Tag: security
Microsoft Graph is becoming a popular target for hackers
Multiple hacking collectives are been actively using Microsoft Graph API to hide their communications with command & control (C2) infrastructure hosted on Microsoft cloud services, cybersecurity researchers from Symantec Threat Hunter Team have revealed. The researchers claim that for two and a half years now, groups such as APT28, REF2924,…
Read More
A dangerous new malware is targeting Macs of all kinds — here’s how to stay safe
Hackers have been observed targeting Mac devices running on both Intel and ARM silicon with brand new infostealer malware. Mac security provider Kandji discovered the malware and dubbed it Cuckoo. “This malware queries for specific files associated with specific applications, in an attempt to gather as much information as possible…
Read More
Russian hackers target EU countries using a simple Microsoft Outlook security flaw
We now know how APT28, a known Russian state-sponsored threat actor, managed to compromise multiple email accounts belonging to the Executive Committee of the German Social Democratic Party back in 2022 – it was via a security flaw in Microsoft Outlook. The German Federal Government said APT28 abused a vulnerability…
Read More
Microsoft adds more security chiefs following recent cyberattacks
Microsoft has just unveiled the next step in its major cybersecurity overhaul, and that is to hire security executives for different product groups. Following a string of major cyberattacks, and the subsequent US government “call to arms” of sorts, Microsoft decided to completely revamp its cybersecurity practices, and “put security…
Read More
FBI and CISA tell devs to crack down on security issues before releasing
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), published a new joint security alert earlier this week, urging software developers to keep path traversal in mind when developing software products. Path traversal is a software vulnerability also known as directory traversal, or directory…
Read More
Dropbox confirms eSign tool hit by major data breach, confirms customer info leaked
E-signature service providers DropBox Sign suffered a cyberattack recently, in which hackers stole some seriously sensitive customer information. As per the data breach notification published on the DropBox Sign website, an unidentified threat actor managed to compromise a service account that was part of the product’s back-end. The company did…
Read More