By OptionOne Technologies
We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.
Cybersecurity Threat News
Phishing-as-a-Service Group Targets Microsoft 365 Users with AiTM Attacks
Cybersecurity firm Trustwave has discovered a new phishing-as-a-service (PhaaS) platform that uses AitM (adversary-in-the-middle) attacks, which pose a significant threat to security, The Hacker News reported. The platform leverages legitimate services such as Atlassian Confluence, Google Docs Viewer, LiveAgent, Microsoft OneDrive, OneNote, and Dynamics 365 Customer Voice to host phishing links.
By exploiting the trust associated with these platforms, threat actors create phishing pages that closely resemble the sign-in pages of the targeted brands.
Despite obfuscations applied to the HTML code, these pages are designed to trick users into entering their credentials, which are immediately exfiltrated to the AitM server. The stolen credentials are then used to retrieve the victim’s session cookie, granting the attackers unauthorized access to their accounts.
In a related phishing campaign known as Beluga, security firm Malwarebytes has identified a tactic that uses .HTM attachments to deceive email recipients into entering their Microsoft OneDrive credentials on a fraudulent login form. The entered credentials are then exfiltrated to a Telegram bot, giving threat actors unauthorized access to victims’ OneDrive accounts.
As phishing attacks become increasingly sophisticated and difficult to detect, organizations and individuals must remain vigilant and adopt robust security measures to protect themselves against such threats.
Ransomware Gangs Post Ads Seeking Penetration Testers to Boost Their Effectiveness
Legitimate businesses and other above-board organizations are no longer the only ones in the market for cybersecurity professionals. According to a report by DarkReading, cybercriminals are now posting ads seeking expert penetration testers to help them create dark AI models and ransomware.
Researchers have identified advertisements in chats on platforms like Telegram and forums like the Russian Anonymous Marketplace (RAMP). Ransomware gangs and affiliate groups seek professionals to help them fix “holes” in their malware and other attack tools.
According to Etay Maor, chief security strategist at Cato Networks, this development’s silver lining is that it highlights law enforcement’s recent successes in taking down botnets and helping defenders recover their data.
“They definitely want to make sure that all the effort they’re putting into their software is not going to be turned over when somebody finds a vulnerability,” he says. “They’re really stepping up their game in terms of approaching software development, making it closer to what an enterprise would do than what is typically seen today from other development groups.”
As cybercriminal groups grow, their structures increasingly resemble those of corporations. They include full-time staff, software development teams, finance teams, and other units.
According to a 2024 of top ransomware groups by intelligence firm Recorded Future, the top groups today are LockBit, RansomHub, PLAY, Hunters International, and Akira. All of them are likely structured roles and cybercriminal services to operate efficiently.
Microsoft Fixes AI, Cloud, and ERP Cybersecurity Flaws
Microsoft has addressed a slew of security flaws in its platforms, The Hacker News Reported. The company made security updates to its artificial intelligence (AI), cloud, enterprise resources planning, and Partner Center offerings, including patching one vulnerability that had already been exploited.
The fixes will be rolled out automatically as part of updates to Microsoft Poer Apps. Most of the vulnerabilities have already been mitigated and require no action from users. However, Microsoft advises users to update Dynamics 365 Sales apps for Android and iOS to the latest version (3.24104.15).
This is to protect against the vulnerability CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com.
According to Microsoft, “An improper access control vulnerability in partner.microsoft[.]com allows an unauthenticated attacker to elevate privileges over a network.”
Credit for discovering the flaw was attributed to “Gautam Peri, Apoorv Wadhwa, and an anonymous researcher,” the report said.
Cybersecurity Tips
Senior Google Software Engineer Discusses Shift to a Global IoT Cybersecurity Paradigm
The Internet of Things (IoT) has connected billions of devices and helped to transform industries, but it also creates a massive attack surface for cybercriminals. There will be over 75 billion connected devices worldwide in 2025. That growth has outpaced security measures, and the world needs to keep up.
In a recent article in Infosecurity Magazine, senior Google software engineer Arun Narasimhan outlined a framework for a global IoT security framework.
The Connectivity Standards Alliance’s (CSA) Device Security Specification 1.0
In the article, Narasimhan introduced the Connectivity Standards Alliance’s (CSA) IoT Device Security Specification 1.0, which he called “a game-changing initiative that promises to unify the global approach to IoT security.”
The specification aims to create a unified, global framework by consolidating requirements from multiple regions and standards bodies. Thus, organizations are presented with a standard list of guidelines that can be applied across all IoT devices.
The key features of the CSA Specification are as follows:
- A Tiered Security Approach: a “scalable model allows manufacturers to apply appropriate security measures based on the device’s intended use and potential risk profile.”
- Unique Device Identities: for preventing large-scale attacks that exploit default credentials.
- Secure Storage and Communication: requiring secure storage methods and encrypted communication protocols.
- Software Update Mechanisms: a mandate for secure and user-friendly software update processes for users.
- Interface Access Control: limiting device interface access “only to authorized entities and necessary functions.”
Major technology organizations and device manufacturers have already shown support for the framework. Amazon, Google, and Apple have even expressed interest in adopting it, which could lead to a much more unified approach to IoT security in the future.
For more information, please read this press release from CSA.
Thanks for Reading
That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.
