Microsoft grants phishers ‘Verified’ Cloud Partner status
On Tuesday, researchers say that threat actors used “unprecedented sophistication” to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). Beginning December 6, threat actors began spreading verified malicious OAuth apps to infiltrate the cloud environments of organizations in the UK and Ireland. OAuth is a token-based framework that enables user data sharing between third-party applications, without the need to divulge their login credentials. Victims of the scam were potentially exposed to account takeover, data exfiltration, and business email compromise (BEC). In response to the scam, Microsoft disabled the malicious apps and associated publisher accounts and made improvements to its MCPP vetting process.
DocuSign brand impersonation attack targets thousands of users
Researchers have spotted a brand impersonation attack targeting over 10,000 users by mimicking a common DocuSign workflow action. The emails have shown the ability to bypass both Microsoft Office 365 and Proofpoint email protection solutions. While the email sender name closely resembles legit DocuSign communications, the email address and domain show no association to the company which can be hard to spot for those using mobile devices. Upon clicking malicious links within the phishing email, victims are redirected to a fake landing page which exfiltrates their Proofpoint user credentials.
Google Fi says hackers accessed customer information
Google said Monday that the primary network provider for Google Fi has informed the company of suspicious activity on a third-party support system containing Google Fi customer data. The timing of the notice, coupled with the fact that Google Fi’s service leverages both T-Mobile and U.S. Cellular networks, suggests the breach is linked to the most recent T-Mobile hack, which was disclosed on January 19. Google says the hackers accessed limited Google Fi customer information, including phone numbers, account status, SIM card serial numbers and mobile service plan info.
Microsoft Defender can now isolate compromised Linux endpoints
Microsoft announced Tuesday that Microsoft Defender for Endpoint (MDE) now allows isolation of onboarded Linux devices. The feature, now available in public preview, allows admins to manually isolate Linux machines using the Microsoft 365 Defender portal or via API requests. Once isolated, threat actors will no longer have a connection to the breached system blocking further malicious activity. Once the threat is mitigated,Isolated devices can be easily reconnected to the network using the “Release from isolation” button. Admins can deploy and configure MDE on Linux devices manually or with the help of Puppet, Ansible, and Chef configuration management tools.
And now a word from our sponsor, Hunters
Madison Square Garden’s facial recognition system targeted by legislators
It was revealed late last year that MSG Entertainment, who owns Madison Square Garden among other New York entertainment venues, was using facial recognition tech to ban its adversaries. MSG effectively banned all lawyers working for firms currently engaged in litigation against the company. Owner James Dolan stated the bans were meant to prevent litigants from performing ad hoc discovery by snooping around its arenas. One such ban resulted in a woman being unable to attend a Rockettes performance with her daughter and her Girl Scout troop. On Tuesday, AG Letitia James’ office sent a letter to MSG Entertainment expressing that its practices are, “plagued with biases and false positives.” Additionally, city legislators are prepping an amendment that would force MSG to dispense with its bans.
GitHub confirms signing certificates stolen in cyber-attack
GitHub confirmed on Monday that threat actors stole three digital certificates used for its Desktop and Atom applications during a cyber-attack in December 2022. The company said they plan to revoke the exposed certificates which will invalidate some versions of GitHub Desktop for Mac between 3.0.2 and 3.1.2 and Atom text editor, versions 1.63.0 and 1.63.1 as of February 2. GitHub clarified that the stolen certs were password-protected and that they found no indication of malicious use.
Aura and Cyversity partner to support a more inclusive cyber workforce
On Tuesday, Aura, the leader in intelligent safety for consumers, announced a partnership with nonprofit Cyversity, in an effort to increase opportunity for underrepresented talent in the cybersecurity workforce. Aura’s sponsorship will include a contribution to Cyversity’s scholarship fund, cyber education for Cyversity members, and mentorship from Aura’s Chief Information Security Officer (CISO). The Cyversity partnership builds upon Aura’s existing DEI initiatives, including existing collaborations with Code2College and Howard University.
Welsh McDonald’s uses classical music to deter anti-social behavior
A McDonald’s restaurant in Wales has taken unusual measures following incidents involving groups of youngsters at several locations which led to police intervention. The McDonald’s branch has started playing classical music and turning off wi-fi in the evening hours in a bid to deter anti-social behavior. McDonald’s said it was committed to being a good neighbor in the area.