Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage

By Deeba Ahmed Researchers believe that this time instead of cyber espionage, Chinese threat actors may have opted for more complex information ops. This is a post from HackRead.com Read the original post: Microsoft: Chinese APT Flax Typhoon uses legit tools for cyber espionage

HackRead
Open in Source
#sql#vulnerability#web#windows#microsoft#ddos#git#java#intel#backdoor#auth
U.S. Hacks QakBot, Quietly Removes Botnet Infections

The U.S. government today announced a coordinated crackdown against QakBot, a complex malware family used by multiple cybercrime groups to lay the groundwork for ransomware infections. The international law enforcement operation involved seizing control over the botnet's online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computer systems.

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as "highly responsive to

What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS

Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur. When clicking on a name that ends in “.zip” are people intending to open an archive

Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. "This development in the PhaaS ecosystem enables

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege

Cybersecurity researchers have discovered a case of privilege escalation associated with a Microsoft Entra ID (formerly Azure Active Directory) application by taking advantage of an abandoned reply URL. "An attacker could leverage this abandoned URL to redirect authorization codes to themselves, exchanging the ill-gotten authorization codes for access tokens," Secureworks Counter Threat Unit (

Reply URL Flaw Allowed Unauthorized MS Power Platform API Access

By Habiba Rashid Critical Vulnerability in Microsoft Power Platform Discovered and Reported by Secureworks Researchers. This is a post from HackRead.com Read the original post: Reply URL Flaw Allowed Unauthorized MS Power Platform API Access

UK Air Traffic Control System Collapses, Causing Travel Chaos

By Waqas Hundreds of Thousands of Passengers Face Travel Chaos as UK Air Traffic Control System Collapses. This is a post from HackRead.com Read the original post: UK Air Traffic Control System Collapses, Causing Travel Chaos

CVE-2023-36741

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks

Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information. This includes Arion Kurtaj (aka White, Breachbase, WhiteDoxbin, and TeaPotUberHacker), an 18-year-old from Oxford, and