Bill Toulas reports: Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations’ cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the MCPP…
Category: Phishing
The U.N. Committee on Human Rights asks Morocco NOT to extradite Raoult
A small and somewhat bitter update to the Sébastien Raoult case. Sébastien’s father contacted DataBreaches tonight to say that they had just received a response from the Human Rights Committee of the United Nations. In response to Raoult’s appeal submitted on January 17, the committee responded by asking Morocco not to extradite Raoult while Raoult’s…
Baltimore schools cyber attack cost nearly $10M: State IG
ABC News reports: Baltimore County Public Schools failed to act on several state recommendations to help mitigate cyber attacks before a hack disrupted school operations and cost the school system millions of dollars in damages and repairs, according to a report from a state inspector general. BCPS was hacked using a phishing email in November 2020 —…
NCSC: Russian and Iranian hackers targeting UK politicians, journalists
John Leonard reports: NCSC, the cyber security arm of GCHQ, has issued an advisory warning about the targeting of media and political organisations by hackers from Russia and Iran. The groups mentioned, SEABORGIUM from Russia and TA453 (alias APT42 and Charming Kitten) from Iran, are believed to be associated with the governments of those countries….
Australian man given two-year jail sentence for $69K phishing scams
Eileen Yu reports: An Australian man has been sentenced to jail for more than two years over an SMS phishing scam, during which he stole AU$100,000 ($69,751) and targeted 450 victims. The Sydney Local Court found the man guilty of various cybercrime offences, including obtaining and supplying data with intent to commit a computer offence….
NHS Is The Most Phished UK Government Organization
Cyber Security Intelligence reports: Cyber security experts have recently revealed the top six government impersonation scams they have removed from the Internet in 2022 as they urged the public to remain vigilant to cyber crime in 2023. The scams unveiled by the National Cyber Security Centre (NCSC), part of GCHQ, included phishing emails and messages from cyber criminals…