Monday.com is a cloud-based project management platform that allows teams to organize and manage their work using automated workflows and dashboards.
On Tuesday, Monday.com customers told BleepingComputer they were concerned that the company was compromised after receiving phishing emails from its email accounts.
Embedded in the emails were links containing shortened URLs, such as tinyurl.com, that led to phishing forms on formstack.com.
The forms associated with these phishing campaigns have since been disabled, so BleepingComputer does not know what information was being collected.
After contacting Monday.com about the phishing attacks earlier this week, they told BleepingComputer today that the attacks were conducted through their 'Share Update' feature.
Monday.com says that the threat actor abused this feature by inputting a list of email addresses to which a notification should be sent, which can include people outside of their organization.
When asked how many people received an email, they declined to answer for security reasons but said they contacted all recipients to warn them of the phishing emails.
For those who used the 'Share Update' feature, Monday.com told BleepingComputer that it is under review and cannot provide a timeline for when or if the feature will be restored.
Google now blocks spoofed emails for better phishing protection.
AT&T delays Microsoft 365 email delivery due to spam wave.
Microsoft will limit Exchange Online bulk emails to fight spam.
Microsoft rolls out passkey auth for personal Microsoft accounts.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 09 May 2024 22:20:18 +0000