Torrance, United States / California, 9th January 2025, CyberNewsWire

**Torrance, United States / California, January 9th, 2025, CyberNewsWire**

Criminal IP, a globally recognized Cyber Threat Intelligence (CTI) solution by AI SPERA, has launched its **Criminal IP Malicious Link Detector** add-in on the Microsoft Marketplace. This cutting-edge tool provides real-time phishing email detection and URL blocking for Microsoft Outlook, adding an essential layer of email security in the face of increasing cyber threats.

Advances in generative AI have driven a surge in sophisticated phishing attacks that are increasingly difficult to distinguish from legitimate communications. The Criminal IP Malicious Link Detector combats these threats by analyzing email links in real-time, detecting and blocking phishing URLs and malicious domains. Fully integrated with Microsoft Outlook and available for free, it provides robust protection for both individuals and organizations.

**Case Study: Phishing Email Targeting Cryptocurrency Wallet Users**

In one instance, Criminal IP detected a phishing email targeting Trust Wallet users. The email contained links disguised as official pages, aiming to deceive users into downloading malware. The Criminal IP Malicious Link Detector swiftly identified and blocked these malicious URLs in real-time, averting potential harm.

**Getting Started with the Criminal IP Malicious Link Detector**

Using the tool is straightforward:

1.     **Signing Up:** Creating an account on the Criminal IP platform.

2.    **Installing the Add-In:** Downloading and integrating the add-in from Microsoft Marketplace.

3.    **Start Scanning:** Email links are automatically scanned upon login, with results displayed instantly.

As cyber threats evolve rapidly, the **Criminal IP Malicious Link Detector** ensures the users’ emails are protected against phishing links and malicious URLs. Download it today to stay ahead of emerging cyber risks and strengthen email security.

**About AI SPERA**

AI SPERA, renowned for its advanced solutions, has expanded internationally, with ‘Criminal IP’ as its flagship offering. Operating in more than 150 countries, ‘Criminal IP’ is backed by enterprise-grade security solutions like ‘Criminal IP ASM’ and ‘Criminal IP FDS’. Strategic partnerships with global leaders such as Cisco, VirusTotal, and Quad9 have significantly enhanced ‘Criminal IP’s capabilities. AI SPERA’s ‘Criminal IP’ has recently entered the marketplace of major US data warehousing platforms, including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data.

**Contact**

**Michael Sena**  
**\[email protected\]**

Criminal IP Launches Real-Time Phishing Detection Tool on Microsoft Marketplace

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?**

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-21380: Azure Marketplace SaaS Resources Information Disclosure Vulnerability

CVE-2025-21385: Microsoft Purview Information Disclosure Vulnerability

PRESS RELEASE

DALLAS, Jan. 7, 2025 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced a new collaboration with Intel® (NASDAQ: INTC) designed to help joint enterprise customers protect critical systems from stealthy threats, including fileless malware and advanced ransomware.

When Trend's proactive security platform and Intel's technology are used together, the integrated solution can better determine if encryption behavior is legitimate—such as a user backing up files or malicious—ensuring the appropriate action is taken to protect critical systems.

This news coincides with the CES 2025 (Consumer Electronics Show), which is the most influential tech innovation event for enterprises and society as a whole, where Intel and Trend will be present. Trend invites corporate attendees to join a panel discussion on Thursday, January 9th, entitled "Data Collection, Privacy and Why You Should Care," to learn how to safeguard a digital footprint as cybercriminals increasingly target critical data. Register now at: https://spr.ly/6044vmkSQ.

Carla Rodriguez, Intel VP: "Threat actors are increasingly targeting endpoints with sophisticated attacks that evade traditional software-based security. Trend's integration of Intel® Threat Detection Technology provides a hardware-accelerated detection layer to uncover stealthy threats. This technology, deployed across a billion PCs, is the only AI-based silicon security solution of its kind. Our mutual customers will benefit from enhanced protection with Trend's AI-powered Trend Vision One™ – Endpoint solutions on Intel AI PCs."

Protecting critical assets across endpoints, email, networks, and cloud workloads is increasingly challenging as malicious actors favor covert threats such as fileless malware, which was reportedly present in 40% of attacks in 2023. These can be used to deploy ransomware, steal sensitive data, and cause significant financial and reputational damage.

Fileless attacks are particularly dangerous as they rely on in-memory execution, reside in the registry, or abuse legitimate tools like PowerShell and Windows Management Instrumentation.

