// NEXUSVOID CYBER NEWS

<- ALL CYBER NEWS

Notable

Evilginx, phishing, Microsoft 365, adversary-in-the-middle, MFA bypass, session token, passkeys

An Attacker Left a Directory Listing On, and Exposed Three M365 Phishing Operations

A Microsoft 365 phishing crew running Evilginx left a Python web server exposed with directory listing enabled, handing researchers a look inside three live operations. The tools that beat multi-factor authentication are getting easier to run, and easier to fumble.

A live Microsoft 365 phishing operation was exposed after its operator left a simple Python web server listening on a public port with directory listing switched on, giving researchers a view into three separate Evilginx campaigns, as reported by The Hacker News. The command that did it, python3 -m http.server 8080, was still sitting in the shell history.

Evilginx matters because of what it defeats. It is an adversary-in-the-middle tool that proxies a real login page, capturing not just the password but the session token, which means it can slip past many forms of multi-factor authentication. That is precisely the protection most organizations rely on to stop account takeover.

The operational-security failure is the human note in the story. The same carelessness that exposes a corporate server exposes an attacker's, and here a default web server with listing enabled turned a hidden operation into an open one. It is a useful reminder that attackers make the same mundane mistakes defenders do.

The defensive takeaway is to move toward authentication that resists this class of attack. Phishing-resistant methods such as hardware security keys and passkeys do not hand over a reusable token the way a one-time code or push prompt can, and for high-value accounts they are the difference between a stolen password and a stolen account.

Sources: The Hacker News.

Liked this briefing? Share it:

More briefings

Related posts appear on the live page
Get the briefings first
Breaking security news, verified fast, with the one fact the headlines skip. No spam - unsubscribe anytime.