KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output

Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a list of legacy Skype users identified through Microsoft Teams enumeration. Finally, it also creates a nice clean list for future usage, all conduct...

Description of the security update for SharePoint Server Subscription Edition: September 12, 2023 (KB5002474)

Description of the security update for SharePoint Server Subscription Edition: September 12, 2023 KB5002474 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

WordPress All-in-One WP Migration OneDrive Extension Plugin <= 1.66 is vulnerable to Broken Access Control

Software All-in-One WP Migration OneDrive Extension Type Plugin Vulnerable versions = 1.66 Fixed in 1.67 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 11686f7de85d Credits...

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities

While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account MSA consumer signing key used to forge Azure Active...

DDoS attacks want to make sure you haven’t forgotten about them

Welcome to this weeks edition of the Threat Source newsletter. Distributed denial-of-service attacks DDoS have been around since before I even knew how to turn a computer on. These types of attacks, I feel, have the same vibe as the term "computer virus" -- something we used to talk about in the...

CVAD 2203 CU2: Error: "Your OneDrive folder can't be created in the location you selected.”

On CVAD 2203 CU2, you followedhttps://docs.citrix.com/en-us/profile-management/current-release/configure/enable-the-onedrive-container.html to configure OneDrive Container with Citrix Profile Management but it does not work. The Policy was applied via Citrix Active Directory GPO...

MULTI#STORM Campaign Sets Sights on India and U.S. with RAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The MULTISTORM phishing campaign employs JavaScript files to disseminate RATs throughout compromised systems. This intricate attack utilizes a multi-stage procedure that commences when the victim engages...

Flea APT Targets Foreign Ministries with New Backdoor.Graphican

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Flea APT15 targeted foreign ministries with their new backdoor, Backdoor.Graphican, leveraging Microsoft Graph API and OneDrive for C&C communication. To receive real-time threat advisories, please follo...

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...

Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...

Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions

Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. "These attacks likely rely on access to multiple virtual private servers VPS in conjunction with rented cloud...

Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions

Microsoft on Friday attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359. "These attacks likely rely on access to multiple virtual private servers VPS in conjunction with rented cloud...

@activepieces/piece-amazon-s3 (=0.0.2), @adobe/helix-admin-support (>=2.1.22 <=2.1.23) +471 more potentially affected by unknown CVE via fast-xml-parser (=4.2.4)

fast-xml-parser NPM version =4.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on fast-xml-parser and may be impacted: - @activepieces/piece-amazon-s3 =0.0.2 - @adobe/helix-admin-support =2.1.22, =9.0.39, =2.1.1, =2.1.15, =1.11.158, =1.0.4-0, =1.2.39-...

After removing and adding items from the OneDrive folder, Veeam Backup for Microsoft 365 may skip backup items

Challenge The Veeam Backup for Microsoft 365 Dev team has identified an issue where Veeam Backup for Microsoft 365 may skip items in a SharePoint Document Library or List when a large number of items are rapidly added, removed, and added again. For example, If a user adds 20 or more items to the...

May 24, 2023—KB5026446 (OS Build 22621.1778) Preview

May 24, 2023—KB5026446 OS Build 22621.1778 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to fin...

N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks

The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "ReconShark is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading ...

The vulnerability of the OneDrive file sharing service, related to deficiencies in access control, allows attackers to escalate their privileges.

The vulnerability of the OneDrive for Windows file sharing service is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe

A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to eva...