That's why Trend and Intel are teaming up by combining the AI-powered Trend Vision One. This collaboration provides organizations with powerful tools to detect and respond to ransomware and fileless attacks before they can cause damage.

Rachel Jin, Chief Enterprise Platform Officer at Trend: "Proactive security has long been desired but just recently feasible. Through our work with Intel, we're redefining what's possible in cybersecurity—empowering enterprises to proactively safeguard their systems, data, and operations against an increasingly complex threat landscape."

How AMS works:

*   Intel® TDT offloads advanced memory scanning (AMS) workloads from CPU to GPU.
    
*   This enables Trend endpoint security solutions to scan more deeply and more often to uncover fileless attacks before they can launch malicious payloads.
    
*   Using fewer CPU resources enhances threat detection and response without affecting performance, slowing down PCs, or reducing battery life.
    

Trend Vision One™ – Endpoint Security leverages AMS to improve memory scanning capacity by 7 to 10X1. This means that organizations can scan more and detect more threats.

CPU-based threat detection:

Advanced ransomware is increasingly capable of evading EDR detection thanks to packing and obfuscation techniques and VM cloaking. EDR solutions are too often playing catchup with behavior-based approaches, which take time to get up to speed.

Intel® TDT augments Trend's behavioral analysis, runtime machine learning, and expert rules by providing critical visibility into the hardware layer, increasing ransomware detection efficacy by 24% over software alone.

It does this by:

*   Using CPU telemetry and Intel® AI, offloading Intel AI and memory scanning from the CPU to the integrated GPU to provide a detection assist to Trend's ransomware defenses which won't disrupt the user experience.
    
*   Integrating Intel TDT source code directly into the Trend Micro agent to deliver deeper insights from CPU telemetry. This enables instant discovery of zero-day attacks and new, fast-moving variants.
    

About Trend Micro  
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend's platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

Trend Micro and Intel Innovate to Weed Out Covert Threats

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

Source: Robert Wilkinson via Alamy Stock Photo

An unconventional phishing campaign convincingly impersonates online payments service PayPal to try to trick users into logging in to their accounts to make a payment; in reality, the login allows attackers to take over an account. The novel part of the attack is the abuse of a legitimate feature within Microsoft 365 to create a test domain, which then allows the attackers to create an email distribution list that makes the payment-request messages appear to be legitimately sent from PayPal.

Carl Windsor, CISO for Fortinet Labs, discovered the campaign when he himself was targeted by it, he revealed in a blog post published today.

Windsor received a request in his inbox from a sender with a nonspoofed PayPal email address seeking a payment of $2,185.96. The person requesting the money was someone called Brian Oistad, and aside from the "to" address not being Windsor's email address —  it was addressed to Billingdepartments1\[@\]gkjyryfjy876.onmicrosoft.com —  there were few obvious signs it was not a genuine email, he said.

"What's interesting about this attack is that it doesn’t use traditional phishing methods," Windsor wrote. "The email, the URLs, and everything else are perfectly valid."

That validity might persuade an average email user to click on the link in the email, which redirects them to a PayPal login page showing a request for payment.

Related:PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts

At this point, "some folks might be tempted to log in with their account details, however, this would be extremely dangerous," he wrote. That's because the login page links the target's PayPal account address with the address it was sent to — Billingdepartments1\[@\]gkjyryfjy876.onmicrosoft.com, controlled by the attacker — not their own email address.

**Abusing Microsoft 365 Test Domains for Cybercrime**

The campaign works because the scammer appears to have registered a Microsoft 365 test domain — which is free for three months — and then created a distribution list containing target emails. This allows any messages sent from the domain to bypass standard email security checks, Windsor explained in the post.

Then, "on the PayPal Web portal, they simply request the money and add the distribution list as the address," he wrote.

This money request is then distributed to the targeted victims, and the Microsoft 365 Sender Rewrite Scheme (SRS) rewrites the sender to, for example, "bounces+SRS=onDJv=S6\[@\]5ln7g7.onmicrosoft.com, which will pass the SPF/DKIM/DMARC check," Windsor added.

"Once the panicking victim logs in to see what is going on, the scammer’s account (Billingdepartments1\[@\]gkjyryfjy876.onmicrosoft.com) gets linked to the victim’s account," he wrote. "The scammer can then take control of the victim's PayPal account — a neat trick … \[that\] would sneak past even PayPal’s own phishing check instructions."

