Email attachments remain one of the most trusted entry points into enterprise environments. Despite years of awareness training and secure email gateways, attackers continue to rely on documents because they blend seamlessly into everyday workflows. New reporting from The Hacker News details how APT28, a Russia-linked threat actor, is actively exploiting a newly disclosed Microsoft

The post When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit appeared first on Seceon Inc.

The post When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit appeared first on Security Boulevard.

Cyber incidents in the public sector rarely begin with chaos. More often, they start quietly, with access that appears routine and activity that blends into normal operations. That pattern is evident in a recent breach involving the Victoria Department of Education, where unauthorized access exposed personal information belonging to current and former students and triggered

The post Student Data at Risk: What the Victoria Education Breach Exposes About Public Sector Security appeared first on Seceon Inc.

The post Student Data at Risk: What the Victoria Education Breach Exposes About Public Sector Security appeared first on Security Boulevard.

Multi-factor authentication has long been treated as a security finish line. Once enabled, organizations assume that account takeover risks drop dramatically. Recent attacker behavior suggests otherwise. New reporting details a growing wave of adversary-in-the-middle (AiTM) phishing campaigns that are specifically designed to bypass MFA by hijacking authentication sessions in real time, according to IT Pro.

The post When MFA Fails Quietly: Inside the Rise of AiTM Phishing Attacks appeared first on Seceon Inc.

The post When MFA Fails Quietly: Inside the Rise of AiTM Phishing Attacks appeared first on Security Boulevard.