Cybersecurity Highlights

This section registers the most relevant incidents or public events related to the cybersecurity and information and communication technologies (ICT), in a way that a chronological history of them is available, together with their main links, references and information sources.

Post related to: Microsoft

Microsoft dismantles Russian Strontium cyberattacks against Ukraine

Microsoft has successfully dismantled, according to its blog, a series of cyber attacks targeting Ukrainian entities by Strontium, a group of cybercriminals who have been attributed with a direct...

References:

blogs.microsoft.com

genbeta.com

global.techradar.com

elespanol.com

iproup.com

cnnespanol.cnn.com

Tags:

Other critical infrastructures

Microsoft reports cybersecurity incident

Microsoft has published an official post in response to the news related to the alleged cyberattack perpetrated by the LAPSUS$ ransomware group, which would have resulted in the obtaining of the...

References:

microsoft.com

techmonitor.ai

hipertextual.com

es.gizmodo.com

cyberkendra.com

xataka.com

Tags:

Microsoft mitigates one of the largest DDoS attacks in history

The company reported an attack last November against a customer in Asia, reaching 3.47 terabits per second from 10,000 sources in 10 different countries around the world."We believe this is the...

References:

microsoft.com

bleepingcomputer.com

computerhoy.com

genbeta.com

Tags:

Microsoft Power Apps put the confidentiality of millions of data at risk

UpGuard researchers have reported a vulnerability that affects Microsoft Power Apps, related to a configuration flaw in ODdata API, which could have exposed online more than 38 million of sensitive...

References:

upguard.com

docs.microsoft.com

unaaldia.hispasec.com

zdnet.com

thehackernews.com

Tags:

Public administration

Vulnerability

Microsoft warns that government-backed cybercriminals gained access to email systems

The Microsoft Threat Intelligence Center (MSTIC) has reported multiple 0-day exploits used by a Chinese state-sponsored threat actor to attack local versions of Microsoft Exchange Server in a...

References:

blogs.microsoft.com

microsoft.com

bleepingcomputer.com

20minutos.es

Tags:

Other critical infrastructures

Vulnerability

Windows

Campaign targeting cybersecurity researchers detected

Google has identified an ongoing campaign targeting cybersecurity researchers working on study of vulnerabilities across multiple companies and organizations, suspected to be perpetrated by an...

References:

blog.google

bleepingcomputer.com

zdnet.com

unaaldia.hispasec.com

microsoft.com

blog.google

Tags:

Malwarebytes, another victim of SolarWinds security incident perpetrators

Malwarebytes, the popular cybersecurity services company, has confirmed that it has suffered a cyberattack by the same threat actors that caused the security incidents stemming from the SolarWinds...

References:

blog.malwarebytes.com

bleepingcomputer.com

infosecurity-magazine.com

unaaldia.hispasec.com

Tags:

A threat actor commits a Mimecast certificate

The email management software provider, Mimecast, has reported that one of its issued certificates, intended to authenticate its Mimecast Sync and Recover, Continuity Monitor and IEP (Internal...

References:

mimecast.com

sec.gov

bleepingcomputer.com

zdnet.com

threatpost.com

blogs.masterhacks.net

mimecast.com

Tags:

FireEye Red Team tools have been stolen

FireEye, one of the world's leading cybersecurity companies dedicated to vulnerability analysis and prevention, has reported being the victim of a cyberattack through which its Red Team pentesting...

References:

fireeye.com

github.com

us-cert.cisa.gov

cso.computerworld.es

theverge.com

fireeye.com

sec.gov

incibe-cert.es

microsoft.com

fireeye.com

microsoft.com

msrc-blog.microsoft.com

Tags:

Other critical infrastructures

Public administration

Tool

Unauthorized access to a Nitro database

The global document management company, Nitro, reported, on October 21, on limited access to one of its databases by an unauthorized third party.The affected database supports certain online...

References:

ir.gonitro.com

bleepingcomputer.com

siliconangle.com

redeszone.net

Tags:

Corporate access

Cybersecurity Highlights

Microsoft dismantles Russian Strontium cyberattacks against Ukraine

Microsoft reports cybersecurity incident

Microsoft mitigates one of the largest DDoS attacks in history

Microsoft Power Apps put the confidentiality of millions of data at risk

Microsoft warns that government-backed cybercriminals gained access to email systems

Campaign targeting cybersecurity researchers detected

Malwarebytes, another victim of SolarWinds security incident perpetrators

A threat actor commits a Mimecast certificate

FireEye Red Team tools have been stolen

Unauthorized access to a Nitro database

Pages