Related:Thousands of BeyondTrust Systems Remain Exposed

Indeed, abusing a vendor feature to deliver the phishing message does give the attackers a stealthy advantage when it comes to bypassing typical email security, a security expert notes.

"The emails are sent from a verified source and follow an identical template to legitimate messages, such as a standard PayPal payment request," says Elad Luz, head of research at Oasis Security, a provider of non-human identity management. "This makes them difficult for mailbox providers to distinguish from genuine communications."

**Cyber Defense: Create a "Human Firewall" Against Phishing**

Because the attack appears to be a genuine email, the best solution to avoid falling prey to it is what Windsor calls the "human firewall," or "someone who has been trained to be aware and cautious of any unsolicited email, regardless of how genuine it may look," he wrote in the post.

"This, of course, highlights the need to ensure your workforce is receiving the training they need to spot threats like this to keep themselves — and your organization — safe," Windsor noted.

Related:Recorded Future: Russia's 'Undesirable' Designation Is a Compliment

It is also possible to create a rule within email security scanners to "look for multiple conditions that indicate that this email is being sent via a distribution list," to help detect a campaign that uses this vector, he added.

Another potential mitigation is to use artificial intelligence (AI)-based security tools that use neural networks to analyze social graph patterns, among other techniques, "to help spot these hidden interactions by analyzing user behaviors more deeply than static filters," Stephen Kowski, field chief technology officer (CTO) at SlashNext Email Security+, tells Dark Reading.

"That kind of proactive detection engine recognizes unusual group messaging patterns or requests that slip through basic checks," he says. "A thorough inspection of user interaction metadata will catch even this sneaky approach."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Unconventional Cyberattacks Aim to Take Over PayPal Accounts

Fortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim.

****SUMMARY****

*   **Phishing Scam Targets PayPal**: Scammers exploit PayPal’s system to link victim accounts to unauthorized addresses.

*   **Legitimate-Looking Emails**: The scam uses real-looking emails and valid PayPal login pages to deceive users.

*   **Microsoft365 Exploit**: Attackers use MS365 domains to send PayPal money requests, bypassing phishing filters.

*   **Account Takeover**: Victims unknowingly link their PayPal accounts to the scammer, risking financial loss.

*   **Stay Safe**: Avoid unsolicited emails, verify URLs, and enable 2FA to protect your PayPal account.

Fortinet’s FortiGuard Labs has identified a sophisticated PayPal phishing scam targeting unsuspecting users by exploiting a loophole in the platform’s system. According to Fortinet’s CISO (Chief Information Security Officer) Carl Windsor, the scam leverages legitimate PayPal functionality to trick users into linking their accounts to unauthorized addresses, potentially granting attackers control over their finances.

The attack utilizes a seemingly legitimate email, often with a valid sender address and a genuine-looking URL. However, the true danger lies within the email’s content. It directs recipients to a legitimate PayPal login page, prompting them to log in to investigate a supposed payment request.

Screenshot of the actual phishing email (Via Fortinet’s FortiGuard Labs)

Further probing revealed that the scammer registered an MS365 test domain and created a Distribution List containing victim emails (Billingdepartments1gkjyryfjy876.onmicrosoft.com), then sent a legitimate PayPal money request to all recipients. 

They added the list to the PayPal web portal and distributed it to targeted victims. The Microsoft365 SRS rewrite scheme rewrites the sender to pass the SPF/DKIM/DMARC check. It is worth noting that Microsoft365 SRS (Sender Rewriting Scheme) is a feature in Microsoft 365 that rewrites the sender address of an email message.

Once the victim logs in, the scammer’s account is linked to the victim’s account, allowing them to take control of the victim’s PayPal account, a trick that bypasses PayPal’s phishing check instructions.

“The beauty of this attack is that it doesn’t use traditional phishing methods. The email, the URLs, and everything else are perfectly valid. Instead, the best solution is the Human Firewall—someone who has been trained to be aware and cautious of any unsolicited email, regardless of how genuine it may look,” Windsor wrote in a blog post.

This new phishing scam highlights the importance of cybersecurity awareness. Users must be cautious of unsolicited emails, avoid clicking on links or attachments from unknown senders, hover over links to verify URLs, and never enter login credentials on websites unless certain of the authenticity. Enabling two-factor authentication (2FA) on PayPal accounts can further enhance security.

