ATTACKERS TARGET MICROSOFT ACCOUNTS TO WEAPONIZE OAUTH APPS BY ELIZABETH MONTALBANO
Microsoft Threat Intelligence has uncovered a series of attacks targeting Microsoft services that compromise user accounts to create and exploit OAuth applications. Threat actors misuse OAuth applications with high privilege permissions to deploy virtual machines for cryptocurrency mining, establish persistence following business email compromise (BEC), and launch spamming activities. The attacks involve compromised accounts without multifactor authentication (MFA), leveraging tactics such as credential stuffing, phishing, and reverse proxy phishing. Microsoft recommends securing identity infrastructure, enabling MFA, implementing conditional access policies, enabling security defaults, and auditing apps and consented permissions to reduce the risk of OAuth-based attacks.
OPEN ACCESS TO AI FOUNDATIONAL MODELS POSES VARIOUS SECURITY AND COMPLIANCE RISKS, REPORT FINDS BY CAROLINE NIHILL
The Institute for Security and Technology (IST) has released a report highlighting the risks associated with varying accessibility levels of artificial intelligence (AI) foundational models. The report identifies risks such as malicious use by bad actors and compliance failures, particularly in fully open models where users can alter models beyond jurisdiction enforcement. While acknowledging the opportunities that arise from accessible AI models, the report emphasizes the importance of incorporating secure and safe design principles into emerging technologies to ensure a broadly secure and sustainable digital ecosystem. The report categorizes foundational models based on their accessibility levels and outlines associated risks, advocating for measures like gating to enhance traceability and accountability.
THE GROWING ABUSE OF QR CODES IN MALWARE AND PAYMENT SCAMS PROMPTS FTC WARNING BY DAN GOODIN
The US Federal Trade Commission (FTC) has issued a warning about the increasing use of QR codes in scams, cautioning against attempts to gain control of smartphones, make fraudulent charges, or acquire personal information. QR codes, commonly used in various contexts, are being exploited by scammers who paste fake codes over legitimate ones, leading victims to fraudulent sites. Malicious emails with embedded QR codes are also used to trick individuals into visiting malicious sites. The FTC advises users to verify the legitimacy of QR codes, scrutinize codes on menus and parking lots, be wary of email-embedded QR codes, and avoid unnecessary QR code scanner apps.
MICROSOFT DISRUPTS CYBERCRIME OPERATION SELLING FRAUDULENT ACCOUNTS TO NOTORIOUS HACKING GANG BY CARLY PAGE
Microsoft has successfully dismantled the infrastructure of a cybercrime group tracked as "Storm-1152," a major player in the cybercrime-as-a-service (CaaS) ecosystem. The group was involved in creating and selling approximately 750 million fraudulent Microsoft accounts through its "hotmailbox.me" service, earning millions of dollars in illicit revenue. Microsoft identified several ransomware and extortion groups, including Scattered Spider, utilizing Storm-1152's services. The company obtained a court order to seize Storm-1152's U.S.-based infrastructure and domains, disrupt services, and target social media accounts promoting these services. Microsoft also identified the individuals behind Storm-1152's operations, located in Vietnam. The takedown aims to deter criminal behavior and protect online users.
BAZARCALL ATTACKS ABUSE GOOGLE FORMS TO LEGITIMIZE PHISHING EMAILS BY BILL TOULAS
A new variant of BazarCall attacks has emerged, utilizing Google Forms to generate and send payment receipts to victims, increasing the phishing attempt's apparent legitimacy. BazarCall, a phishing attack first identified in 2021, typically involves emails resembling payment notifications or subscription confirmations. The emails instruct recipients to contact an alleged customer service agent to dispute charges or cancel a subscription, leading to interactions with cybercriminals posing as support personnel. The latest variant abuses Google Forms to create a fake transaction receipt, leveraging the legitimate service to avoid detection by email security tools. The attack's later stages often involve deploying BazarLoader malware for further exploitation.
