"Google Searches Expose Stolen Corporate Credentials"

Researchers at Check Point and Security firm Otorio uncovered a phishing campaign that managed to bypass Microsoft Office 365 Advanced Threat Protection filtering to steal more than 1,000 corporate credentials.  In August 2020, the campaign began and used emails that spoof notifications from Xerox scans to lure victims into clicking on malicious HTML attachments. Organizations targeted in the campaign included retail, manufacturing, healthcare, and IT.  The adversaries also had a special interest in targeting energy and construction companies. The adversaries behind the recently discovered phishing campaign unintentionally left more than 1,000 stolen credentials online via simple Google searches.

Threatpost reports: "Google Searches Expose Stolen Corporate Credentials"