What is Microsoft Security Warning Scam?

Fake Microsoft tech support pages and phishing landings are hosted on Microsoft services

Fraudsteds massively employ Microsoft Azure hosting to start Microsoft Security scam pages. They range from a scary warning that blocks your browser window to a phishing pages, indistinguishable from real. Let’s see the most typical types of these scams and their features. What is Windows Defender Security Warning? Fake Windows Defender Security Warning (Microsoft Security… Continue reading What is Microsoft Security Warning Scam?

Octo Tempest Threat Actor – The Most Dangerous Cybercrime Gang?

Octo Tempest stands as one of the most perilous financial hacking groups in the cybersecurity landscape, posing significant threats to organizations worldwide.

Octo Tempest, a financially-motivated hacking group, has been labeled “one of the most dangerous financial criminal groups” by Microsoft. Known as UNC3944 and 0ktapus, the group has gained attention for bold cyber attacks. What is Octo Tempest Cybercrime Gang? Octo Tempest’s journey into the world of cybercrime is an intriguing one. Only a few months… Continue reading Octo Tempest Threat Actor – The Most Dangerous Cybercrime Gang?

Fake Amazon and Microsoft Tech Support call centers busted

India has declared war on fake tech support services, extorting money from users worldwide.

Amazon and Microsoft are partnering with CBI to crack down on multiple tech support call centers scams across India. These call centers target customers of Amazon and Microsoft, two of the largest companies in the tech industry, and have defrauded more than 2,000 Amazon and Microsoft customers, mainly in the US. Fake Amazon and Microsoft… Continue reading Fake Amazon and Microsoft Tech Support call centers busted

Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site

A new phishing campaign targeting cryptocurrency users

With the ever-increasing number of cyber threats, hackers and cybersecurity specialists are taking the initiative. This time, cybercriminals went ahead of the curve. They created a phishing website to coincide with the news that Microsoft was developing a crypto wallet exclusively for its Edge browser. Such a scheme is used to spread Luca Stealer. Microsoft… Continue reading Luca Stealer Spreads Via a Phishing Microsoft Crypto Wallet Site

Microsoft “nOAuth” is Vulnerable to Simple Email Spoofing

Vulnerability in nOAuth Azure Active Directory that allows adversaries to use the "Log In with Microsoft" feature.

In June, researchers revealed a vulnerability in Azure Active Directory and third-party apps called “nOAuth,” that could result in a complete account takeover. This is just one of the many vulnerabilities in Microsoft software and systems like Active Directory that can be exploited, putting organizations at risk. Although Microsoft has responded to the vulnerability, developers… Continue reading Microsoft “nOAuth” is Vulnerable to Simple Email Spoofing

Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild

Microsoft found a remote code execution vulnerability CVE-2023-36884

On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted attack that exploits a vulnerability using specifically designed Microsoft Office documents. The attacker can gain control of a victim’s computer by creating a malicious Office… Continue reading Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild

Researchers Found BlackLotus UEFI Bootkit Sources on GitHub

The source code for the BlackLotus UEFI bootkit, which was previously sold on the dark web for $5,000, has been discovered by Binarly analysts on GitHub. The researchers say the leaked sources are not entirely complete and contain mostly a rootkit and a bootkit to bypass Secure Boot. What is BlackLotus bootkit? BlackLotus was first… Continue reading Researchers Found BlackLotus UEFI Bootkit Sources on GitHub

Microsoft Researchers Link Clop Gang to MOVEit Transfer Attack

Microsoft has linked the Clop ransomware gang to a recent attack that uses a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. The company’s Threat Intel team names Lace Tempest cybercrime gang as a key suspect in these attacks. Who are Lace Tempest hackers? Microsoft is attributing attacks that exploit the… Continue reading Microsoft Researchers Link Clop Gang to MOVEit Transfer Attack

FIN7 Hack Group Resumed Activity, Linked to Clop Ransomware

Microsoft analysts report that last month the notorious hacker group FIN7 (also known as Carbanak, Navigator and others) resumed its activity. The researchers were able to link FIN7 to attacks whose ultimate goal was to deploy the Clop ransomware on victims’ networks. FIN7 Cybercrime Group Goes On Let me remind you that we also wrote… Continue reading FIN7 Hack Group Resumed Activity, Linked to Clop Ransomware

Visual Studio Code Malicious Plugins Steal Personal Data

Detected items scored almost 50k downloads in total

Some plugins for Visual Studio Code, a popular code editing tool developed by Microsoft, appear to have malicious code. In particular, a one with over 45,000 downloads is capable stealing personal data. Community alarm forced the quick removal of these pests, but it can be the first sprout of something bigger. What is VS Code… Continue reading Visual Studio Code Malicious Plugins Steal Personal Data