Skip to main content

FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users

3 weeks 1 day ago
alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI. "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.

Read more of this story at Slashdot.

BeauHD

Google Chrome's Next Update Will Mark the End of Popular Ad Blockers

3 weeks 1 day ago
Google is removing Chrome's last remaining workarounds for Manifest V2 extensions, effectively ending support for legacy ad blockers such as the original uBlock Origin. 9to5Google reports: CyberNews points out a Chromium commit that removes support for the "kExtensionManifestV2Disabled" flag, which is referred to as "dead code" seeing as Chrome no longer supports Manifest V2 extensions. This removal acts as the final stop for many Manifest V2-based ad blocker extensions that were still in use today -- the flag was effectively a loophole to continue using these extensions. A Googler on the commit explains: "MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won't be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we've actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire." This will also impact other Chromium-based browsers, though the comment notes that "other browsers can continue supporting these if they so desire." Neowin points out that Microsoft Edge and Opera are likely to follow suit. Chrome 150, set to be released later this month, will remove this flag, while other leftover bits of Manifest V2 will be removed in the v151 release.

Read more of this story at Slashdot.

BeauHD