Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Phishing Without Passwords: New Scam Turns App Permissions Into Entry Points

A new phishing operation called EvilTokens has compromised more than 340 Microsoft 365 organizations across five countries just weeks after launching in February 2026, raising concerns over a new style of cyberattack that can bypass traditional security measures.

Unlike common phishing scams that steal passwords, the attack tricks users into approving access themselves. Victims received messages asking them to enter a code on Microsoft’s legitimate login page and complete their normal multi-factor authentication (MFA). Everything appeared routine, but by approving the request, users unknowingly gave attackers long-term access to emails, files, calendars, and contacts.

Cybersecurity experts say this method is especially dangerous because no password is stolen and no suspicious login is triggered. Since users complete the login process themselves, security systems often see the activity as legitimate.

Researchers warn that people have become too used to clicking “Accept” on app permissions, especially with the rise of AI tools, browser extensions, and workplace integrations. Attackers are now taking advantage of that habit.

Mitigations

  • Avoid approving login or verification requests you did not personally initiate
  • Carefully review any permission or “consent” screen before clicking Accept
  • Be cautious of urgent messages pushing you to sign in or verify accounts quickly
  • Regularly review and remove unused third-party apps connected to your account
  • Only grant apps the minimum permissions needed to function
  • Report suspicious login or consent requests to your IT or security team
  • Organizations should regularly audit and revoke risky or unused app permissions
  • Enforce stricter controls for third-party apps and AI integrations

The incident also highlights growing concerns around third-party apps and AI integrations that connect to company systems. Experts say organizations should monitor which apps employees approve, regularly review permissions, and revoke access that is no longer needed.

Security firms are now pushing companies to treat app permissions and AI connections with the same level of scrutiny as passwords and MFA protections.

Source: https://thehackernews.com/2026/05/the-new-phishing-click-how-oauth.html

Christine (TinSu) Sugui | News
Created: May 20 2026 | Updated: 15 hours, 28 minutes ago
Comments

  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi