Tech
Microsoft scores win against Office 365 credential thieves | Computer Weekly
Investigators from Microsoft’s Digital Crimes Unit (DCU) have disrupted the network behind the dangerous RaccoonO365 infostealer malware that targeted the usernames and credentials of Office 365 users after being granted a court order in the Southern District of New York.
The operation saw a total of 338 websites linked to the popular malware seized and its technical infrastructure disrupted, severing RaccoonO365 users’ access to their victims.
RaccoonO365 – which was tracked in Microsoft’s threat actor matrix as Storm-2246 – was a relatively unsophisticated, subscription-based phishing kit that exploited Microsoft’s own branding to make its fake email, attachments and websites seem realistic enough to trick victims into interacting with them.
Microsoft’s Stephen Masada, DCU assistant general counsel, said the case showed that effective cyber criminals did not need to be particularly sophisticated to have an impact: “Since July 2024, RaccoonO365’s kits have been used to steal at least 5,000 Microsoft credentials from 94 countries.
“While not all stolen information results in compromised networks or fraud due to the variety of security features employed to remediate threats, these numbers underscore the scale of the threat and how social engineering remains a go-to tactic for cyber criminals.
“More broadly, the rapid development, marketing and accessibility of services such as RaccoonO365 indicate that we are entering a troubling new phase of cyber crime where scams and threats are likely to multiply exponentially.”
The DCU operation appears to have come at the right time as in the past 12 months, Microsoft said RaccoonO365 had undergone a rapid technical evolution with regular upgrades to meet rising demand.
Among other things, users were able to input 9,000 target email addresses every day, and could also “benefit” from on-board features that enabled them to circumvent multi-factor authentication (MFA) safeguards and establish persistent access on their victims’ computers.
In the past few months, RaccoonO365’s operators also started advertising an AI service that supposedly enabled users to scale their operations and improve the effectiveness of their attacks.
Leadership identified
At the same time, the DCU has named a Nigerian national, Joshua Ogundipe, as the leader of the enterprise behind RaccoonO365. He was identified following an operational security lapse in which the gang accidentally revealed a secret cryptocurrency wallet, which the DCU said greatly helped with attribution.
It accused Ogundipe and associates of selling their services via Telegram to their customers, estimated to be around 100 to 200 subscriptions based on the group’s membership of 845 (as of 25 August) – although this is likely an underestimate.
According to Cloudflare, which worked with the DCU throughout the takedown, access to the RaccoonO365 phishing kit was sold on a subscription basis, with 30-day plans available for $355 and 90-day plans for $999, payable in various forms of cryptocurrency.
Alongside his associates, Ogundipe, who supposedly has a background in computer programming and is thought to have written the bulk of RaccoonO365, ran a seemingly professional organisation with specialist development, sales and customer support resources.
To obfuscate their activities, the gang registered multiple internet domains with fake names and addresses around the world, although screengrabs of Ogundipe’s LinkedIn profile shared by the DCU suggest he may be located in Benin City in southern Nigeria.
A criminal referral for his arrest has been circulated to international law enforcement. However, whether or not he ever faces justice is unknown, said Masada.
“Legal challenges persist, especially in places where prosecuting cyber criminals is difficult. Today’s patchwork of international laws remains a major obstacle and cyber criminals exploit these gaps,” said Masada.
“Governments must work together to align their cyber crime laws, speed up cross-border prosecutions and close the loopholes that let criminals operate with impunity. The international community should also support nations that are working to strengthen their defences, while holding accountable those that turn a blind eye to cyber crime.
“While we press forward in the courts, organisations and individuals should also continue to bolster their defences. That means enabling strong multi-factor authentication on accounts, using up-to-date anti-phishing and security tools, and educating users to stay vigilant against evolving scams.”
The US Food and Drug Administration today approved a pill version of the blockbuster anti-obesity drug Wegovy. Made by Novo Nordisk, the pill is taken once a day. The company’s original version of Wegovy is a weekly injection. Both drugs contain the same active ingredient, semaglutide.
“This allows patients with obesity who want to lose weight to have a choice between a once weekly injection or a daily tablet,” says Martin Holst Lange, chief scientific officer at Novo Nordisk.
With the soaring popularity of injectable GLP-1 drugs for weight loss, Novo Nordisk and other pharmaceutical companies have been racing to make effective pill versions that could be preferable for some patients. These drugs mimic a naturally occurring hormone in the body that acts on the brain and gut to promote a feeling of fullness.
In clinical trial results published in the New England Journal of Medicine, participants who took the pill achieved an average weight loss of 13.6 percent by 64 weeks. Nearly 30 percent of people lost 20 percent or more of their weight. The study also showed improvements in cardiovascular disease risk and physical activity levels similar to the injectable version.
While pills can sometimes be a more convenient option, patients may not always take them as prescribed, making them less effective. The clinical trial investigators estimated that in an ideal scenario where participants take the pill every day as prescribed, weight loss would be 16.6 percent—which is similar to results seen with injectable Wegovy.
