Using forged authentication tokens, Microsoft revealed that Customer email accounts were accessed using Outlook Web Access (OWA) Exchange Online. China based threat actor, Storm-0558 is believed responsible, using the access to email accounts to gather useful intelligence. Breach Microsoft China Storm-0558 11th Jul
8th Aug
In response to a Freedom of Information (FOI) request made to the Police Service of Northern Ireland, a spreadsheet detailing the locations and names of serving employees was mistakenly made public and posted online, putting these employees at risk. Police forces in Norfolk and Suffolk also confirmed FOI requests led to inadvertently sharing too much Personally Identifiable Information (PII) publicly, whilst Cumbria Police blamed human error for the publication of the names and salaries of all its officers online. Police Force: Data Leak FOI request leads to acci - dental PII data leak
Progress released a security advisory regarding a Zero-Day vulnerability, CVE-2023-34362, in their managed file transfer (MFT) software package, which had been used to exfiltrate data. Ransomware group CL0P was seen to be leveraging this flaw, alongside other File Transfer vulnerabilities, to steal data to demand ransom payments. Ransomware Move-IT Managed File Transfer vulnerability in mass Cl0p exploitation 31st May
31st Aug
NCSC and its Five Eyes partners issue a report associating Infamous Chisel Malware targeting Ukrainian military Android devices, with the threat actor, Sandworm. Ukraine Military Devices targeted by Russian GRU Malware Infamous Chisel
The malware allows for data exfiltration and remote access.
The campaign is believed to be part of the Russian war efforts against Ukraine.
6
Made with FlippingBook - PDF hosting