Threat actors exploit calendar subscriptions for phishing and malware delivery
Threat actors have been found manipulating digital calendar subscription infrastructure to deliver harmful content.
Calendar series subscriptions allow third parties to add events and share notifications directly to devices. For instance, retailers sharing sale dates or sports associations updating calendar of sports matches.
However, because these subscriptions allow a third-party server to add events directly, threat actors have been found setting up deceptive infrastructures to trick users into subscribing to notifications, according to new research by BitSight.
Read more at Infosecurity Magazine