Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 33 – 2025

Publication date

15.08.2025

Featured Story

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking.

The attack employs a custom phishlet within the Evilginx framework to spoof Safari on Windows, which is not compatible with FIDO-based authentication in Microsoft Entra ID.

Because the phishlet spoofs an unsupported browser user agent, Microsoft Entra ID turns off FIDO authentication and prompts the user to choose an alternate verification fallback method.

If the user uses alternative methods, the AiTM proxy intercepts their credentials and session cookie, granting full access to the victim’s account.

SOC Analysis: This attack highlights critical gaps in FIDO fallback mechanisms. Consider implementing strict conditional access policies that block authentication from unsupported browser combinations and restricting alternative MFA options for privileged accounts to reduce attack surface.

Other Stories

The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks

Attackers are sharing malicious files or links across organizations using trusted, built-in collaboration features from compromised accounts, a tactic called “native phishing.”

Microsoft OneNote is increasingly used in phishing attacks because it is not subject to Protected View and supports embedding malicious files or links. After gaining M365 credentials, threat actors created OneNote files in compromised users’ OneDrive folders, embedding lure URLs.

The phishing sites were built using free, AI-powered website builders like Flazio, making it easy for attackers to create convincing replicas.

SOC Analysis: Native phishing represents a significant evolution in attack tactics that exploits inherent trust in internal collaboration tools. Organizations need to implement stricter M365 sharing controls and establish behavioral baselines for file sharing activities to identify compromised accounts engaging in lateral phishing campaigns.

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Researchers have released a report detailing how a recent WinRAR vulnerability (CVE-2025-8088) was exploited by the Russian ‘RomCom’ group to drop malware payloads.

The attack used hidden ADS payloads in malicious RAR archives to extract DLLs and shortcuts into the %TEMP% or %LOCALAPPDATA% directories, enabling execution upon user login.

WinRAR released a fix on July 30, 2025 (v7.13).

SOC Analysis: Organizations should enforce immediate patching of WinRAR to version 7.13+ and consider implementing application allowlisting to prevent unauthorized executables from running from temporary directories.

Want to earn easy money behind your computer? Don’t fall for task scams

Task scams trick victims into believing they can earn money by completing simple online tasks. After initial fake payouts, scammers request deposits to unlock further ‘earnings’, leading to financial loss.

Scammers impersonate real agencies and use common messaging platforms to lure victims.

SOC Analysis: These scams build trust through legitimate-looking early payments. Educate employees, especially remote workers, to be skeptical of unsolicited “job” offers. Suspicious messages can be forwarded to verdacht@safeonweb.be, suspect@safeonweb.be, or suspicious@safeonweb.be.

OTHER STORIES

Weekly Digest Week 36 – 2025

Weekly Digest Week 35 – 2025

Weekly Digest Week 34 – 2025

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube

Our certifications & labels

Facebook-f Linkedin-in Youtube