#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

OneDrive | Breaking Cybersecurity News | The Hacker News

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware
Jan 20, 2024 Malware / Cyber Espionage
The threat actor tracked as  TA866  has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a variant of the WasabiSeed and Screenshotter custom toolset," the enterprise security firm  said . TA866 was  first documented  by the company in February 2023, attributing it to a campaign named Screentime that distributed WasabiSeed, a Visual Basic script dropper that's used to download Screenshotter, which is capable of taking screenshots of the victim's desktop at regular intervals of time and exfiltrating that data to an actor-controlled domain. There

Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware

Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware
Sep 28, 2022
The Russian state-sponsored threat actor known as  APT28  has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25  said  in a technical report. "The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive." The dropper, a seemingly harmless image file, functions as a pathway for a follow-on payload, a variant of a malware known as Graphite, which uses the Microsoft Graph API and OneDrive for command-and-control (C2) communications to retrieve additional payloads. The attack employs a lure document that makes use of a template potentially linked to the Organisation for Economic Co-operation and Development ( OECD ), a Paris-based intergovernmental entity. Cluster25 noted the attacks may be ongoing, con

6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance
Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies
Jun 03, 2022
Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive applications created by Polonium andd that it notified affected organizations. "The observed activity was coordinated with other actors affiliated with Iran's Ministry of Intelligence and Security (MOIS), based primarily on victim overlap and commonality of tools and techniques," MSTIC  assessed  with "moderate confidence." The adversarial collective is believed to have breached more than 20 organizations based in Israel and one intergovernmental organization with operations in Lebanon since February 2022. Targets of interest included entities in the manufacturing

NIST Cybersecurity Framework: Your Go-To Cybersecurity Standard is Changing

cyber security
websiteArmorPointCybersecurity / Risk Management
Find everything you need to know to prepare for NIST CSF 2.0's impending release in this guide.

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage

Microsoft Adds 2FA-Protected "Personal Vault" Within OneDrive Cloud Storage
Jun 26, 2019
Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication. Dubbed Personal Vault , the new OneDrive folder can only be accessed with an additional step of identity verification, such as your fingerprint, face, PIN, or a two-factor authentication code sent to you via email or SMS. The Personal Vault folder will appear next to other folders in the OneDrive app like your Documents and Pictures, but it will be locked and prompt you for an additional code each time you try to access them via the web, PC, or mobile devices, thus keeping them more secure in the event when someone gains access to your account or your device. Microsoft suggests this new protected area in OneDrive would be useful for users to store more sensitive and personal files like copies of passport, tax, car or home documents, identification cards,

Microsoft will Inform You If Government is Spying on You

Microsoft will Inform You If Government is Spying on You
Dec 31, 2016
Following in the footsteps of Twitter, Facebook and Google, Microsoft promises to notify users of its e-mail ( Outlook ) and cloud storage ( OneDrive ) services if government hackers may have targeted their accounts. The company already notifies users if an unauthorized person tries to access their Outlook or OneDrive accounts. But from now on, the company will also inform if it suspects government-sponsored hackers. Ex-Employee: Microsoft Didn't Notify When China Spied Tibetans Leaders The move could be taken in the wake of the claims made by Microsoft's former employees that several years ago Chinese government hacked into more than a thousand Hotmail email accounts of international leaders of Tibetan and Uighur minorities , but the company decided not to tell the victims, allowing the hackers to continue their campaign. Instead of alerting those leaders of the hacking attempts, Microsoft simply recommended them to change their passwords without disclosi

Microsoft OneDrive Secretly Modifies your BackUp Files

Microsoft OneDrive Secretly Modifies your BackUp Files
Apr 24, 2014
Until now, our privacy has been violated by many big Internet Services, including Google who uses our personal information for the advertising purposes and this is exactly how the companies handle the mass of personal data we provide them. But, recent report about another big giant Microsoft shows that it omits almost all other privacy aspects, as it targets ' Integrity ' of our data. To hold on our large data, having backups is always a good idea and many of us prefer cloud-based backup solutions such as Google Drive, Dropbox, Box, RapidShare, Amazon Cloud Drive to store and secure our personal data. But, unfortunately with Microsoft OneDrive storage service, it doesn't work. Microsoft fails to deliver integrity to its users as Microsoft's OneDrive for Business cloud-based storage service has been modifying users' files when they are uploading to Cloud storage, according to an Ireland based Storage technology researcher Seán Byrne, who posted about it in a Myce
Cybersecurity Resources