Cybersecurity

5968 readers

222 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware (www.microsoft.com)

submitted 8 months ago by kid to c/cybersecurity

2 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 8 months ago (1 children)

This is a simple case of a malicious actor asking for access, and the victim is handing access over. QuickAssist, ScreenConnect, TeamViewer, Teams, Zoom, etc all have been used for this purpose.

It no sounds like it starts with a vishing phone call. Lots of people will ask Microsoft to fix this somehow, but no one ever seems to blame the phone services or demand they fix it.

[–] [email protected] 3 points 8 months ago

Couldn't agree more. I have no idea why phone companies are not being held accountable for allowing this. For email, it's a solved problem. Why not phone?