The all in one place for non-profit security aid.
Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse.
The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.
Fluhorse was first documented by Check Point in early May 2023, detailing its Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Microsoft Employees Data Exposed Via Third-Party Breach
A significant data breach involving Microsoft has come to light, exposing sensitive information of over 2,000 employees. The Cyber Press Research Team has uncovered a data leak file containing personal and professional details of 2,073 Microsoft employees, reportedly obtained through a breach of a third-party vendor.
The leaked data was posted on underground forums by a threat actor known as @888, who claimed it originated from a third-party breach in July 2024. The Cyber Press Research Team has verified the authenticity of the leaked information, confirming it pertains to current Microsoft employees.
The compromised data includes a wide range of sensitive information:
Full names
Job titles
Email addresses and verification status
Direct and corporate phone numbers
Team affiliations
LinkedIn profiles
Company website details
Geographic information (city, state, country)
Notably, the leak affects numerous high-ranking positions within Microsoft, including C-suite executives, directors, and vice presidents across various departments such as Finance, Development, Data Center, Business Development, Azure Cloud, Sales, and Project Management.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
This breach raises serious concerns about the security practices of third-party vendors and the potential risks they pose to major corporations like Microsoft. The exposure of such high-level employee information could have severe consequences, including:
Targeted phishing attacks: Cybercriminals could craft highly convincing phishing attempts aimed at executives, potentially leading to unauthorized access to confidential company information.
Business Email Compromise (BEC) scams: Hackers might exploit the leaked contact details to impersonate high-level executives in attempts to trick employees or partners into transferring funds or revealing sensitive information.
Reputational damage: The breach could harm Microsoft’s reputation, affecting investor confidence and customer trust.
To mitigate the potential fallout from this breach, Microsoft will likely need to take several steps:
Notify affected employees and provide identity theft protection services
Enhance email security protocols and employee education on phishing
Review and strengthen security measures for third-party vendors
Implement transparent communication with stakeholders to manage reputational impact
Reinforce security measures such as multi-factor authentication and regular security audits.
The recent event is a clear indication of how critical it is for organizations to have strong security protocols in place, not only within the organization itself but also throughout its network of third-party vendors and partners.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post Microsoft Employees Data Exposed Via Third-Party Breach appeared first on Cyber Security News.
New vulnerability packs a punch.
Unpacking LogoFAIL’s threat to Windows and Linux. The US DHS’s new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta’s end-to-end encryption in Messenger and Android’s Autospill vulnerability. On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software ‘kill switch’ in Polish trains. Read More
The CyberWire
Water services giant Veolia North America hit by ransomware attack
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. […] Read More
BleepingComputer