LMG Security<p>Your UPS might be a silent security risk.</p><p>Watch our new video to see how a standard uninterruptible power supply (UPS) became the gateway to hacking a real bank.</p><p>We walk you through:</p><p>▪ How UPS devices connect to networks—and why that matters<br>▪ The danger of default credentials on embedded systems<br>▪ How spoofed email servers let attackers steal domain credentials<br>▪ The exact steps that led to full network compromise</p><p>Watch now! <a href="https://youtu.be/Ru5RR9COqYw" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/Ru5RR9COqYw</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/BankHack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BankHack</span></a> <a href="https://infosec.exchange/tags/UPSAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UPSAttack</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeam</span></a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialTheft</span></a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/Incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Incidentresponse</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a></p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
246active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#credentialtheft
0 posts · 0 participants · 0 posts today
LMG Security<p>Microsoft 365 credential theft is evolving quickly!</p><p>Attackers are no longer just stealing your login—they’re using your own AI tools like Microsoft Copilot to accelerate fraud from inside your environment.</p><p>Our 4-minute video breaks down how threat actors are targeting Microsoft 365 accounts and weaponizing Copilot, Teams, SharePoint, and more to perform rapid reconnaissance, commit fraud, and exploit centralized trust systems.</p><p>Watch now to learn:</p><p>▪ How Copilot can be used against you<br>▪ Real phishing tactics mimicking Microsoft 365, Adobe & DocuSign<br>▪ Why SSO, OAuth, and poor access controls can make attacks worse<br>▪ What your organization must do to stay ahead</p><p>Watch the video! <a href="https://youtu.be/zaBwxy1Gjhc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/zaBwxy1Gjhc</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialTheft</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/CoPilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CoPilot</span></a> <a href="https://infosec.exchange/tags/ZeroTr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTr</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CEO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CEO</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/CIO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIO</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/M365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>M365</span></a> <a href="https://infosec.exchange/tags/Riskmanageemnt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Riskmanageemnt</span></a></p>
LMG Security<p>Microsoft 365 credential theft is evolving—and AI tools like Microsoft Co-Pilot are becoming attackers' latest weapons!</p><p>Watch our new, 4-minute video, to learn how attackers use <a href="https://infosec.exchange/tags/CoPilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CoPilot</span></a> for rapid reconnaissance and fraud, see real-world phishing examples targeting Microsoft 365, Adobe, and DocuSign, and understand why SSO and OAuth vulnerabilities significantly amplify credential risks. </p><p>We'll also share essential steps to protect your organization! <a href="https://youtu.be/zaBwxy1Gjhc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/zaBwxy1Gjhc</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Microsoft365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft365</span></a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialTheft</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/CoPilotSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CoPilotSecurity</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/AIThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIThreats</span></a> <a href="https://infosec.exchange/tags/SaaSsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaaSsecurity</span></a> <a href="https://infosec.exchange/tags/DocuSignPhishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DocuSignPhishing</span></a> <a href="https://infosec.exchange/tags/M365" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>M365</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudSecurity</span></a></p>
LMG Security<p>New Polymorphic browser attack alert: Malicious extensions mimic legitimate ones with pixel-perfect clones, disabling the real add-ons to steal credentials from Chrome, Edge & others! </p><p>The malicious extensions clone the look and behavior of legitimate add-ons, including icons and workflows, and even temporarily disable the real extensions—tricking users into handing over sensitive credentials. Remind your team to only install extensions from trusted sources, monitor browser activity, and review permissions often.</p><p>Read the details: <a href="https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/03/rese</span><span class="invisible">archers-expose-new-polymorphic.html</span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <a href="https://infosec.exchange/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chrome</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialTheft</span></a> <a href="https://infosec.exchange/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/PolymorphicAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PolymorphicAttack</span></a></p>
LMG Security<p>A new Fortinet VPN zero-day vulnerability is being exploited by a toolkit called 'DeepData'. The <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> gap allows credential dumping from memory after authentication. Until a patch is available, you should restrict VPN access and monitor for unusual login activity. IOCs are available in this article: <a href="https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/</span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fortinet</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/CredentialTheft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CredentialTheft</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/Databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Databreach</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a></p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload