A critical flaw in the company’s rate limit for failed sign-in attempts allowed unauthorized access to a user account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more.
Автор: Elizabeth Montalbano, Contributing Writer
Cybercrime Gangs Abscond With Thousands of AWS Credentials
The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.
Attackers Can Use QR Codes to Bypass Browser Isolation
Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.
‘Earth Minotaur’ Exploits WeChat Bugs, Sends Spyware to Uyghurs
The emerging threat actor, potentially a Chinese state-sponsored APT, is using the known exploit kit Moonshine in cross-platform attacks that deliver a previously undisclosed backdoor called "DarkNimbus" to ethnic minorities, including Tibetans.
Pegasus Spyware Infections Proliferate Across iOS, Android Devices
The notorious spyware from Israel’s NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.
Venom Spider Spins Web of New Malware for MaaS Platform
A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group’s cybercriminal tool set.
Sneaky Skimmer Malware Targets Magento Sites Ahead of Black Friday
A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.
OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts
Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.
Fancy Bear ‘Nearest Neighbor’ Attack Uses Nearby Wi-Fi Network
In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.
‘Water Barghest’ Sells Hijacked IoT Devices for Proxy Botnet Misuse
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cy…