An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.
Read more…
Source: Symantec
Related:
- Microsoft is busy rewriting core Windows code in memory-safe Rust
April 27, 2023
Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers. David “dwizzle” Weston, director of OS security for Windows, announced the arrival of Rust in the operating system’s kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. Read more… Source: The Register
- How fiends abuse an out-of-date Microsoft Windows driver to infect victims
April 24, 2023
Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems. This detection evasion utility, which Sophos X-Ops researchers are calling AuKill, is the latest example in a growing trend where miscreants either abuse a legitimate driver to disable, silence or otherwise ...
- Medusa ransomware crew brags about spreading Bing, Cortana source code
April 20, 2023
The Medusa ransomware gang has put online what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code. “This leak is of more interest to programmers, since it contains the source codes of the following Bing products, Bing Maps and Cortana,” the crew wrote on its website, which was screenshotted ...
- Microsoft SQL servers hacked to deploy Trigona ransomware
April 19, 2023
Attackers are hacking into poorly secured and Interned-exposed Microsoft SQL (MS-SQL) servers to deploy Trigona ransomware payloads and encrypt all files. The MS-SQL servers are being breached via brute-force or dictionary attacks that take advantage of easy-to-guess account credentials. Read more… Source: Bleeping Computer
- Microsoft, Fortra are this fed up with cyber-gangs abusing Cobalt Strike
April 10, 2023
Microsoft and Fortra are taking legal and technical actions to thwart cyber-criminals from using the latter company’s Cobalt Strike software to distribute malware. Microsoft’s Digital Crimes Unit (DUC), Fortra, and Health Information Sharing and Analysis Center (Health-ISAC) filed a 223-page complaint against multiple groups known to have used older and altered versions of Cobalt Strike in ...
- CVE-2023-23397 – Microsoft Outlook Privilege Escalation
March 31, 2023
On March 14, 2023, Microsoft released a patch for CVE-2023-23397. CVE-2023-23397 is a vulnerability in the Windows Microsoft Outlook client that can be exploited by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. No user interaction is required to trigger the exploit. Exploitation of the vulnerability will leak ...