Novo Nordisk first won approval for an oral semaglutide, sold under the brand name Rybelsus, in 2019 to treat type 2 diabetes. That drug has never been approved for obesity and is not as effective for weight loss as newer GLP-1 medications. The Wegovy pill is essentially a higher-dose version of Rybselsus.
“The efficacy for the obesity pill at the end of the day is driven by dose. Higher doses are required to achieve full weight-loss potential for obesity,” Lange says. The Wegovy pill is 25 milligrams while Rybelsus is 14 milligrams.
The most common side effects of oral Wegovy include nausea and vomiting, which are also side effects of the injectable version.
Novo has not disclosed the exact timeline for the drug’s launch, but Lange says it will be available sometime in the first few months of 2026. Production of the medication is already underway at Novo Nordisk’s US manufacturing sites, and the company expects to have enough of the drug to meet US demand.
The first thing to think about is how you’re going to drain the water from the dehumidifier. In the basement, the best thing you can do is to use the dehumidifier’s continuous water drain tube to either the sump pump or a drain. If those options are not available, you might be emptying the tank multiple times a day. The first time I put a dehumidifier in the basement, the tank was filled in three hours’ time. It’s all about the drainage. Also, knowing how to read a label. If you have a 50-pint humdidifier that means the appliance can remove 50 pints of moisture from the air in a 24-hour period; it’s not the internal tank capacity. Also, look for the maximum area coverage. For example, the Honeywell Smart 50 pint can remove 50 pints of water from 4,000 sq ft—the size of a whole house—in 24 hours.
If you, like me, also need a dehumidifier in your city apartment, then consider buying one that’s easy to move around with wheels and a handle. Some of these machines are heavy. Also, a small dehumidifier in the bathroom is a good idea to keep the dampness at bay, especially if you have mold growing on your grout.
Lastly, do not drink the water collected in your dehumidifier tank. That water is not potable. Pour it down the drain. A dehumidifier is not creating distilled water; that’s a different process and appliance.
Over the weekend, the Justice Department released three new data sets comprising files related to Jeffrey Epstein. The DOJ had previously released nearly 4,000 documents prior to the Friday midnight deadline required by the Epstein Files Transparency Act.
As with Friday’s release, the new tranche appears to contain hundreds of photographs, along with various court records pertaining to Epstein and his associates. The first of the additional datasets, Data Set 5, is photos of hard drives and physical folders, as well as chain-of-custody forms. Data Set 6 appears to mostly be grand jury materials from cases out of the Southern District of New York against Epstein and his coconspirator, Ghislaine Maxwell. Data Set 7 includes more grand jury materials from those cases, as well as materials from a separate 2007 Florida grand jury.
Data Set 7 also includes an out-of-order transcript between R. Alexander Acosta and the DOJ’s Office of Professional Responsibility from 2019. According to the transcript, the OPR was investigating whether attorneys in the Southern District of Florida US Attorney’s Office committed professional misconduct by entering into a non-prosecution agreement with Epstein, who was being investigated by state law enforcement on sexual battery charges. Acosta was the head of the office when the agreement was signed.
Leading up to the deadline to release materials, the DOJ made three separate requests to unseal grand jury materials. Those requests were granted earlier this month.
The initial release of the Epstein files was met with protest, particularly by Epstein victims and Democratic lawmakers. “The public received a fraction of the files, and what we received was riddled with abnormal and extreme redactions with no explanation,” wrote a group of 19 women who had survived abuse from Epstein and Maxwell in a statement posted on social media. Senator Chuck Schumer said Monday that he would force a vote that would allow the Senate to sue the Trump administration for a full release of the Epstein files.
Along with the release of the new batch of files over the weekend, the Justice Department also removed at least 16 files from its initial offering, including a photograph that depicted Donald Trump. The DOJ later restored that photograph, saying in a statement on X that it had initially been flagged “for potential further action to protect victims.” The post went on to say that “after the review, it was determined there is no evidence that any Epstein victims are depicted in the photograph, and it has been reposted without any alteration or redaction.”
The Justice Department acknowledged in a fact sheet on Sunday that it has “hundreds of thousands of pages of material to release,” claiming that it has more than 200 lawyers reviewing files prior to release.
Egypt stepping up efforts to modernise textile, spinning sector: PM
“Call of Duty” co-creator Vince Zampella dies after crash on Los Angeles highway
‘Highly respected general’: Trump again acknowledges Field Marshal
-
Business1 week agoStudying Abroad Is Costly, But Not Impossible: Experts On Smarter Financial Planning
-
Fashion5 days agoIndonesia’s thrift surge fuels waste and textile industry woes
-
Business1 week agoKSE-100 index gains 876 points amid cut in policy rate | The Express Tribune
-
Business5 days agoBP names new boss as current CEO leaves after less than two years
-
Sports1 week agoJets defensive lineman rips NFL officials after ejection vs Jaguars
-
Tech1 week agoFor the First Time, AI Analyzes Language as Well as a Human Expert
-
Entertainment1 week agoPrince Harry, Meghan Markle’s 2025 Christmas card: A shift in strategy
-
Tech5 days agoT-Mobile Business Internet and Phone Deals