In today’s threat landscape, cybercriminals are getting smarter, and phishing attacks are more sophisticated than ever. Attackers use tools like Evilginx to bypass traditional security measures by stealing session tokens, or they simply export cookies from browsers on a compromised device, and they can impersonate users without ever needing their passwords or MFA codes. Possibly … Read more
It’s time to secure Google Workspace—even if you’re not using it. Read about our recent discovered vulnerability, called ‘G-Door’, which allows users to bypass Microsoft 365 conditional access rules.
Recently, we encountered two distinct variants of a payload delivered through Google Drive, both containing a malicious shortcut. While these threats were successfully mitigated, it’s crucial to understand their mechanisms and implement protective measures. In this blog, we’ll dissect these threats and explore strategies for defending against them. Threat Analysis The malicious shortcuts in the … Read more
Session hijacking occurs when an attacker steals a valid session token—essentially, the key to a user’s active login session. In the case of Microsoft Teams, once a user logs in, their session token remains active and allows them to continue their work without repeatedly entering their password. While convenient, this token persistence also introduces a … Read more
Schedule a call to talk to one of our Solution Consultants, who can help guide you on your journey to choosing the right IT solution or managed service for your business.
