CyberAlerts

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

Description: Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,

Source: TheHackerNews

February 13th, 2025 (2 months ago)

CVE-2025-25199

BCryptGenerateSymmetricKey memory leak

Description: go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-crypto-winnative` Go package.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE

February 13th, 2025 (2 months ago)

CVE-2025-25199

[github.com/microsoft/go-crypto-winnative] go-crypto-winnative BCryptGenerateSymmetricKey memory leak

Description: Calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. References https://github.com/microsoft/go-crypto-winnative/security/advisories/GHSA-29c6-3hcj-89cf https://nvd.nist.gov/vuln/detail/CVE-2025-25199 https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 https://github.com/advisories/GHSA-29c6-3hcj-89cf

EPSS Score: 0.04%

Source: Github Advisory Database (Go)

February 12th, 2025 (2 months ago)

Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries

Description: A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the

Source: TheHackerNews

February 12th, 2025 (2 months ago)

Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally

Description: Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.

Source: Dark Reading

February 12th, 2025 (2 months ago)

New FinalDraft Malware Uses Microsoft Outlook for Espionage

Description: Elastic Security Labs has identified a new malware family named FinalDraft, that uses Microsoft’s Graph API to communicate through Outlook email drafts, allowing attackers to bypass traditional network monitoring. The malware is part of a sophisticated cyber-espionage campaign and includes a custom loader, a backdoor, and multiple post-exploitation modules targeting a foreign ministry. Elastic Security … The post New FinalDraft Malware Uses Microsoft Outlook for Espionage appeared first on CyberInsider.

Source: CyberInsider

February 12th, 2025 (2 months ago)

Podcast: AI Is Breaking Our Brains

Description: This week we discuss a new Microsoft study that finds using generative AI is "atrophying" people's cognition and critical thinking skills, the right's war on Wikipedia, and, in the subscriber's section, the idea of posting against fascism.

Source: 404 Media

February 12th, 2025 (2 months ago)

Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Description: Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge

Source: TheHackerNews

February 12th, 2025 (2 months ago)

February's Patch Tuesday sees Microsoft offer just 63 fixes

Source: TheRegister

February 12th, 2025 (2 months ago)

CVE-2025-24042

Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

Description: Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE

February 12th, 2025 (2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux Description: Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university, Source: TheHackerNews February 13th, 2025 (2 months ago)
CVE-2025-25199	BCryptGenerateSymmetricKey memory leak Description: go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-crypto-winnative` Go package. CVSS: HIGH (7.5) EPSS Score: 0.04% Source: CVE February 13th, 2025 (2 months ago)
CVE-2025-25199	[github.com/microsoft/go-crypto-winnative] go-crypto-winnative BCryptGenerateSymmetricKey memory leak Description: Calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. References https://github.com/microsoft/go-crypto-winnative/security/advisories/GHSA-29c6-3hcj-89cf https://nvd.nist.gov/vuln/detail/CVE-2025-25199 https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 https://github.com/advisories/GHSA-29c6-3hcj-89cf EPSS Score: 0.04% Source: Github Advisory Database (Go) February 12th, 2025 (2 months ago)
	Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries Description: A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe. "This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the Source: TheHackerNews February 12th, 2025 (2 months ago)
	Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally Description: Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world. Source: Dark Reading February 12th, 2025 (2 months ago)
	New FinalDraft Malware Uses Microsoft Outlook for Espionage Description: Elastic Security Labs has identified a new malware family named FinalDraft, that uses Microsoft’s Graph API to communicate through Outlook email drafts, allowing attackers to bypass traditional network monitoring. The malware is part of a sophisticated cyber-espionage campaign and includes a custom loader, a backdoor, and multiple post-exploitation modules targeting a foreign ministry. Elastic Security … The post New FinalDraft Malware Uses Microsoft Outlook for Espionage appeared first on CyberInsider. Source: CyberInsider February 12th, 2025 (2 months ago)
	Podcast: AI Is Breaking Our Brains Description: This week we discuss a new Microsoft study that finds using generative AI is "atrophying" people's cognition and critical thinking skills, the right's war on Wikipedia, and, in the subscriber's section, the idea of posting against fascism. Source: 404 Media February 12th, 2025 (2 months ago)
	Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation Description: Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge Source: TheHackerNews February 12th, 2025 (2 months ago)
	February's Patch Tuesday sees Microsoft offer just 63 fixes Source: TheRegister February 12th, 2025 (2 months ago)
CVE-2025-24042	Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability Description: Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability CVSS: HIGH (7.3) EPSS Score: 0.04% Source: CVE February 12th, 2025 (2 months ago)