Security News
Russian state hackers are adapting their techniques to target organizations moving to the cloud, an advisory from the UK National Cyber Security Centre and international security agencies has warned. The advisory details how cyber espionage group APT29 is directly targeting weaknesses in cloud services used by victim organizations to gain initial access to their systems.
CISA ordered U.S. Federal Civilian Executive Branch agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service that's actively exploited in attacks. Redmond patched the bug during the June 2023 Patch Tuesday, with proof-of-concept exploit code dropping on GitHub three months later, on September 24.
The US Department of Justice has unsealed an indictment accusing an Iranian national of a years-long campaign that compromised hundreds of thousands of accounts and attempting to infiltrate US defense contractors and multiple government agencies. "Nasab participated in a cyber campaign using spear phishing and other hacking techniques to infect more than 200,000 victim devices, many of which contained sensitive or classified defense information," said Damian Williams, US Attorney for the Southern District of New York.
The Düsseldorf Police in Germany have seized Crimemarket, a massive German-speaking illicit trading platform with over 180,000 users, arresting six people, including one of its operators. Known as Crimemarket, it was the largest cybercrime market in the country and a hub for trading illegal drugs, narcotics, and cybercrime services, while it also hosted tutorials/guides for conducting various crimes.
The Düsseldorf Police in Germany have seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators. "In a concerted campaign, investigators across Germany and abroad took action against the largest German-speaking criminal trading platform on the Internet on Thursday evening," reads a machine-translated announcement.
Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync is a synchronization protocol used by Microsoft Exchange to allow users to access their email, calendar, contacts, and tasks.
Webinar The quantum threat might seem futuristic, more like something you'd encounter in a science fiction film. It's arguably already a danger to real cyber security defences.
Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. Microsoft released Edge 122.0.2365.63 yesterday, and soon after, users began reporting across multiple sites that the browser was crashing repeatedly with memory errors.
The U.S. Department of Justice has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. The U.S. DoJ announcement says Nasab's job with Mahak Rayan Afraz was merely a front for the hacker's malicious operations.
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit...