Reference the Google Gmail phishing attack yesterday.....
Shout out to @Google security ppl who got the #OAuthWorm disabled in under an hour and to @Cloudflare for sinkholing. Great response.
Was the attack actually generated after reading the Micro Trend report on the Russian state sponsored French hacking of Marcon using OAuth?
Not clear who's behind the attack, but conspicuously similar MO to a major APT28 campaign last year disclosed by Trend Micro last Friday.
This big phishing attack is clever; an OAUTH based attack. Tricks you into giving "permission" to read your emails a fake Google Docs app.
Password Alert is a free Chrome extension that journalists (or anyone) can use to protect against phishing
https://goo.gl/vrIEkA# #WPDF2017
A good video of the actual attack in progress....
https://twitter.com/zachlatta/status/859843151757955072
Bookmarks