Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
New Phishing Tool "Sneaky 2FA" Targets Microsoft 365 Users for Credential Stealing

Cybersecurity researchers have discovered a new phishing tool called Sneaky 2FA, which targets Microsoft 365 accounts to steal login credentials and two-factor authentication (2FA) codes. This phishing kit has been active since at least October 2024, and it was first spotted in December 2024 by the French cybersecurity company, Sekoia. The kit has been used on nearly 100 different websites, suggesting that cybercriminals are starting to use it more widely.

The Sneaky 2FA phishing kit is sold as a service, known as Phishing-as-a-Service (PhaaS), by a group called Sneaky Log. They offer this tool through a bot on Telegram. Buyers receive a version of the tool that’s disguised to hide its source code, which they can then use to carry out phishing attacks on their own.

The phishing attacks are designed to trick people into thinking they are receiving an email about a payment receipt. The email contains a link to a fake Microsoft 365 login page, where the victim’s credentials and 2FA codes are stolen. These fake pages often look like real Microsoft pages, using blurry background images to trick the user into entering their login details.

The kit also includes advanced anti-detection features, such as filtering out traffic from bots, VPNs, and cloud providers. This ensures only real users are sent to the fake pages. Additionally, the phishing pages use a central server to verify whether the subscription for the kit is still active, meaning that only paid users can run phishing campaigns.

Researchers have found connections between Sneaky 2FA and other phishing tools, suggesting the same group might be behind several phishing operations. Despite some similarities with other tools, such as W3LL Panel, Sneaky 2FA is considered a new phishing kit, not a replacement.

Mitigation Tips to Stay Safe:

  1. Be Cautious with Emails: Always be wary of unsolicited emails, especially ones that seem too good to be true (like fake payment receipts). Avoid clicking on links or downloading attachments from unknown sources.
  2. Check URL Addresses: Always double-check that the website you are visiting is legitimate, especially when asked to enter sensitive information. Look for signs of a fake site, such as blurry backgrounds or unusual URLs.
  3. Enable Multi-Factor Authentication (MFA): While the kit targets MFA codes, enabling MFA on all your accounts makes it harder for attackers to gain access even if they have your password.
  4. Use Security Software: Ensure your device has up-to-date security software to help detect and block phishing attacks.
  5. Stay Updated on Security Threats: Regularly monitor your accounts for unusual activity and update your passwords periodically to enhance security.

Source: https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.html


Vyete (VyeteR) Raymundo | News
Created: January 22 2025 | Updated: on 1/22/25
Comments


  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi