Tag Microsoft

Microsoft Alerts to Rising Use of File Hosting Services in Business Email Compromise Schemes

Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.

The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.

Microsoft Alerts on Increasing Use of File Hosting Services in Business Email Compromise Attacks October 9, 2024 Microsoft has issued a warning regarding a rise in cyber attack campaigns that exploit established file hosting services such as SharePoint, OneDrive, and Dropbox. These platforms, frequently utilized in corporate settings, are being…

Read More

Microsoft Alerts to Rising Use of File Hosting Services in Business Email Compromise Schemes

Microsoft has issued a warning about cyberattack strategies that exploit legitimate file hosting platforms like SharePoint, OneDrive, and Dropbox, commonly utilized in corporate environments as a tactic to evade defenses. These campaigns have diverse objectives, enabling threat actors to compromise identities and devices, facilitating business email compromise (BEC) incidents that lead to financial fraud, data theft, and further infiltration into networks.

The abuse of trusted internet services (LIS) is an increasingly prevalent risk factor, allowing adversaries to blend in with normal network activity, often circumventing traditional security measures and complicating threat attribution. This tactic, known as living-off-trusted-sites (LOTS), takes advantage of the inherent trust in these platforms to bypass email security protocols and deliver malware. Microsoft has noted a concerning trend in phishing attacks exploiting this strategy.

Hackers Compromise Canadian Government Using Microsoft Vulnerability

Government, Industry Specific Microsoft Issues Urgent Warning After SharePoint Vulnerability Breach Targeting State Actors Chris Riotta (@chrisriotta) • August 14, 2025 The Ottawa Parliament Building. (Image: Shutterstock) A significant security breach has occurred within Canada’s House of Commons, where hackers accessed a sensitive database containing confidential office locations and personal…

Read MoreHackers Compromise Canadian Government Using Microsoft Vulnerability

Russian Hackers Target Norwegian Dam

Cybercrime, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Also: Spain Resists Pressure to Oust Huawei, North Korean Kimsuky Data Leaked Anviksha More (AnvikshaMore) • August 14, 2025 Image: Shutterstock/ISMG The Information Security Media Group (ISMG) regularly compiles significant cybersecurity incidents from around the globe. This week, a reported incident…

Read MoreRussian Hackers Target Norwegian Dam

Over 1,000 SOHO Devices Compromised in China-Linked LapDogs Cyber Espionage Operation

Jun 27, 2025
Threat Hunting / Vulnerability

Cybersecurity experts have uncovered a network of over 1,000 compromised small office/home office (SOHO) devices actively supporting an extensive cyber espionage campaign linked to China-based hacking groups. This operation, dubbed LapDogs by SecurityScorecard’s STRIKE team, reveals that victims are primarily located in the United States and Southeast Asia, with the network steadily expanding. Infections are also reported in Japan, South Korea, Hong Kong, and Taiwan, affecting sectors such as IT, networking, real estate, and media. The compromised devices include those from manufacturers like Ruckus Wireless, ASUS, Buffalo Technology, Cisco-Linksys, Cross DVR, D-Link, Microsoft, Panasonic, and Synology. At the core of the LapDogs operation is a custom backdoor known as ShortLeash, specifically designed to facilitate these attacks.

Over 1,000 SOHO Devices Compromised in Cyber Espionage Campaign Linked to China On June 27, 2025, cybersecurity experts reported the discovery of a significant network of more than 1,000 small office and home office (SOHO) devices that have been compromised for cyber espionage activities attributed to hacking groups with links…

Read More

Over 1,000 SOHO Devices Compromised in China-Linked LapDogs Cyber Espionage Operation

Jun 27, 2025
Threat Hunting / Vulnerability

Cybersecurity experts have uncovered a network of over 1,000 compromised small office/home office (SOHO) devices actively supporting an extensive cyber espionage campaign linked to China-based hacking groups. This operation, dubbed LapDogs by SecurityScorecard’s STRIKE team, reveals that victims are primarily located in the United States and Southeast Asia, with the network steadily expanding. Infections are also reported in Japan, South Korea, Hong Kong, and Taiwan, affecting sectors such as IT, networking, real estate, and media. The compromised devices include those from manufacturers like Ruckus Wireless, ASUS, Buffalo Technology, Cisco-Linksys, Cross DVR, D-Link, Microsoft, Panasonic, and Synology. At the core of the LapDogs operation is a custom backdoor known as ShortLeash, specifically designed to facilitate these attacks.

Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam

The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.

Microsoft Collaborates with CBI to Disrupt Japanese Tech Support Scam Operated from India June 6, 2025 In a significant crackdown on cybercrime, India’s Central Bureau of Investigation (CBI) has arrested six suspects and shuttered two illicit call centers engaged in a sophisticated tech support scam targeting Japanese citizens. This operation,…

Read More

Microsoft Aids CBI in Busting Illegal Indian Call Centers Linked to Japanese Tech Support Scam

The Central Bureau of Investigation (CBI) in India has apprehended six suspects and shut down two unlawful call centers engaged in a sophisticated transnational tech support scam targeting Japanese citizens. The operations, part of “Operation Chakra V,” took place on May 28, 2025, across 19 locations in Delhi, Haryana, and Uttar Pradesh, focusing on combating cyber-enabled financial crimes. According to the CBI, the criminal networks defrauded foreign nationals, primarily Japanese citizens, by posing as technical support agents for various multinational companies, including Microsoft. The agency noted that the call centers were designed to look like legitimate customer service operations, misleading victims into believing their electronic devices had been compromised, which led them to transfer funds under duress.

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Target Users with PDF-Based Callback Phishing Impersonating Microsoft and DocuSign July 2, 2025 Recent findings from cybersecurity experts highlight an alarming trend in phishing attacks that exploit the trust associated with reputable brands such as Microsoft and DocuSign. These campaigns leverage PDF attachments to manipulate unsuspecting victims into calling…

Read More

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Hackers Expose Allianz Life Data Stolen in Salesforce Breach

In a significant cybersecurity breach, Allianz Life, a major US insurance firm, has had 2.8 million sensitive records exposed following a data leak linked to ongoing Salesforce attacks. These stolen records contain critical information pertaining to both business partners and customers, highlighting a troubling trend in the escalating sophistication of…

Read MoreHackers Expose Allianz Life Data Stolen in Salesforce Breach

CERT-UA Discovers Malicious RDP Files in Recent Attack on Ukrainian Entities

Oct 26, 2024
Cyber Attack / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…

CERT-UA Uncovers Malicious RDP Files Targeting Ukrainian Entities October 26, 2024 Cyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a newly identified malicious email campaign directed at various governmental agencies, private enterprises, and military organizations within the country. This campaign seeks to exploit…

Read More

CERT-UA Discovers Malicious RDP Files in Recent Attack on Ukrainian Entities

Oct 26, 2024
Cyber Attack / Threat Intelligence

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…

Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.

Microsoft Addresses 130 Vulnerabilities, Highlighting Critical Flaws in SPNEGO and SQL Server On July 9, 2025, Microsoft released its Patch Tuesday updates, addressing a total of 130 vulnerabilities, including critical security flaws within the SPNEGO protocol and SQL Server. Notably, this month’s updates marked the first time in 2025 that…

Read More

Microsoft Addresses 130 Vulnerabilities, Including Critical Issues in SPNEGO and SQL Server

July 9, 2025
Endpoint Security / Vulnerability

In its first Patch Tuesday update of 2025, Microsoft has rolled out fixes for 130 vulnerabilities, marking a shift as no exploited security flaws were included in this batch. Notably, one flaw addressed had already been publicly disclosed. The update also tackles 10 additional non-Microsoft CVEs impacting Visual Studio, AMD, and the Chromium-based Edge browser. Among the patched vulnerabilities, 10 are classified as Critical, while the remainder are deemed Important. “This marks the end of an 11-month streak of fixing at least one zero-day exploitation,” noted Satnam Narang, Senior Staff Research Engineer at Tenable. The vulnerabilities include 53 related to privilege escalation, 42 for remote code execution, 17 for information disclosure, and 8 for security feature bypasses. Furthermore, the update builds on two other flaws previously fixed in the Edge browser since the last month’s Patch Tuesday.