5 Ways K–12 Schools Can Push Back Against the Consent Phishing Trend

June 13, 2022

We all think we know about phishing emails and how dangerous they are, particularly to K–12 school systems. However, educators may not be familiar with the growing trend of “consent phishing.”
In consent phishing attacks, bad actors use malicious apps hosted on legitimate cloud platforms to gain “access to an organization’s cloud services and data,” according to Microsoft.
In this type of phishing attack, teachers or school administrators may accidentally grant these apps permanent permission or consent that can be used to exploit school systems. Below are five ways that schools can combat…

Categories: Uncategorized

Cybercriminals Are Attacking Networks Using Cloud Storage Services

Bad actors are constantly evolving their attack vectors, looking for new ways to enter systems undetected. Now, hackers are exploiting cloud storage services to infiltrate networks and hide their attacks. Through phishing emails, they’re targeting cloud applications such as Google Drive and Dropbox. Once inside the system, these malicious parties can access sensitive data stored in their targets’ systems.
Many K–12 districts rely on cloud applications such as Google Workspace to facilitate learning. As a result, school IT teams must remain vigilant about updating security solutions and…

November 3, 2022

Malwarebytes: four malicious Android apps from developer Mobile apps Group, which has deployed malware before, remain on Google Play with millions of downloads (Kyle Barr/Gizmodo)

Kyle Barr / Gizmodo:
Malwarebytes: four malicious Android apps from developer Mobile apps Group, which has deployed malware before, remain on Google Play with millions of downloads — Google is still failing to catch malicious apps from being listed on its app store, but it seems that some developers …

November 2, 2022

Microsoft releases 63 security fixes, including patches for two zero-day flaws, one of which is under active exploit, and five critical RCE vulnerabilities (Lawrence Abrams/BleepingComputer)

Lawrence Abrams / BleepingComputer:
Microsoft releases 63 security fixes, including patches for two zero-day flaws, one of which is under active exploit, and five critical RCE vulnerabilities — Today is Microsoft’s September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws.

September 14, 2022

Microsoft reveals a now-patched “high severity vulnerability” in TikTok for Android that could let attackers take over accounts that clicked on a malicious link (Corin Faife/The Verge)

Corin Faife / The Verge:
Microsoft reveals a now-patched “high severity vulnerability” in TikTok for Android that could let attackers take over accounts that clicked on a malicious link — Hackers could have used the exploit to post videos, send messages, and edit account details

August 31, 2022

Rackspace confirms a ransomware attack caused an ongoing outage to its hosted Microsoft Exchange services, but its other products are fully operational (Sergiu Gatlan/BleepingComputer)

Sergiu Gatlan / BleepingComputer:
Rackspace confirms a ransomware attack caused an ongoing outage to its hosted Microsoft Exchange services, but its other products are fully operational — Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind its ongoing Hosted Exchange outage.

December 6, 2022

Microsoft admits Windows was not properly downloading and applying updates to the driver blocklist designed to thwart “bring your own vulnerable driver” attacks (Dan Goodin/Ars Technica)

Dan Goodin / Ars Technica:
Microsoft admits Windows was not properly downloading and applying updates to the driver blocklist designed to thwart “bring your own vulnerable driver” attacks — Microsoft said Windows automatically blocked dangerous drivers. It didn’t. — For almost two years …

October 16, 2022

Related Articles