Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Be careful what you pwish for – Phishing in PWA applications"
--> "... stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints ..."
--> "... attack, detected in July 2024, involved infiltrating the target network via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA), with the threat actors conducting post-exploitation actions 18 days after initial access took place ..."
--> "... Once the attacker reached the domain controller in question ..."
VG
Bernd
[0] https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html
rwth-security@lists.rwth-aachen.de