13 December 2023

■ Microsoft Warns of OAuth-Based Attacks

Financially motivated threat actors are leveraging OAuth applications to automate Business Email Compromise (BEC) attacks, phishing campaigns, spamming activities, and to deploy Virtual Machines (VMs) for cryptomining, heightening security risks.

■ DonorView Data Exposure of One Million Records

DonorView's exposure of one million records included sensitive donor information and details about associated children, posing risks for phishing attacks and fraudulent donation requests.

■ UK Ministry of Defence Fined for Afghan Evacuation Data Breach

The UK's Ministry of Defence received a significant fine for failing to safeguard the personal information of Afghans seeking relocation after the Taliban took control, breaching data protection regulations.

■ Data Breach at Dubai’s Largest Taxi App, DTC

Over 220,000 individuals' data, including personal and sensitive information along with driver details, was exposed due to a breach in Dubai's largest taxi app, posing risks for privacy violations and fraud.

■ Ukraine Claims Cyberattack on Russia’s State Tax Service

Ukraine's intelligence alleges a destructive cyberattack on Russia's Federal Tax Service, leading to disruptions in internet connections between regional branches and the central office, potentially causing severe damage.

■ OAuth Apps Enable Automation of Cyber Attacks

Cyber attackers exploit OAuth apps' insufficient authentication measures, creating new apps with elevated privileges to sustain access, conceal malicious activities, and automate attacks like BEC and cryptomining.