At a glance.
- Chinese threat actor hit US organizations with a Microsoft cloud exploit.
- Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures.
- July Patch Tuesday retrospective.
- Threat spotlight: email extortion attacks: digital blackmail.
- Report: Companies allowing personal employee devices onto their network are opening themselves to attack.
- RomCom update.
- Beamer phishbait.
Chinese threat actor hit US organizations with a Microsoft cloud exploit.
Late yesterday Microsoft described activity by the Chinese government threat actor it tracks as Storm-0558. The group "gained access to email accounts affecting approximately 25 organizations including government agencies as well as related consumer accounts of individuals likely associated with these organizations," Redmond explained. Microsoft noticed "anomalous" mail activity on June 16th. Investigation subsequently determined that this was part of a cyberespionage campaign that began on or around May 15th of this year. Microsoft said, "They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key." Since discovering the activity, Microsoft has completed mitigating its effects for all the customers involved. According to the Wall Street Journal, the US Government is investigating the scope of the Chinese operation and assessing what damage it might have caused.