99 matches found
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control C2 channel, allowing...
Support Statement — Exchange Web Services (EWS) Deprecation
Challenge Microsoft has announced the deprecation of Exchange Web Services EWS in Exchange Online, with the initial phase-out target of October 1, 2026. Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 currently leverage EWS for Exchange Online backup functionality. Note: Thi...
Microsoft Graph Enterprise Intelligence Collector
This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...
Microsoft Graph Advanced Intelligence Collector
This Metasploit auxiliary module interacts with the Microsoft Graph API to perform advanced intelligence collection in Microsoft 365 environments. The module supports Azure AD application authentication or direct access tokens and enables enumeration of Azure users, SharePoint sites, OneDrive...
Microsoft Graph Cloud Intelligence Collector
The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...
SharePoint / OneDrive Explorer via Microsoft Graph API
The SharePoint / OneDrive Explorer is a Metasploit Auxiliary module designed to interact with Microsoft Graph API in order to explore and retrieve information from Microsoft SharePoint and Microsoft OneDrive environments. The module authenticates using OAuth2 Client Credentials with a Tenant ID,...
CVE-2023-49283
microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...
Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring
This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity...
EUVD-2024-0260
Malicious code in bioql PyPI...
EUVD-2023-3185
Malicious code in bioql PyPI...
EUVD-2023-3247
Malicious code in bioql PyPI...
Retail at risk: How one alert uncovered a persistent cyberthreat
In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...
CVE-2023-49282
msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...
New Malware Campaign Exploits Microsoft Graph API to Infect Windows
FortiGuard Labs discovers an advanced attack using modified Havoc Demon and SharePoint. Explore the attack's evasion techniques and security measures...
WordPress plugin WPO365 MICROSOFT 365 GRAPH MAILER 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster i...
CVE-2024-21632
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
Impact of Azure AD Graph Deprecation on Veeam Backup for Microsoft Azure
Challenge Data protection of Azure services may fail using any version of Veeam Backup for Microsoft Azure below v6 build number 6.0.0.234. Cause Starting February 1, 2025, Microsoft has retired Azure AD Graph. As a result, any application relying on Azure AD Graph will be unable to make requests...
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...
New Go-based Backdoor GoGra Targets South Asian Media Organization
An unnamed media organization in South Asia was targeted in November 20233 using a previously undocumented Go-based backdoor called GoGra. "GoGra is written in Go and uses the Microsoft Graph API to interact with a command-and-control C&C server hosted on Microsoft mail services," Symantec, part ...