An increasing number of threats have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes.
Read more…
Source: Symantec
Related:
- Microsoft’s Private Windows 10 Internal Builds and Partial Source Code Leaked Online
June 23, 2017
A massive archive of Microsoft’s top-secret Windows 10 builds, and the source codes for private software has been reportedly leaked online, which could lead to a nasty wave of Windows 10 exploits, journalist at the Reg claims. The Leaked files – uploaded on BetaArchive website – contains more than 32 terabytes of data, which includes many ...
- Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly
June 22, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets “closed networks by air gap jumping using thumb drives,” mainly implemented in enterprises and critical infrastructures. Air-gapped computers that are isolated from the Internet or ...
- Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3)
June 20, 2017
The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The SMBv1 is one of the internet’s most ancient networking protocols that allows the operating systems and applications to ...
- Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month
June 14, 2017
As part of June’s Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month’s patch release also includes emergency patches for unsupported versions of Windows platform the company no longer officially supports to fix three Windows ...
- Microsoft To Buy Cybersecurity Firm Hexadite
June 9, 2017
Microsoft Corp. Thursday said it has signed an agreement to acquire U.S.- Israeli Cybersecurity startup Hexadite, which will add new tools and services to Microsoft’s enterprise security offerings. The financial terms were not disclosed, while the price reportedly would be around $100 million. Hexadite, headquartered in Boston with its research and development center in Israel, provides ...
- Microsoft reportedly buys Israeli cybersecurity firm Hexadite
May 24, 2017
U.S. computing giant Microsoft is said to have acquired Israeli cybersecurity startup Hexadite for $100 million, the Hebrew language website Calcalist reported on Wednesday. The deal, if confirmed, would be the latest in a string of Microsoft acquisitions of Israeli software companies, many in the field of cybersecurity. Hexadite founded in Tel Aviv in 2014 and now ...