CISA Warns of Compromised Microsoft Accounts

CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group.
The directive is known as Emergency Directive 24-02 and it addresses the risk of compromised Microsoft accounts for federal agencies and corporations.
The directive mandates agencies to probe potentially impacted emails, reset any compromised credentials and implement safeguards to fortify privileged Microsoft accounts.
CISA reports that operatives from Russia are utilizing information pilfered from Microsoft's corporate email systems, including authentication details exchanged between Microsoft and its clientele via email, to infiltrate certain customer systems.
Microsoft and the U.S. cybersecurity agency have already alerted all federal agencies whose email exchanges with Microsoft were identified as exfiltrated by the Russian hackers.
CISA has now directed affected agencies to ascertain the complete content of their correspondence with compromised Microsoft accounts and conduct a cybersecurity impact assessment by April 30, 2024.
For any compromised accounts; review sign-in, token issuance, and other account activity logs for potential malicious activity.
While the requirements of ED 24-02 pertain exclusively to Federal Civilian Executive Branch agencies, the exfiltration of Microsoft corporate accounts may affect other organizations and corporations.
In 2021, the APT29 hackers once more penetrated a Microsoft corporate account, granting them access to customer support tools.
The compromised account possessed authorization to an application with elevated privileges within Microsoft's corporate environment, enabling the attackers to infiltrate and extract data from corporate mailboxes.
These compromised email accounts included those belonging to members of Microsoft's leadership team and an undisclosed number of employees in the company's cybersecurity and legal departments.
Detecting compromised Microsoft accounts is crucial for maintaining the security of your organization's data and systems.
Monitor Account Activity: Regularly monitor the activity logs of Microsoft accounts for any suspicious or unauthorized activities.
Screen Accounts for Compromised Credentials: Prioritize screening of accounts for compromised credentials.
Implement Multi-Factor Authentication: Enable MFA for all Microsoft accounts to add an extra layer of security.
MFA requires users to provide additional verification, such as a code sent to their phone, in addition to their password, making it harder for unauthorized users to access accounts even if passwords are compromised.
Regularly Review Permissions and Access: Conduct regular audits of permissions and access levels assigned to Microsoft accounts.
Set up Alerts and Notifications: Configure alerts and notifications for suspicious activities or security events within Microsoft accounts.
By following these proactive measures and staying vigilant, organizations can enhance their ability to detect compromised Microsoft accounts and mitigate the risks associated with unauthorized access to sensitive data and systems.
The post CISA Warns of Compromised Microsoft Accounts appeared first on Enzoic.


This Cyber News was published on securityboulevard.com. Publication date: Sat, 13 Apr 2024 00:58:04 +0000


Cyber News related to CISA Warns of Compromised Microsoft Accounts

CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
6 months ago Securityboulevard.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
10 months ago Microsoft.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 month ago Therecord.media
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
6 months ago Bleepingcomputer.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
10 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
7 months ago Securityweek.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
10 months ago Cisa.gov
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
9 months ago Securityboulevard.com
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
10 months ago Go.theregister.com
Defusing the threat of compromised credentials - In the end, some employees who were targeted approved the MFA requests and the attackers gained access to these accounts. Most phishing attacks employ similar social engineering techniques to trick users into turning over their credentials. Attackers ...
6 months ago Feedpress.me
CISA makes its "Malware Next-Gen" analysis system publicly available - It was originally designed to allow U.S. federal, state, local, tribal, and territorial government agencies to submit suspicious files and receive automated malware analysis through static and dynamic analysis tools. Yesterday, CISA released a new ...
6 months ago Bleepingcomputer.com
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
5 months ago Cisa.gov
CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts ...
6 months ago Cisa.gov
Attackers Target Microsoft Accounts to Weaponize OAuth Apps - Threat actors are abusing organizations' weak authentication practices to create and exploit OAuth applications, often for financial gain, in a string of attacks that include various vectors, including cryptomining, phishing, and password spraying. ...
10 months ago Darkreading.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
9 months ago Bleepingcomputer.com
CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
4 months ago Bleepingcomputer.com
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse - After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology. Alongside the warnings, Microsoft said it recently used a ...
10 months ago Therecord.media
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
10 months ago Microsoft.com
EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
10 months ago Cisa.gov
CISA confirms compromise of its Ivanti systems - CISA confirmed two of its internal systems were breached by a threat actor that exploited flaws in Ivanti products used by the U.S. cybersecurity agency. Ivanti on Jan. 10 disclosed two zero-day vulnerabilities that were under exploitation by a ...
7 months ago Techtarget.com
Optigo Networks ONS-S8 Spectra Aggregation Switch | CISA - CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial ...
1 month ago Cisa.gov
Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
1 year ago Bleepingcomputer.com
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
10 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)