Apple has patched two security vulnerabilities thought responsible for hacks of Russian devices. Read More
The CyberWire
The all in one place for non-profit security aid.
Apple has patched two security vulnerabilities thought responsible for hacks of Russian devices. Read More
The CyberWire
BazarCall attacks abuse Google Forms to legitimize phishing emails
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate. […] Read More
BleepingComputer
Chinese APT Groups Actively Targeting Outlook and Exchange Online Email Accounts
A china based APT actor accessed Microsoft 365 cloud environment and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts.
In June 2023, a Federal Civilian Executive Branch (FCEB) agency observed suspicious activity in their Microsoft 365 (M365) cloud environment and reported the activity to Microsoft and CISA.
CISA and the Federal Bureau of Investigation (FBI) are releasing this joint Cyber Security Advisory to provide guidance to all organizations to mitigate the attack.
Microsoft has announced that it successfully thwarted an attack by a China-based hacker group called Storm-0558 on Outlook and Exchange Online email accounts of its customers.
A Chinese espionage actor -Storm-0558, accessed cloud-based Outlook Web Access in Exchange Online (OWA) and Outlook(.)com unclassified email service for nearly a month commencing in May 2023.
Used forged authentication tokens from a Microsoft account signing key to access the email data, and 25 organizations were affected by this targeted attack.
The FCEB agency observed MailItemsAccessed events with an unexpected ClientAppID and AppID in M365 Audit Logs.
The MailItemsAccessed event is generated when the licensed users access the items in Exchange Online mailboxes using any connectivity protocol from any client.
The FCEB agency informed Microsoft and CISA about this anomalous activity since the observed AppId did not routinely access mailbox items in their environment.
Microsoft immediately blocked the tokens issued with the acquired key and then replaced the key to prevent continued misuse.
FBI and CISA strongly recommended critical infrastructure organizations enable audit logging to detect malicious activity.
The Office of Management and Budget (OMB) M-21-31 requires Microsoft audit logs to be retained for at least twelve months in active storage and an additional eighteen months in cold storage.
This can be accomplished either by offloading the logs out of the cloud environment or natively through Microsoft by creating an audit log retention policy.
Enable Purview Audit (Premium) logging, which requires licensing at the G5/E5 level
Recommended to check logs are searchable by operators in order to hunt for threat activity.
Organizations are encouraged to look for outliers and become familiar with baseline patterns to better understand abnormal versus normal traffic.
The post Chinese APT Groups Actively Targeting Outlook and Exchange Online Email Accounts appeared first on Cyber Security News.
Cyber Security News
Fujitsu Hacked – Attackers Stolen Personal Information
[[{“value”:”
Fujitsu has announced the discovery of malware on several of its business computers, raising concerns over the potential leak of files containing personal and customer information.
The incident, disclosed on March 15, 2024, underscores the growing threats to corporate data security and the importance of robust cybersecurity measures.
Fujitsu’s internal investigation revealed the presence of malicious software on multiple business computers within the organization.
This malware enabled unauthorized individuals to extract files containing sensitive personal and customer information illicitly.
The discovery of the malware prompted immediate action from Fujitsu, including the isolation of the affected computers and the enhancement of monitoring across other business systems to prevent further breaches.
Document
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
After confirming the malware’s presence, Fujitsu has taken several steps to address the situation and mitigate any potential damage.
The company has intensified its internal investigation to trace the malware’s entry point and assess whether any information has been leaked.
In addition to technical measures, Fujitsu has also reached out to individuals and customers potentially affected by the breach, providing them with individual reports.
The company has preemptively reported the incident to the Personal Information Protection Commission, considering the possibility of compromised personal information.
As of the announcement date, no reports have indicated that the potentially leaked personal or customer information has been misused.
Fujitsu is continuing its investigation into the incident and is committed to taking all necessary steps to ensure the security of its systems and the protection of sensitive information.
Fujitsu has expressed its deep apologies to all stakeholders for the concern and inconvenience caused by this security breach.
The company acknowledges the severity of the situation and is dedicated to reinforcing its cybersecurity measures to prevent future incidents.
Fujitsu’s commitment to data protection and security remains unwavering as it navigates through the challenges posed by this breach.
The Fujitsu hacking incident serves as a stark reminder of the persistent cybersecurity threats facing businesses today.
It highlights the importance of continuous vigilance, robust security protocols, and immediate response mechanisms to safeguard against unauthorized access and theft of sensitive information.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Fujitsu Hacked – Attackers Stolen Personal Information appeared first on Cyber Security News.
“}]] Read More
Cyber Security News