September 30, 2024 at 01:06PM Summary: Cybersecurity teams are facing threats from “Storm-0501,” a ransomware group targeting vulnerable organizations in hybrid cloud environments. Microsoft reports that the group exploits weak passwords and overprivileged accounts to access cloud environments, using compromised credentials to extract data and spread ransomware. Security experts emphasize the importance of a zero-trust … Read more
May 31, 2024 at 10:30AM Microsoft stresses the critical need to secure internet-exposed operational technology (OT) devices as cyber attacks continue to target such environments. The company warns that OT systems lack adequate security, making them vulnerable to exploitation and attacks. To mitigate these risks, organizations are urged to implement security measures and reduce the … Read more
May 29, 2024 at 07:00AM A new North Korean threat actor, Moonstone Sleet, is attributed to cyber attacks targeting various sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. Moonstone Sleet uses a combination of old and unique techniques to achieve its objectives, posing a significant threat. The disclosure warns of … Read more
April 23, 2024 at 09:27AM A Russian APT group, Fancy Bear, has been using a tool called GooseEgg to exploit a vulnerability in the Windows Print Spooler service, enabling privileges elevation and credential theft in intelligence-gathering attacks globally. The group’s history includes targeting Microsoft product vulnerabilities for cyber-espionage, with significant recent activity in attacks against … Read more
December 28, 2023 at 02:05PM Microsoft disabled the MSIX ms-appinstaller protocol handler due to multiple financially motivated threat groups exploiting it to infect Windows users with malware. The attackers used the CVE-2021-43890 vulnerability to bypass security measures and distribute malware. Microsoft recommends installing the patched App Installer version 1.21.3421.0 or later and advised disabling the … Read more
December 13, 2023 at 02:01PM Threat actors are exploiting weak authentication to abuse OAuth applications for cryptomining, phishing, and password spraying attacks, compromising user accounts for Microsoft services and exploiting OAuth applications with high privilege permissions. Mitigation includes implementing multifactor authentication and auditing apps and consented permissions. OAuth presents various risks and security researchers have … Read more
December 13, 2023 at 06:24AM Microsoft warns of adversaries using OAuth applications to automate virtual machine deployment for cryptocurrency mining and phishing attacks. Threat actors compromise user accounts to modify OAuth applications and maintain access to applications even if they lose access to accounts. Organizations are advised to enforce multi-factor authentication, conditional access policies, and … Read more
December 12, 2023 at 06:54PM Threat actors are leveraging OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. Microsoft recommends using multi-factor authentication (MFA) and implementing security measures like conditional access policies and continuous access evaluation to defend against these malicious activities. Security teams should also prioritize enabling MFA … Read more
December 4, 2023 at 12:00AM Microsoft alerts of a CACTUS ransomware spread through malvertising, deploying DanaBot for initial access, leading to attacks by the Storm-0216 group. DanaBot’s usage follows law enforcement disrupting QakBot. Recent attacks also exploit Qlik Sense vulnerabilities and a new macOS ransomware called Turtle has emerged. Clear Takeaways from Meeting Notes on … Read more
October 18, 2023 at 06:34PM Microsoft reports that the North Korean hacking groups Lazarus and Andariel are exploiting a vulnerability in TeamCity servers, CVE-2023-42793, to deploy backdoor malware. These attacks are likely aimed at conducting software supply chain attacks. Once the server is breached, the hackers use different attack chains to gain persistence on the … Read more