Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in the FetchXML
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-02 14:07:022025-01-02 14:07:02Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-02 11:08:572025-01-02 11:08:57Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
Chinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports. According to The Washington Post, the state-sponsored hackers targeted the Office of Foreign Assets Control (OFAC), a government department that imposes economic and trade sanctions against countries and individuals, to potentially access information on Chinese organizations that […]
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-02 10:09:402025-01-02 10:09:40Chinese government hackers reportedly targeted US Treasury’s sanctions office during December cyberattack
German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-02 09:07:142025-01-02 09:07:14Three Russian-German Nationals Charged with Espionage for Russian Secret Service
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-02 09:07:132025-01-02 09:07:13Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
Threat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
“Instead of relying on a single click, it takes advantage of a double-click sequence,” Yibelo said.
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election.
The federal agency said the entities – a subordinate organization of Iran’s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia’s Main Intelligence
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-01 12:07:092025-01-01 12:07:09Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics
Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there’s no time like the present to do some digital decluttering.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2025-01-01 11:07:252025-01-01 11:07:25Hey, Maybe It’s Time to Delete Some Old Chat Histories
Researchers at FortiGuard Labs have identified a prolific attacker group known as “EC2 Grouper” who frequently exploits compromised credentials using AWS tools.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
/in General NewsDetails have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in the FetchXML
The Hacker News – Read More
Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them
/in General NewsIn the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
The Hacker News – Read More
Chinese government hackers reportedly targeted US Treasury’s sanctions office during December cyberattack
/in General NewsChinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports. According to The Washington Post, the state-sponsored hackers targeted the Office of Foreign Assets Control (OFAC), a government department that imposes economic and trade sanctions against countries and individuals, to potentially access information on Chinese organizations that […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Three Russian-German Nationals Charged with Espionage for Russian Secret Service
/in General NewsGerman prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia.
The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security.
The Hacker News – Read More
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
/in General NewsCybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems.
The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user
The Hacker News – Read More
What Is Patch Tuesday? Microsoft’s Monthly Update Explained
/in General NewsPatch Tuesday is Microsoft’s monthly update day for fixing vulnerabilities. Learn its purpose, benefits, and how it enhances system security.
Security | TechRepublic – Read More
New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites
/in General NewsThreat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites.
The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo.
“Instead of relying on a single click, it takes advantage of a double-click sequence,” Yibelo said.
The Hacker News – Read More
Iranian and Russian Entities Sanctioned for Election Interference Using AI and Cyber Tactics
/in General NewsThe U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday leveled sanctions against two entities in Iran and Russia for their attempts to interfere with the November 2024 presidential election.
The federal agency said the entities – a subordinate organization of Iran’s Islamic Revolutionary Guard Corps and a Moscow-based affiliate of Russia’s Main Intelligence
The Hacker News – Read More
Hey, Maybe It’s Time to Delete Some Old Chat Histories
/in General NewsYour messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there’s no time like the present to do some digital decluttering.
Security Latest – Read More
FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits
/in General NewsResearchers at FortiGuard Labs have identified a prolific attacker group known as “EC2 Grouper” who frequently exploits compromised credentials using AWS tools.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More