DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Microsoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat group
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files
Microsoft has revoked over 200 fraudulent code-signing certificates used in a ransomware campaign involving fake Teams installers by threat group Vanilla Tempest
A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, says Microsoft
Senator Ron Wyden of Oregon has urged the FTC to investigate Microsoft for cybersecurity lapses linked to ransomware attacks on US critical infrastructure
Microsoft observed Storm-0501 pivot to the victim’s cloud environment to exfiltrate data rapidly and prevent the victim’s recovery
Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems
Group-IB also revealed the ransomware uses Chacha20 and RSA-OAEP for encryption
Microsoft warned Storm-1811 started vishing attacks in April to gain access to target devices
As well as malvertising and phishing links, the new threat actor is now also using contact forms to deliver its payloads, found Microsoft
Microsoft said the worm had alternate infection methods beyond its original USB drive spread
The campaign had several features differentiating it from other ransomware tracked by Microsoft
Microsoft urges better attack surface management
The attackers modified the Blast Secure Gateway component of the application using PowerShell code
The primary objective of the attack was reportedly to get back at the Indian Government
The backdoor allowed attackers to upload and download files, execute commands and remove their footprint
Magniber ransomware upgraded to prompt fake Windows 11 updates
Report reveals big variety in affiliate groups