Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

State-sponsored hackers compromised the email accounts of several Washington Post journalists

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post. A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security. “A cyberattack on the Washington Post compromised email accounts of several journalists and was potentially the work […]

Washington Post.

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post.

A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security.

“A cyberattack on the Washington Post compromised email accounts of several journalists and was potentially the work of a foreign government, company officials told some affected staffers in recent days, according to people familiar with the situation.” reads the report published by The Wall Street Journal.

“Staffers were told the intrusions compromised journalists’ Microsoft accounts and could have granted the intruder access to work emails they sent and received, some of the people said. The reporters targeted include those on the national-security and economic-policy teams, including some who write about China, the people said.”

The cyber attack was discovered on June 13. On June 15, the media outlet informed its staff via memo of the potential compromise of the Microsoft email accounts of a limited number of journalists.  Executive Editor Matt Murray sent the memo to the employees.

The Washington Post reset all employee passwords as a precaution after the intrusion, which didn’t affect other systems or customers.

The Washington Post is a major American daily newspaper based in Washington, D.C. It is one of the most influential and widely read newspapers in the United States, known for its investigative journalism, in-depth political coverage, and reporting on national and international news. Jeff Bezos, the founder of Amazon, acquired it in 2013.

In February 2022, American media and publishing giant News Corp revealed it was a victim of a cyber attack from an advanced persistent threat actor that took place in January.

The attackers compromised one of the systems of the company and had access to emails and documents of some employees.

Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes. News Corp has hired cybersecurity and incident response firm Mandiant, to assist with the investigation. Mandiant researchers speculated the attack was conducted by a China-linked APT group.

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, vice president of consulting at Mandiant, told Reuters.

News Corp-owned WSJ reported that the attack affected major portion of the new conglomerate, including The Wall Street Journal and New York Post.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Washington Post)