Friday, May 10, 2024

Monday.com Removes Share Update Feature as It Becomes Phishing Nest

 Project management platform Monday.com has removed the "Share Update" feature after threat actors misused it in phishing attacks.



Monday.com is a cloud-based project management platform that allows teams to organize and manage their work using automated workflows and dashboards. The platform is used by 225,000 customers, including Coca-Cola, Canva, LionsGate, Oxy, Compass, and Zippo.


On Tuesday, Monday.com customers informed BleepingComputer that they were concerned the company had been hacked after receiving phishing emails from their email accounts.


These phishing emails were sent using SendGrid and originated from notifications@monday.com, passing SPF, DMARC, and DKIM authentication.


The phishing emails pretended to come from the "Human Resources" department, asking users to acknowledge "organization workplace sex policies" or provide feedback as part of the "2024 Employee Evaluation."


Embedded in the email were links containing shortened URLs, such as tinyurl.com, which led to a phishing form on formstack.com. The form associated with the phishing campaign has been disabled, so BleepingComputer does not know what information was collected.


After contacting Monday.com about the phishing attack earlier this week, they informed BleepingComputer today that the attack was conducted through their 'Share Update' feature.


"We were notified of the abuse of a monday.com feature called 'Share Update,' which allows users to share updates with someone who is not a member of their account," a Monday.com spokesperson told BleepingComputer.


"Unfortunately, a user misused this feature by sending a phishing message. We immediately suspended this user and removed the feature."


"This feature has no connection to the data hosted on monday.com or access to any customer accounts or data. We have reached out and shared preventive measures with the recipients of the phishing message."


Monday.com said threat actors abused this feature by inputting a list of email addresses to where notifications should be sent, which could include people outside their organization.


When asked how many people received the emails, they declined to answer for security reasons but said they had contacted all recipients to warn them about the phishing emails.

via emka.web.id

0 comments:

Post a Comment