1.  **PayPal Notifies 35,000 Users of Data Breach**
2.  **PayPal Users hit with “Suspicious Activity” Phishing Scam**
3.  **Microsoft, PayPal, Facebook most targeted brands in phishing**
4.  **World Bank SSL Certificate Hacked to Host PayPal Phishing Scam**
5.  **DocuSign API Abused to Evade Spam Filters with Phishing Invoices**

New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112). The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare, and an exploit PoC. The exploit causes a forced reboot of Windows servers. One prerequisite: the […]

**About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112).** The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as **LDAPNightmare**, and an exploit PoC.

The exploit causes a forced reboot of Windows servers. One prerequisite: the victim domain controller’s DNS server must have Internet connectivity.

The attack flow starts with sending a DCE/RPC request to the victim server, causing the LSASS (Local Security Authority Subsystem Service) to crash and force a reboot when an attacker sends a specially crafted CLDAP (Connectionless Lightweight Directory Access Protocol) referral response packet.

But this is all about DoS, why RCE? 🤔 Researchers note that RCE can be achieved by modifying the CLDAP packet.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

Source: blickwinkel via Alamy Stock Photo

NEWS BRIEF

1Password on Monday announced that it has acquired software-as-a-service (SaaS) access management provider Trelica. Although terms of the transaction were not disclosed, 1Password said it is the largest acquisition by company revenue in its 18-year history.

1Password provides password management and other online identity-based services. This acquisition will build on 1Password's effort to expand its Extended Access Management offering, a platform that secures, identities, and manages access and permissions applications and devices, the company said. Launched last year, the platform is designed to ensure that employee devices, identities, and apps are trusted before granting access to enterprise resources.

Founded in 2018, UK-based Trelica offers a suite of tools for managing and securing SaaS applications, such as tools for employee onboarding and offboarding, discovering shadow IT deployments, SaaS operations, spend optimization, and access management. With shadow IT and SaaS sprawl increasing the risk of security breaches, security teams rely on automated application discovery tools to identify unmanaged apps, streamline user provisioning and access governance, and enforce security policies.

"Trelica addresses critical challenges that haven't been solved by traditional solutions like single sign-on (SSO), mobile device management (MDM) and SaaS security posture management (SSPM)," wrote 1Password CEO Jeff Shiner in a blog post announcing the deal. "These include provisioning and de-provisioning users, reclaiming unused licenses, monitoring permission drift, and adjusting access during role changes. Trelica prioritizes IT administrators' most time-consuming tasks while maintaining a secure environment."

With Shadow IT discovery capabilities from Trelica, the 1Password Extended Access Management platform will provide organizations with a repeatable framework for bringing unmanaged apps into full compliance under IT and security management, while empowering employees to use the tools that enhance their productivity, 1Password said in a statement.

Besides 1Password, Trelica lists over 300 SaaS integrations with SaaS providers, including Adobe, Atlassian, Cisco, Google, HubSpot, JFrog, LastPass, ManageEngine, Marketo, Microsoft, Okta, Pax8, Salesforce, SAP, ServiceNow, Snyk, Sophos, TeamViewer, Workday, Workspace One, and Zoom.

**About the Author**

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

1Password Acquires SaaS Access Management Provider Trelica

Philadelphia, Pennsylvania, 7th January 2025, CyberNewsWire

**Philadelphia, Pennsylvania, January 7th, 2025, CyberNewsWire**

Security Risk Advisors today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft Security technology to better defend mutual customers against a world of increasing cyber threats.

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. With a commitment to maintaining the highest ethical standards, SRA offers a range of services including security testing, security program development, 24×7 monitoring and response. Joining MISA represents a significant milestone, demonstrates the company’s ability to deliver impactful security solutions while increasing adoption of their SCALR XDR offering and helping clients maximize their investment in Microsoft Security technologies.

Security Risk Advisors’ SCALR™ XDR is both a platform, built on Microsoft Azure and a 24×7 monitoring service with Microsoft Sentinel. SCALR™ uses a security data lake architecture to minimize SIEM costs, maximizing the user’s ability to store security events, and accelerate search and hunting capabilities. The SCALR™ XDR service is enhanced by SRA’s distinctive Purple Teams & Threat Resilience Benchmarks powered by VECTR™.

