AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/20/2024

Don’t fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials and then hijack the victims’ Microsoft Azure cloud infrastructure. After taking over victims’ accounts, the miscreants signed into new devices using stolen creds so they could maintain access to the cloud environment – and sensitive data therein. Palo Alto Networks’ Unit 42 researchers spotted the campaign, which peaked in June and remained active as of September.

 

Microsoft 365 users hit by random product deactivation errors

​Microsoft is investigating a known issue triggering “Product Deactivated” errors for customers using Microsoft 365 Office apps. According to online user reports on Reddit and Microsoft’s own community website, affected users randomly received these “Product Deactivated” errors in Office apps, prompting confusion and disruptions. As Redmond explained in a support document published on Thursday, these problems stem from licensing changes initiated by administrators.

 

Ukraine’s Security Service Probes GRU-Linked Cyber-Attack on State Registers

Ukraine’s state registers, operated by the Ministry of Justice, have suffered their largest cyber-attack, with the Security Service of Ukraine (SSU) opening a criminal investigation into the incident, which it has attributed to Russia. The SSU has established that a hacker group affiliated with the main intelligence directorate of the general staff of the Russian armed forces (GRU) was involved in the cyber-attack. Meanwhile, Olga Stefanishyna, Deputy Prime Minister for European and Euro-Atlantic Integration of Ukraine and Minister of Justice, also called out Russia as the perpetrator of the attack in a post on Facebook on December 19.

 

Did you know Apple issues spyware threat alerts to high-risk users?

Apple has been sending silent threat notifications to users to let them know their phones may be under suspected mercenary spyware attack. This has proved to be a crucial step in helping at-risk individuals protect themselves from advanced cyber threats. These alerts target a very small number of users who are regularly in the crosshairs of state-sponsored spyware, such as Pegasus from the NSO Group, like journalists, human rights defenders, politicians, and other high-profile individuals.

 

CISA: Use Signal or other secure communications app

In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, CISA is advising “highly targeted individuals” – senior government officials and politicians – to lock down and protect their smartphones as much as possible and to use “Signal or a similar app” for secure communications.

 

Krispy Kreme breach, data theft claimed by Play ransomware gang

​The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. Krispy Kreme disclosed the incident and subsequent disruptions to its online ordering system in an SEC filing submitted on December 11. The company detected unauthorized activity on some of its information technology systems on November 29. After the attack, Krispy Kreme also took measures to contain and remediate the breach and hired external cybersecurity experts to investigate the attack’s impact and scope.

 

 

Related Posts