top of page

Threat Bulletin

Curated list of active threats for common SaaS applications with actionable remediation steps

Logo

APT29 - NOBELIUM, Midnight Blizzard

See Details
The Midnight Blizzard attack, orchestrated by a Russian state-sponsored group, involved techniques like password spraying and misuse of OAuth applications. These methods led to the compromise of email accounts of several Microsoft employees, including those in senior leadership positions.

Severity:

HIGH

Productivity Impact:

MEDIUM

Fix Estimate:

10 minutes +

Logo

APT41 - HOODOO, Wicked Panda

See Details
APT41 sent spearphishing emails with attachments such as compiled HTML (.chm) files to initially compromise their victims.

Severity:

HIGH

Productivity Impact:

VERY LOW

Fix Estimate:

2-3 minutes

Logo

Adversarial Email forward rules

See Details
Adversaries set up forwarding rules on your users email inboxes to exfiltrate sensitive data and as a form of insurance in case they lose access to their victim’s email account.

Severity:

HIGH

Productivity Impact:

LOW

Fix Estimate:

10 minutes

Logo

DarkGate - Malware delivered via Microsoft Teams malspam campaign

See Details
Adversaries are utilizing Microsoft Teams as a delivery channel for malware. This attack leverages deceptive Microsoft Teams chat messages sent from compromised Office 365 accounts to encourage victims to download malicious files, effectively bypassing existing security measures.

Severity:

HIGH

Productivity Impact:

MEDIUM

Fix Estimate:

1-2 minutes

Logo

IDOR Vulnerability In Microsoft Teams

See Details
Allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration

Severity:

HIGH

Productivity Impact:

MEDIUM

Fix Estimate:

1-2 minutes

Logo

Storm-0558 - Millions of Azure AD Apps Affected

See Details
The Storm-0558 breach allows Chinese advanced persistent threat (APT) actors to access Microsoft cloud services, forge authentication tokens, and potentially compromise sensitive information in email accounts and other applications.

Severity:

HIGH

Productivity Impact:

HIGH

Fix Estimate:

Unknown

bottom of page