> “We are honored that Microsoft has recognized SRA’s expertise and proven track record by welcoming us into the Microsoft Intelligent Security Association (MISA). This achievement further energizes our commitment to empowering clients to adopt and optimize Microsoft Security technologies, enhancing their threat management programs and overall security posture.”

– Tim Wainwright, CEO, Security Risk Advisors

> “I am pleased to have Security Risk Advisors join us as a member of the Microsoft Intelligent Security Association (MISA). By including our strategic Managed Security Services Providers (MSSPs) in MISA, we help enable further collaboration between cybersecurity industry leaders in protecting and supporting our joint customers.”

– Parri Munsell, Senior Director, Security Partner Marketing

Established in 2018 to bring together Microsoft leaders, ISVs, and MSSPs, MISA focuses on collaborating to combat security threats and create a safer environment for all. Its mission is to provide intelligent, industry-leading security solutions that work together to help protect organizations at the speed and scale of AI in an ever-increasing threat landscape.

Partners who are interested in learning more can visit the MISA Website: Microsoft Intelligent Security Association.

**About Security Risk Advisors:**

Security Risk Advisors offers Purple and Red Teams, Cloud Security, Penetration Testing, OT Security and 24x7x365 Cybersecurity Operations. Based in Philadelphia, SRA operates across the USA, Ireland and Australia. To learn more: https://sra.io.

**Contact**

**Marketing Lead**  
**Kim Sandberg**  
**Security Risk Advisors**  
**\[email protected\]**

Security Risk Advisors joins the Microsoft Intelligent Security Association

The Wall Street Journal reports that Charter, Consolidated, and Windstream have been added to the growing list of…

The Wall Street Journal reports that Charter, Consolidated, and Windstream have been added to the growing list of US telecom companies breached by Chinese state-sponsored hackers in the Salt Typhoon campaign.

The list of telecommunications companies compromised in the **Salt Typhoon cyberattack** continues to grow, with recent reports naming Charter Communications, Consolidated Communications, and Windstream as the latest victims of Chinese government espionage. 

This follows previous confirmations from **AT&T, Verizon, T-Mobile**, and Lumen Technologies, as earlier reported by Hackread.com, that their networks had been breached. According to Anne Neuberger, White House deputy national security adviser for cyber and emerging technologies, Chinese hackers have targeted nine US telecoms, with the latest three remaining unclear.

The Wall Street Journal **reported** that Chinese spies exploited vulnerabilities in network devices from Fortinet and Cisco to gain unauthorized access to these telecom networks. In some cases, attackers gained control of high-level network management accounts lacking multi-factor authentication, granting them access to several routers. This access allowed them to potentially monitor network traffic and cover their tracks.

This incident has prompted several government-level security developments. The US Department of Treasury **recently sanctioned** a Chinese cybersecurity company for its role in another cyberattack, and the US government is taking steps to strengthen the security of American telecom infrastructure.

These measures include increased scrutiny by the FCC, legislative efforts to enhance security, and recommendations for individuals and organizations to improve their cybersecurity practices.

Moreover, given the ongoing wave of Salt Typhoon’s breaches, the US Cybersecurity and Infrastructure Security Agency (CISA) is advising government officials to switch to end-to-end encrypted messaging apps like Signal. 

The latest revelation highlights the growing threat of Chinese cyberattacks on US infrastructure, with the Salt Typhoon campaign indicating a shift from traditional espionage to more disruptive activities. Experts urge organizations in international business or critical infrastructure to enhance their cybersecurity defences.

**Chris Hauk**, Consumer Privacy Champion at Pixel Privacy commented on the latest development stating, _“_Possible targets of these Chinese attackers need to immediately follow the steps outlined by the FBI and NSA to help harden their systems against attack. Actually, any organization would be advised to follow the steps._“_

_“_Patching and upgrading apps and devices, limiting the types of connections and privileged accounts, and only using strong encryption, are just some of the steps organizations can take to harden their systems against attack_,”_ Chris added.

1.  **FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet**
2.  **CISA – FBI: Chinese Hackers Compromised US Telecom Networks**
3.  **US Charges 5 Suspected MGM Hackers from Scattered Spider Gang**
4.  **Microsoft: Chinese Flax Typhoon uses legit tools for cyber espionage**
5.  **Chinese Hackers Breach US Firm, Maintain Network Access for Months**

Tag

#microsoft