Microsoft Teams outage also takes down Microsoft 365 services
A Microsoft Teams outage has disabled numerous multiple Microsoft 365 services that have Teams integration, such as Exchange Online, Windows 365, and Office Online. Late Wednesday night the company revealed on Twitter that it had “received reports of users being unable to access Microsoft Teams or leverage any features.” Two hours later it identified the issue as a recent deployment that featured a broken connection to an internal storage service.
Heatwave forced Google and Oracle to shut down in London
As a result of record temperatures in the UK, Google and Oracle suffered outages as cooling systems failed at London data centers. Oracle reported overheating problems just before 4:00 BST, with officials pointing out on a status page that unseasonably high temperatures in the London area forced data center units to operate “above their design limits.” the company wrote on a status page first spotted by The Register. Overheating also hit a Google Cloud data center in London at 6:00 p.m., but only a “small set of customers” was affected.
(BBC News)
Hackers for hire: adversaries employ “cyber mercenaries”
A cybergang dubbed Atlas Intelligence Group is recruiting independent black-hat hackers to execute parts of its own campaigns. Also known as Atlantis Cyber-Army, it functions as a cyber-threats-as-a-service criminal enterprise, offering services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services, according to a Thursday report by threat intelligence firm Cyberint. Whereas organized threat groups tend to recruit individuals with certain capabilities that they can reuse and incent them with profit sharing, A.I.G. uniquely outsources specific aspects of an attack to mercenaries who have no further involvement in an attack. The report’s author said only A.I.G. administrators and the group’s leader—dubbed Mr. Eagle—know fully what the campaign will be.
TikTok is fastest growing news source for UK
It is now the fastest growing news source for UK adults, according to a survey conducted by the UK Government’s Office of Communications. Nearly half of people using it for current affairs turn to fellow TikTokers rather than conventional news organizations for their updates. TikTok is used by 7% of adults for news, according to the UK’s communications watchdog, up from 1% in 2020. The growth is primarily driven by young users, with half of its news followers aged 16 to 24. A quarter of US adults say they always use TikTok to get the news, with nearly half of US millennial and Gen Z adults – under-41s and under-25s respectively – indicating the same, according to the analysis firm Forrester Research.
Thanks to today’s episode sponsor, 6clicks
The growth in targeted, sophisticated cyberattacks troubles top FBI cyber official
The FBI has expressed concern that that “cybercriminals and nation-state adversaries are developing more precision in their attacks and taking advantage of innovations in artificial intelligence that will compound the digital threat in the years to come,” according to FBI Assistant Director for Cyber, Bryan Vorndran, speaking on Wednesday. “When we think about software as a service or even supply chain attacks, what happens when the adversary understands that there is perhaps one software factory that services the entire community,” he said. Vorndran oversees 1,000 FBI agents who are focused on cybercrimes nationwide, and was speaking at a Fordham University cybersecurity conference. In the same address he pointed to the growing problem of “blended threats,” in which nation states and criminal enterprises work together, as well as the growing sophistication of deepfake technology.
8220 Gang cloud botnet infected 30,000 host globally
Researchers from SentinelOne are describing a “low-skill crimeware group known as the 8220 Gang, which has expanded its cloud botnet to roughly 30,000 hosts globally. “The gang focuses on infecting cloud hosts to deploy cryptocurrency miners by exploiting known vulnerabilities and conducting brute-force attacks.” Its members are Chinese-speaking and their name reflects the the port number 8220 that it uses to communicate with C2 servers. In a recent campaign, the group targeted Linux systems and used RCE exploits for Atlassian Confluence and WebLogic for initial access.
Outlook email users alerted to suspicious activity from Microsoft-owned IP address
Microsoft email is showing unusual behaviour for some users, who are reporting unusual sign-in notifications in their Outlook accounts. This time, however, “the IP address at the root of the issue appears to originate within Microsoft itself.” According to users, the messages also appear in the “unusual activity section of the company’s email website,” which rules out a phishing attack. The Register reports that explanations from Microsoft are slow in coming, and quotes an independent IT specialist who suggests that other than something being severely wrong in the single sign-on department, perhaps miscreants were reusing passwords from various disclosure lists.
New Linux malware framework lets attackers install rootkit on targeted systems
Swiss Army Knife is a hitherto unknown Linux malware, thus named for “its modular architecture and its capability to install rootkits.” Dubbed Lightning Framework, by the security firm Intezer it comes is features that make it of the most intricate frameworks developed for targeting Linux systems. “The framework has both passive and active capabilities for communication with the threat actor, including opening up SSH on an infected machine, and a polymorphic malleable command and control configuration.” Intezer researcher Ryan Robinson said in a new report published yesterday, “the Lightning Framework is an interesting malware as it is not common to see such a large framework developed for targeting Linux,” Robinson pointed out. The discovery of Lightning Framework makes it the fifth Linux malware strain to be unearthed in a short period of three months.