CyberSecurityBoard
Sponsor Register Login

Microsoft seizes websites used to sell phony email accounts The Register

Microsoft has taken down US-based infrastructure and websites used by a cybercrime group to sell fraudulent online accounts to other crooks including Scattered Spider, the infamous social-engineering and extortion crew that hacked two Las Vegas casinos over the summer.
Microsoft obtained a court order on December 7 to seize US-based infrastructure and remove websites used by the gang after convincing a judge that these sites represented unauthorized use of Microsoft trademarks and pose ongoing harm to Redmond, its customers and the general public.
Specifically, the seized websites include: Hotmailbox.
Me, which sold fraudulent Microsoft Outlook accounts; 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, which sold CAPTCHA-solving tokens for use across various platforms; and social media sites used to advertise these illegal services.
They didn't just victimize Microsoft, they also injured other tech companies including Google and X/Twitter by selling CAPTCHA-defeating bots, the court documents alleged.
Scattered Spider is one of Storm-1152's clients that used these phony Microsoft Outlook email accounts in other types of cybercrime.
While the court documents don't name the customers, in early September this crime gang broke into the networks of Caesars Entertainment and MGM Resorts and demanded ransoms from both hotel and casino giants.
MGM did not pay a ransom but has said the nearly week-long system outages and disrupted operations resulting from the digital intrusion cost it about $100 million.


This Cyber News was published on go.theregister.com. Publication date: Thu, 14 Dec 2023 22:28:06 +0000


Cyber News related to Microsoft seizes websites used to sell phony email accounts The Register

The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
1 month ago Esecurityplanet.com
Microsoft seizes websites used to sell phony email accounts The Register - Microsoft has taken down US-based infrastructure and websites used by a cybercrime group to sell fraudulent online accounts to other crooks including Scattered Spider, the infamous social-engineering and extortion crew that hacked two Las Vegas ...
10 months ago Go.theregister.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
6 months ago Securityboulevard.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
11 months ago Microsoft.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
11 months ago Cybersecuritynews.com
Microsoft Targets Threat Group Behind Fake Accounts - Microsoft seized parts of the infrastructure of a prolific Vietnam-based threat group that the IT giant said was responsible for creating as many as 750 million fraudulent Microsoft accounts that were then sold to other bad actors and used to launch ...
10 months ago Securityboulevard.com
Essential Email and Internet Safety Tips for College Students - Your email is one of the most important digital assets and identities because it helps you create accounts on other platforms. Securing your email requires you to pay attention to your passwords, gadgets, and the links you engage with. The places you ...
9 months ago Securityboulevard.com
Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
9 months ago Securityzap.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
9 months ago Bleepingcomputer.com
Microsoft seizes domains used to sell fraudulent Outlook accounts - Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals. According to ...
10 months ago Bleepingcomputer.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Microsoft takes down websites used to create 750 million fraudulent accounts - Microsoft seized certain websites run by a Vietnam-based group that created roughly 750 million fraudulent Microsoft accounts after the software maker received a court order a week ago from the Southern District of New York. Posting to its blog Dec. ...
10 months ago Packetstormsecurity.com
CyberCrime & Doing Time: Identification Documents: an Obsolete Fraud Countermeasure - When I'm talking to bankers and other fraud fighters, I often mention how easy it is for a criminal to obtain a Drivers License bearing any information they desire. In the new case, Brianna Mills, a 28-year old bank teller in Loganville, Georgia ...
8 months ago Garwarner.blogspot.com
CISA orders agencies impacted by Microsoft hack to mitigate risks - CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. It requires them to investigate potentially ...
6 months ago Bleepingcomputer.com
What is an email signature? - An email signature - or signature block or signature file - is the block of text that appears at the end of an email message that provides more information about the sender. This can include details such as the sender's full name, occupation or job ...
10 months ago Techtarget.com
Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
1 year ago Bleepingcomputer.com
February 1, 2024: A Date All Email Senders Should Care About - For any organization sending bulk email or high email volumes to Google and Yahoo accounts, there's one date you should have flagged on your calendar. On February 1st, guidance indicates you'll need to pay attention if you are sending over 5000 ...
9 months ago Feedpress.me
Russian Spies Hacked Microsoft Email Systems & Accessed Code - Microsoft has disclosed that Russian government hackers, identified as the group Midnight Blizzard, have successfully infiltrated its corporate email systems and stolen source codes. Microsoft's announcement on March 8, 2024, detailed that Midnight ...
7 months ago Cybersecuritynews.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
10 months ago Itsecurityguru.org
ACDS Unveils Tailored Email Security Essentials Package for SMBs to Protect from Malicious Communications - Email is the most common attack vector for cybercriminals, in fact the overwhelming majority of malware-related security incidents are delivered via email. It's no surprise that email security is at the forefront of many business leader's minds. In ...
10 months ago Itsecurityguru.org
Microsoft disrupts credentials marketplace, warns of gift card fraud, OAuth abuse - After a relatively quiet final Patch Tuesday of 2023, Microsoft published warnings this week about the potential for gift card fraud and hackers abusing a popular authentication technology. Alongside the warnings, Microsoft said it recently used a ...
10 months ago Therecord.media
Security Boulevard - With the rising volume of fraudulent emails and AI-enhanced phishing scams, industry giants such as Google, Yahoo, and Microsoft have doubled their email security efforts. DMARC builds on two existing email authentication technologies: Sender Policy ...
9 months ago Securityboulevard.com
Many popular websites still cling to password creation policies from 1985 - A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. The researchers used an automated account creation method to assess over 20,000 ...
10 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)