Author Info

Oasis Security has unveiled a vulnerability in Microsoft's multi-factor authentication (MFA) system, allowing circumvention by malicious actors. This exploit, termed AuthQuake, was initially reported to Microsoft in late June, leading the company to issue a temporary workaround, followed by a comprehensive patch released in October. Critical Exposure The

In a strategic cyber espionage campaign, the Russian-affiliated group known as Secret Blizzard, also referred to as Turla, has been implicated in leveraging malware from various sources to deploy the Kazuar backdoor on targets within Ukraine. This revelation comes from Microsoft’s threat intelligence team, which observed these activities occurring

A newly discovered Android spyware, identified as 'EagleMsgSpy,' is reportedly being utilized by law enforcement agencies in China to conduct surveillance on mobile devices, according to cybersecurity firm Lookout. Origins and Evidence EagleMsgSpy, developed by Wuhan Chinasoft Token Information Technology Co., Ltd., has been in existence since at

A critical vulnerability in Microsoft Azure's multifactor authentication (MFA) was recently exposed by researchers at Oasis Security, allowing unauthorized access to user accounts in under an hour. This flaw put over 400 million Microsoft 365 seats at risk, as it permitted access to email, OneDrive, Teams, and more

Charles O Parks III, known online as "CP3O," has pleaded guilty to orchestrating a cryptomining fraud using stolen cloud computing resources valued at more than $3.5 million. The 45-year-old faces up to 20 years in prison for wire fraud. Operation Timeframe: Parks conducted his scheme over eight

Microsoft Bolsters Security with December 2024 Patch Tuesday Fixes In its December 2024 Patch Tuesday release, Microsoft has addressed 71 security vulnerabilities across a range of products, including Windows, Office, SharePoint Server, and more. This patch includes a critical fix for an actively exploited zero-day vulnerability. Total Addressed: 71 vulnerabilities

Artivion, a prominent manufacturer of heart surgery devices, announced a ransomware attack on November 21, which disrupted some of its operations and led to the deactivation of certain systems. Company Overview Based in Atlanta, Georgia, Artivion employs over 1,250 individuals globally, with sales operations spanning more than 100 countries.

Electrica Group, a major entity in Romania's electricity distribution sector, is currently grappling with a ransomware attack. The incident, which remains active, could impact the company's extensive customer base spanning across Transilvania and Muntenia. Company Overview Electrica, founded as part of the National Electricity Company in

A New Threat to Browser Isolation Security Recent research exposes a method for compromising browser isolation using QR codes, potentially facilitating malicious communication with infected devices. Research Team Experts at Mandiant have unveiled a technique that subverts browser isolation—whether remote, on-premises, or local—by using QR codes to transmit