Outlook outage, Iranian APT activity, Russian ransomware arrest

In today’s cybersecurity news…

Look Out! Another Outlook Outage

A major outage affected millions of users worldwide yesterday, actually starting at 6:20 p.m. ET on Wednesday July 9. At the time, Microsoft announced that “users may be unable to access their mailbox using any connection methods,” including Outlook.com, Outlook Mobile, the Outlook desktop client, and Hotmail. An update late Wednesday evening had Microsoft stating it was “continuing to probe the impacted mailbox infrastructure and suspected the glitch was related to an authentication component.” By 2:00 a.m. Thursday morning, Microsoft announced that the fix would take an extended period, but that progress was being made. As of this recording, full restoration had not been achieved.

(The Register)

Iranian APTs increased activity against U.S. industries in late spring

This statement is from Nozomi Networks, a company that “specializes in securing OT for critical infrastructure.” Their report, released on Tuesday, said that its team “spotted 28 Iran-linked attacks on customers in May and June, up from 12 in the previous two-month period, a bump of 133%.” Prime U.S. targets were in transportation and manufacturing. The most active of the Iranian groups observed was MuddyWater, a group we have reported on many times, yet who is best known for targeting infrastructure in Saudi Arabia, Iraq, and Turkey.

(The Record)

Russian basketball player arrested in France over alleged ransomware ties

At the request of the United States, 26-year-old professional athlete, Daniil Kasatkin, was arrested in France, accused of involvement in a ransomware group that “allegedly targeted hundreds of American companies and federal institutions.” He was arrested in June, upon arriving at Paris’s Charles de Gaulle Airport and is being held in extradition custody. Kasatkin, who previously studied and played basketball at Penn State University. The ransomware network that he is accused of being associated with has not been named. His role, allegedly was as a ransom payment negotiator, although his lawyer has described him as “useless with computers.”

(The Record)

Four arrested in connection with M&S and Co-op cyber-attacks

Police, along with dozens of officers from Britain’s National Crime Agency (NCA) descended on the homes of four suspects who now stand accused of conducting the cyberattacks on retailers Marks & Spencer and The Co-Op. The suspects range in age from 17 to 20. Three of these are from the UK, the fourth from Latvia. During the raid, police also seized numerous “electronic devices” from their homes. The four were apprehended on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.

(BBC News)

Huge thanks to our sponsor, Vanta

Google Cloud offers partial AI data sovereignty for UK customers

Google Cloud is taking steps to address data sovereignty concerns around AI data by offering UK-based organizations “the option to keep Gemini 2.5 Flash machine learning processing entirely within the UK.” This will be presented as an option in which “a customer can select Google Cloud’s UK region (europe-west2) when using Gemini 2.5 Flash to store data in that region.” This means that machine learning computations, in other words, the processing of Gemini 2.5 Flash “can be limited to within the UK region,” However the same cannot be sid for Gemini tech support, which will be shared by Google’s global facilities, which may remain a complicating factor in complete data sovereignty.

(The Register)

PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda vehicles

This flaw comprises four vulnerabilities and affects the BlueSDK Bluetooth stack from OpenSynergy, used in vehicles from the vendors mentioned, as well as others, since it is widely used in the automotive industry. The flaw can be exploited to “achieve remote code execution and potentially allow access to critical elements.” The security issues can be “chained together into an exploit that researchers call a PerfektBlue attack and can be delivered over-the-air by an attacker, requiring “at most 1-click from a user.” The flaw was discovered by pentesters at PCA Cyber Security, an automotive security firm known as regular participants at Pwn2Own Automotive, and who have uncovered more than over 50 vulnerabilities in car systems in the last year alone. Interestingly, OpenSynergy “confirmed the flaws last year in June and released patches to customers in September 2024 but many automakers have yet to push the firmware updates. At least one major OEM learned only recently about the security risks.”

(BleepingComputer)

Ex-X exec: Yaccarino’s departure

The former head of advertising at NBCUniversal took over the reins at X (formerly Twitter) two years ago. She stated in a post on X, that she was immensely grateful to owner Elon Musk for “entrusting me with the responsibility of protecting free speech, turning the company around, and transforming X into the Everything App.” Musk’s reply post said only, “Thank you for your contributions.” Reasons for Yaccarino’s departure are not known.

(BBC News)

Nvidia becomes world’s first $4tn company

Unsurprisingly, shares in the chipmaker continue to rise thanks to the ongoing surge in demand for the technology that helps make AI happen. After having hit a value of $1tn for the first time in June 2023, the company has continued to climb. Experts such as Dan Ives of Wedbush Securities, suggest that it is “the only company in the world that is the foundation for the AI Revolution.” Companies that trail Nvidia in the most highly valued companies list are – in descending order, Microsoft, Apple, Amazon, Alphabet, Meta, Aramco, Broadcom, Berkshire Hathaway, and, lastly, bucking the trend of snappy names, the Taiwan Semiconductor Manufacturing Company.

(BBC News)