News & Updates
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
Samsung Galaxy Store Bug Could've Let Hackers Secretly Install Apps on Targeted Devices
A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links.
The sign-in menu is the latest frontier for Microsoft ads in Windows 11
Microsoft is always adding new stuff to Windows 11, but some of those changes are more positive than others. Case in point: Twitter user Albacore has spotted new prompts in Windows 11 nudging users toward using Microsoft Accounts and backing up their files with Microsoft OneDrive. These have been tucked into the operating system's sign-in menu, using an orange "pay attention to me" indicator dot like the one used on the power button to signal that Windows Updates are ready to install.
Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.
Cross-tenant User Data Migration is Now Generally Available
Historically, admins that needed to move mailboxes between Microsoft 365 tenants were required to export or offboard the mailbox to on-premises and then import or onboard the mailbox to a new tenant. Today, we’re thrilled to announce that cross-tenant user data migration is now generally available. Specifically, the cross-tenant mailbox migration and cross-tenant OneDrive migration features previously in Preview are now generally available in our WW environment.
Hackers hit cybersecurity conference
The Australian Institute of Company Directors (AIDC) had some solid names lending support to the launch of the institute’s new set of “cybersecurity governance principles” – a very hot topic in the wake of the Optus and Medibank Private hacks.
Announcing general availability of FSLogix profiles for Azure AD-joined VMs in Azure Virtual Desktop
Microsoft announced the general availability of using FSLogix profiles with Azure Active Directory (AD)-joined VMs for hybrid users in Azure Virtual Desktop. By leveraging Azure AD Kerberos with Azure Files, you can seamlessly access file shares from Azure AD-joined VMs and use them to store your FSLogix profile containers.
Hackers Stole Source Code, Personal Data From Dropbox Following Phishing Attack
Dropbox revealed on November 1 that it recently suffered a data breach where malicious actors gained access to some source code and personal information belonging to employees and customers.