Rewterz Threat Alert – Microsoft Office 365 Active Credential Phishing Campaign

Rewterz Threat Advisory – CVE-2020-13954 – Apache CXF Cross-site Scripting Vulnerability

November 17, 2020

Rewterz Threat Alert – A Newly discovered Jupyter Trojan

November 18, 2020

Rewterz Threat Alert – Microsoft Office 365 Active Credential Phishing Campaign

Severity

Medium

Analysis Summary

There’s an ongoing active Microsoft office 365 phishing campaign targeting users to lure them to open malicious links. This phishing campaign is targeting enterprises that uses multiple sophisticated methods for defense evasion and social engineering. The campaign uses timely lures relevant to remote work, like password updates, conferencing info, helpdesk tickets, etc.

One of the interesting techniques observed in this campaign is the use of redirector sites with a unique subdomain for each target. The subdomain follows different formats but generally always contains the recipient’s username and org domain name.

Impact

Credential theft
Exposure of sensitive data

Indicators of Compromise

Filename

Password Update
Exchange proteccion
Helpdesk-#
SharePoint
Projects_communications

Remediation

Always be suspicious about emails sent by unknown senders.
Never click on links/ attachments sent by unknown senders.

Rewterz Threat Advisory – CVE-2020-13954 – Apache CXF Cross-site Scripting Vulnerability

Rewterz Threat Alert – A Newly discovered Jupyter Trojan

Rewterz Threat Alert – Microsoft Office 365 Active Credential Phishing Campaign

Severity

Analysis Summary

Impact

Indicators of Compromise

Filename

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan