Microsoft reports a multi-stage AitM phishing and BEC campaign abusing SharePoint, inbox rules, and stolen session cookies to target energy orgs.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Microsoft has identified a sophisticated multi-stage phishing campaign targeting energy sector organizations. Attackers abuse SharePoint file-sharing to deliver phishing payloads, steal credentials and session cookies through adversary-in-the-middle techniques, then create inbox rules to maintain persistence. The compromised accounts are used to send large-scale phishing emails to internal and external contacts. Password resets alone cannot stop these attacks; organizations must revoke active session cookies and remove malicious inbox rules. The campaign exemplifies the growing trend of abusing trusted platforms like SharePoint, Google Drive, and AWS to appear legitimate and evade detection.

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms