Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

The Hacker News Daily Updates
Newsletter
cover

The 3 Approaches to Breach & Attack Simulation Technologies

Demand for the latest and most comprehensive testing solutions continues to grow to counter the ever-increasing wave of cybercrime. Find out what methods organizations are using to meet this demand.

Download Now Sponsored
LATEST NEWS Feb 1, 2023

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," ...

Read More
Twitter Facebook LinkedIn

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

The Brazilian threat actors behind an advanced and modular point-of-sale (PoS) malware known as Prilex have reared their head once again with new updates that allow it to block contactless payment transactions. Russian cybersecurity firm Kaspersky said it detected three versions of Prilex (06.03.8080, 06.03.8072, and 06.03.8070) that are capable of targeting NFC-enabled credit cards, taking ...

Read More
Twitter Facebook LinkedIn

Auditing Kubernetes with Open Source SIEM and XDR

Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit Kubernetes to ensure compliance with regulations, find anomalies, and identify security risks. The Wazuh open source platform plays a critical role ...

Read More
Twitter Facebook LinkedIn

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a phishing campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into ...

Read More
Twitter Facebook LinkedIn

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, ...

Read More
Twitter Facebook LinkedIn

You Don't Know Where Your Secrets Are

Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases. It might sound ridiculous at first: keeping secrets is an obvious first thought ...

Read More
Twitter Facebook LinkedIn

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. "The NikoWiper is based on SDelete, a command line utility from Microsoft that is used for securely deleting files," cybersecurity company ESET revealed in its latest APT Activity Report shared with The ...

Read More
Twitter Facebook LinkedIn

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

A shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes ...

Read More
Twitter Facebook LinkedIn
cover

The 3 Approaches to Breach & Attack Simulation Technologies

Demand for the latest and most comprehensive testing solutions continues to grow to counter the ever-increasing wave of cybercrime. Find out what methods organizations are using to meet this demand.

Download Now Sponsored

This email was sent to you. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here.

Contact The Hacker News: info@thehackernews.com
Unsubscribe

The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India

Older messages

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Tuesday, January 31, 2023

The Hacker News Daily Updates Newsletter cover The 3 Approaches to Breach & Attack Simulation Technologies Demand for the latest and most comprehensive testing solutions continues to grow to

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Monday, January 30, 2023

The Hacker News Daily Updates Newsletter cover The CISOs Report: Perspectives, Challenges and Plans for 2022 and Beyond The latest ransomware insights from hundreds of CISOs Download Now Sponsored

Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack

Saturday, January 28, 2023

The Hacker News Daily Updates Newsletter cover Building trust with persistent third-party risk management Strong third-party relationships are more important than ever to businesses today. As the

Victory against cybercrime: Hive Ransomware Infrastructure Seized

Friday, January 27, 2023

The Hacker News Daily Updates Newsletter cover The 3 Approaches to Breach & Attack Simulation Technologies Demand for the latest and most comprehensive testing solutions continues to grow to

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software

Thursday, January 26, 2023

The Hacker News Daily Updates Newsletter cover Windows 11 For Dummies ($15.00 Value) FREE for a Limited Time Need Windows help? Find the latest tips and tricks in this perennial favorite on Windows

You Might Also Like

Daily Coding Problem: Problem #1646 [Medium]

Monday, December 23, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Facebook. Write a function that rotates a list by k elements. For example, [1, 2, 3, 4,

GCP Newsletter #430

Monday, December 23, 2024

Welcome to issue #430 December 23rd, 2024 News Event Official Blog Calling all devs: Code the future of baseball with Google Cloud and MLB - Google Cloud and MLB are hosting a hackathon where

⏯️ Make a Holiday Guest Profile for Your Streaming Services — What Is Linux Mint?

Monday, December 23, 2024

Also: I Played the Worst Mobile Games So You Don't Have To, and More! How-To Geek Logo December 23, 2024 Did You Know The giant splashes of color that make poinsettias a popular holiday decoration

Ranked | The Most Satisfying vs. Most Reliable Car Brands in 2024 🚙

Monday, December 23, 2024

The most reliable car brands are rarely the most satisfying to own, according to recent Consumer Reports survey data. View Online | Subscribe | Download Our App Presented by: Find the megatrends

Bitcoin Enthusiasts Are Letting Altcoins Pass by

Monday, December 23, 2024

Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, December 23, 2024? The

Last Minute Gifts from Walmart

Monday, December 23, 2024

ZDNET ZDNET Sponsored Message In Partnership with Walmart December 23, 2024 exclusive offer Walmart Last-minute gifts from Walmart Shop Now Walmart The tech you've been wishing for–at everyday low

15 ways AI saved me weeks of work in 2024

Monday, December 23, 2024

ZDNET's product of the year; Windows 11 24H2 bug list updated -- ZDNET ZDNET Tech Today - US December 23, 2024 AI applications on various devices. 15 surprising ways I used AI to save me weeks of

Distributed Locking: A Practical Guide

Monday, December 23, 2024

If you're wondering how and when distributed locking can be useful, here's the practical guide. I explained why distributed locking is needed in real-world scenarios. Explored how popular tools

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Monday, December 23, 2024

Your one-stop-source for last week's top cybersecurity headlines. The Hacker News THN Weekly Recap The online world never takes a break, and this week shows why. From ransomware creators being

⚙️ OpenA(G)I?

Monday, December 23, 2024

Plus: The Genesis Project ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