Microsoft 365 outage update
If you were wondering whether Microsoft’s outages on Monday should have been your cue to start your Thanksgiving vacation early, you weren’t alone. Microsoft addressed widespread Microsoft 365 outages affecting services like Exchange Online, Microsoft Teams, SharePoint Online, and Outlook. The issue, caused by a “recent change,” has led to difficulties accessing these platforms and performing certain actions within Microsoft Fabric and Defender for Office 365. Microsoft deployed a fix to the affected environments, initiated manual restarts on impacted systems, and, as of this recording, is monitoring progress. While this follows a major outage in July caused by a DDoS attack, Microsoft has not attributed the current incident to any malicious activity.
“Hair on Fire” over China’s cyber campaign
The Biden administration met with telecom executives to discuss the impact of China’s cyber espionage campaign targeting U.S. telecommunications networks, which may require a large-scale rebuild of infrastructure.Senator Mark Warner, chair of the Senate Intelligence Committee, has raised alarms over China’s persistent cyberattacks on U.S. telecommunications networks, describing their severity as far exceeding previous incidents. He said China’s actions make Russia-linked incidents like the SolarWinds hack and Colonial Pipeline attack look like “child’s play.” Warner highlighted that attackers exploited wiretapping capabilities and stole extensive data from U.S. networks, while the administration’s meeting emphasized sharing intelligence on the ongoing threat. China denies these claims, but U.S. officials have described the activity as significant and unresolved.
North Korean fake IT worker scheme unveiled
Microsoft has uncovered a widespread North Korean scheme where fake IT workers, using stolen identities and AI-generated profiles, infiltrated companies globally, generating millions in revenue for Pyongyang’s weapons programs. These wor kers have been targeting businesses through platforms like GitHub and LinkedIn, deploying phishing attacks and stealing cryptocurrency. Meanwhile, the China-linked hacking group Storm-2077 is actively compromising government and private organizations worldwide, while Google recently shut down over 1,000 websites linked to the GlassBridge group, known for running pro-China disinformation campaigns.
Meta cracks down on scammers
Meta announced it has removed 2 million accounts linked to scams like “pig butchering,” primarily originating from countries such as Cambodia, Myanmar, and the UAE. These scams involve long-term manipulation, often by individuals coerced into working in criminal hubs under threats of physical harm known as “scam slave” operations, luring victims into fraudulent investment schemes. The FBI reports these kinds of operations are a major source of revenue for these criminal groups.
Thanks to today’s episode sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
SMS blaster busted
One hundred thousand spam texts an hour—talk about a nightmare. Thai police say they’ve arrested a van driver in Bangkok for operating an SMS blaster device capable of sending that many spam messages, targeting nearly one million people in just three days. The messages, impersonating Thailand’s largest mobile phone operator, AIS, lured victims to a phishing site with lines like “Redeem your gift now” or “Your points are about to expire” to steal credit card details for unauthorized transactions. The scam was orchestrated by a fraud gang coordinating via Telegram, with additional members of the group still at large.
Zyxel issues patch for exploited vulnerability
Zyxel is warning users to update their firewalls after Helldown ransomware exploited a command injection vulnerability (CVE-2024-42057) to compromise devices running outdated firmware. The flaw, patched in September with firmware version 5.39, allows attackers to execute OS commands remotely and has been linked to rogue account creation for SSL VPN access.
Insurance payout to New York
The state of New York secured an $11.3M settlement with GEICO and Travelers insurance companies over data breaches that exposed sensitive information of over 120,000 residents, including driver’s licenses used in COVID-era unemployment fraud. Investigations found both insurers failed to meet New York’s cybersecurity regulations, leading to penalties of $9.75M for GEICO and $1.55M for Travelers. As part of the settlement, the companies agreed to adopt stronger cybersecurity measures, including enhanced data security programs, authentication procedures, and threat monitoring systems.
UK creates AI security lab
The UK has launched the Laboratory for AI Security Research (LASR) to counter threats from adversaries like Russia by developing AI-based cyber defense tools in partnership with universities and intelligence agencies. Backed by £8.22M in government funding, the lab aims to address the “AI arms race” and enhance national and allied security while warning of potential Russian cyberattacks targeting critical infrastructure. The announcement coincides with tensions between the UK and Russia, with Russia threatening UK facilities following Ukraine’s use of British-made missiles.