🚨WK 39: Microsoft Halts Services Amid Surveillance Allegations, CISA Alerts on Cisco Vulnerabilities, Indian Bank Records Exposed, SIM Farm Cyber Threat

Microsoft Suspends Cloud Services Amid Alleged Misuse in Surveillance Operations

Microsoft has taken the unusual step of suspending certain cloud services provided to a unit within Israel’s Ministry of Defense (IMOD) after allegations emerged that its Azure infrastructure was being misused for surveillance purposes. The controversy began after a Guardian report claimed the defense unit had stored and processed data from mass civilian surveillance operations in Gaza and the West Bank using Microsoft systems. The report suggested that this activity could include monitoring communications and other sensitive information on a large scale.

In response, Microsoft announced it had disabled multiple services linked to the unit while launching an internal investigation. The company stressed that its cloud platforms must be used in line with corporate principles and human rights standards, and that any violations of those standards will trigger remedial action. Microsoft underscored that the suspension is not a final judgment but a precautionary measure during the review process.

This incident places Microsoft at the center of a broader debate about the responsibilities of global technology providers in conflict zones. Critics argue that cloud providers risk enabling human rights abuses if they do not enforce strict usage controls, while supporters of the suspension see the move as a rare instance of corporate accountability in wartime contexts.

Microsoft has promised transparency, committing to share findings and “lessons learned” once its review concludes. Until then, services to the implicated defense unit will remain suspended.

💻 Malware and Vulnerabilities

Fake IT Support Attacks Hit Microsoft Teams: Attackers are using fake IT support personas on Microsoft Teams—accounts labeled “IT Support,” “Help Desk,” etc.—to convince employees to install remote-access tools such as AnyDesk or QuickAssist, enabling malware deployment, credential theft, and persistent access. LINK

CISA Orders Federal Agencies to Mitigate Cisco Device Exploits: CISA issued Emergency Directive ED 25-03 requiring agencies to identify, assess, isolate, or upgrade vulnerable Cisco ASA and Firepower devices due to zero-day exploits enabling remote code execution and privilege escalation. Private organizations are urged to act as well. LINK

ArcaneDoor Continues Attacks against Cisco ASA Devices: The ArcaneDoor threat actor has resumed targeting Cisco ASA 5500-X Series firewall devices, exploiting VPN vulnerabilities for persistence and using tactics such as disabling logging to evade detection. LINK

Unpatched Cognex Camera Flaws Leave Industrial Vision Systems Exposed: Multiple flaws in Cognex machine-vision cameras remain unpatched, leaving inspection and automation systems vulnerable. Cognex advises migrating to newer versions, but no full fixes exist yet. LINK

LockBit 5.0 Ransomware Variant Escalates Cross-Platform Threat: LockBit launched version 5.0 of its ransomware, targeting Windows, Linux, and VMware ESXi with improved obfuscation, randomized extensions, and virtualization targeting. LINK

BRICKSTORM Espionage Campaign Exploits Stealth for Over a Year: China-linked UNC5221 deployed the “BRICKSTORM” backdoor to infiltrate US legal, tech, and SaaS sectors, exploiting edge devices and remaining undetected for an average of 393 days. LINK 

📈 Breaches and Incidents

Chinese Cyberspies Hacked US Defense Contractors: A China-linked espionage group, codenamed 'Emperor's Tea,' has successfully breached at least six US defense contractors over a two-year campaign, exfiltrating sensitive technical data and documents to support Beijing's military modernization goals. LINK

Indian Bank Transfer Records Exposed via Misconfigured Cloud Storage: Technical misconfigurations at two Indian financial service providers, Nivesh Market and SBNX, left an unsecured database online, exposing over 1.7 million bank transfer records containing sensitive customer information, including names, account numbers, and transaction details. LINK

Arizona School District Breach Exposes 35,000 After Ransomware Attack: Madison Elementary School District in Arizona disclosed that 35,000 individuals were affected by a ransomware-linked breach; attackers stole ~75 GB of files. LINK

Massive Cyberattack Disrupts ~200 Swedish Municipalities via Miljödata Breach: Ransomware on Miljödata systems disrupted HR and medical administration for 200 municipalities and regions in Sweden; hackers demanded 1.5 BTC. LINK

🚨 Threat Intel & Info Sharing

Microsoft Disables Services for Israel Defense Unit During Ethical Review: Microsoft suspended services for an Israeli defense unit after allegations its cloud systems were used for mass civilian surveillance in Gaza and the West Bank. LINK

UK Arrest Follows Aerospace Cyber Incident: The UK’s National Crime Agency arrested a suspect linked to a cyber incident affecting an aerospace firm, part of broader international cybercrime investigations. LINK

AI-Obfuscated Phishing Campaigns Detected by Microsoft: Microsoft researchers revealed an AI-vs-AI battle, where attackers used AI to generate obfuscated phishing lures and defenders countered with AI-driven detection. LINK

SIM Farm Hackers Threatened US Infrastructure, Feds Say: A hacking crew dubbed SIM Farm allegedly stole SIM card data and threatened US infrastructure, exposing risks tied to telecom vulnerabilities. LINK

AI-Powered App Exposes User Data in Privacy Failure: Trend Micro uncovered a consumer app using AI that inadvertently exposed sensitive user data through insecure APIs, raising privacy concerns. LINK

Ukraine Links Pravda Cyber Operations to State-Backed Actors: Ukrainian officials warned of ongoing cyber campaigns tied to Russia-backed actors, targeting government and defense institutions in Eastern Europe. LINK

Co-op Group Highlights Resilience Amid Cyber and Market Pressures: The UK Co-op reported strong fundamentals despite external pressures, citing investments in security and IT resilience as key stabilizers. LINK

⚖️ Laws, Policies and Regulations

Interpol Cracks Down on Large-Scale African Scamming Networks: Interpol arrested ~260 suspects across 14 African nations in romance and extortion scam operations, disrupting a multimillion-dollar fraud network. LINK

UK Fraud Crackdown Saves Half a Billion in Public Funds: The UK government announced that coordinated anti-fraud operations prevented more than £500 million in losses to public services, marking a record recovery. LINK

📊 Trends, Reports, Analysis

Report Slams ‘DOGE’ for Privacy & Cybersecurity Violations: Senate Democrats accuse the Department of Government Efficiency (DOGE) of unlawfully accessing sensitive data from SSA, GSA, and OPM, risking catastrophic breaches. LINK

RedNovember Expands Chinese State-Sponsored Espionage Campaign: RedNovember exploited VPNs, firewalls, and Outlook Web Access portals worldwide, relying on commodity tools for espionage at scale. LINK

Microsoft Faces Pressure over Planned End of Windows 10 Support: Euroconsumers urged Microsoft to extend Windows 10 security support, citing consumer harm, e-waste, and risks to refurbished devices. LINK:

📅 Upcoming Events

Virtual Event: Generative AI & Cybersecurity: Executive Strategies for Risk and Resilience

Generative AI is reshaping the cybersecurity landscape, empowering Security Operations Centers (SOCs) with intelligent automation, predictive analytics, and faster incident response. However, with this innovation comes a new class of threats: AI-generated phishing campaigns, polymorphic malware, and code exploits crafted by LLMs.

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.