/security/…

Hundreds of executives are falling for Microsoft 365 phishing attacks, according to new research published by Proofpoint. Read in IT Business Canada about the hybrid campaign using #EvilProxy to target thousands of #Microsoft 365 user accounts. bit.ly/44vLdBs

Some phishing kits, like EvilGinx, Modlishka, Muraena, & EvilProxy, use reverse proxy servers for AiTM attacks. In this case, every HTTP packet is proxied to and from the original website, making the URL the only visible difference between the phishing page & legitimate site.

EvilProxy: ataque de phishing que saltea el 2FA bit.ly/3DS1E03

Not sure what kind of pirate elixir that was, but hey, at least my friend Captain Patches is back! 😊🏴‍☠️

Thanks Trend Micro Check Point Research Cisco Talos Intelligence Group for the #Rhysida #ransomware research, Shachar Gritzman Tim Kromphardt Proofpoint for #EvilProxy research and Kav

Massive EvilProxy Phishing Attack Campaign Bypasses 2FA, Targets Top-Level Executives techrepublic.com/?p=4148875 via @techrepublic

EvilProxy phishing campaign targets 120,000 Microsoft 365 users bleepingcomputer.com/news/security/…