Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack
Threat actors created and abused OAuth apps to access Microsoft’s corporate email environment and remain there for weeks.
darkreading – Read More
Series of Cyberattacks Hit Ukrainian Critical Infrastructure Organizations
It’s unclear if the attacks — which hit oil and gas, postal service, transport safety, and railway organizations in the nation — were related.
darkreading – Read More
iPhone Apps Abuse iOS Push Notifications to Collect User Data
Many apps abuse the background processing feature to transmit device data to their servers, potentially enabling fingerprinting and persistent tracking, which is strictly prohibited in iOS.
Cyware News – Latest Cyber News – Read More
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Firms
The threat actor, known as APT29 or BlueBravo, uses diverse methods including compromised accounts, OAuth applications, and password spraying to gain and maintain access, making traditional indicators of compromise-based detection ineffective.
Cyware News – Latest Cyber News – Read More
Update: Hackers Stole Raw Genotype Data, Health Reports in 23andMe Data Breach
The stolen data includes raw genotype data, health reports, and information from DNA Relatives and Family Tree profiles, potentially exposing personal and ancestral information of affected customers.
Cyware News – Latest Cyber News – Read More
ICS Ransomware Danger Rages Despite Fewer Attacks
Refined tactics, increased collaboration between groups, and continued success exploiting zero-days is helping ICS ransomware attackers inflict more damage, researchers find.
darkreading – Read More
Pegasus Spyware Targets Togolese Journalists’ Mobile Devices
An investigation into 2021 intrusions uncovered multiple infections on the phones of journalists in the African country.
darkreading – Read More
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs’ Evolving Role
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps.
darkreading – Read More
Redefining Cybersecurity for a Comprehensive Security Posture
The integration of different disciplines of cybersecurity and fraud management is a necessary evolution in the face of increasingly sophisticated digital threats.
darkreading – Read More
In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting
Noteworthy stories that might have slipped under the radar: guidance on secure use of AI, HHS grant money stolen by hackers, CISA director target of swatting.
The post In Other News: Secure Use of AI, HHS Hacking, CISA Director Swatting appeared first on SecurityWeek.
SecurityWeek – Read More