AZURE, ONEDRIVE and OUTLOOK hacked with AUTOMATOR.APP
Hi, Today,I was setting up my azure dashboard and it just changed. It suddenly turned into a fake dashboard. The onedrive and outlook, he sent tasks, and corrupted a lot of files, and deleted a bunch of them, the email also all that as related to him got corrupted (the files became a deformed image).Its a hacker who is been harassing me. But he is escalating. He is even on the Krebsonsecurity blog, 2013, among 33 hackers who took down the internet. So I was investigating it, and figured out how he is doing it. He uses Automotor.app (MACOS), creating several tasks e sent tasks through calendar. It removes attachments from email (and replaces it with just a pic of it, distorted). Delete some emails, moves other to another folder, and who knows what else. This is a MAJOR THREAT. Does anyone has any suggestions on how to fix it? THE SEQUENCE This action attaches files to a Mail message. REQUIRES - The Mail application must be running and there must be an outgoing message. IMPUT (Files/Folders) The files to be attached are passed in from the previous action. RESULT Mail messages This action tells the Mail viewer window to focus on the passed in mailboxes and/or messages. IMPUT - Mail messages, Mail mailboxes. RESULT - Mail messages This action determines if the input items meet the specified criteria. IMPUT Mail messages, Mail mailboxes, Mail accounts RESULT Mail messages, Mail mailboxes, Mail accounts This action lets you search for items with the specified criteria. IMPUT Mail messages, Mail mailboxes, Mail accounts RESULT Mail messages, Mail mailboxes, Mail accounts This action extracts files attached to mail messages and saves them to the selected location. IMPUT Mail messages RESULT (Files/Folders) Attached files are passed to the next action This action will launch the Mail application and attempt to retrieve new mail messages for the specified account or all accounts. IMPUT Anything RESULT Anything This action gets the selected items and passes them to the following action. IMPUT Mail messages, Mail mailboxes, Mail accounts RESULT Mail messages, Mail mailboxes, Mail accounts This action passes the specified Mail items into the next action. IMPUT Mail items RESULT Mail Items This action creates a copy of the prepared Mail message for each of the passed in people. REQUIRES An outgoing message open in Mail prepared with subject, content and any attachments IMPUT Contacts items, Contacts people, Contacts groups RESULT Mail messages RELATED ACTION Send Outgoing Messages NOTE The message copies are not sent by this action. This action creates a new outgoing message in Mail. IMPUT (Anything) If text is received from a previous action, the text is appended to the message. If files are received from a previous action, the files are attached to the message. RESULT Mail messages RELATED ACTION Send Outgoing Messages This action creates a new Reminders item. If given input, it will use the input as the titles of the reminders. IMPUT Text RESULT Reminders This action sends an email with a birthday greeting. IMPUT Contacts people RESULT Mail messages RELATED ACTION Find People with Birthdays, Send Outgoing Messages This action sends the outgoing email messages in the Mail application. IMPUT Mail messages RESULT Mail messages, NOTE If outgoing messages are passed from the previous action, only they will be sent. If no messages are passed in, all outgoing messages will be sent. Thanx GWLong term Microsoft Security viability
Dear Security Experts, I come to you with a question born out of genuine concern and respect. For approximately two decades, my career has been closely tied to Microsoft, with a significant focus on its ecosystem. Recently, my attention has been drawn towards the security services provided by Microsoft, particularly around Defender. My question, posed with all due positivity, revolves around the confidence we can place in Microsoft at this juncture. This concern is particularly pertinent in light of the security lapses we've witnessed, including the notable incident this past summer involving the compromise of the MSA key by external actors. The current Russia breach situation. Such events often leave us without a clear understanding of their mechanics. Despite this, the expectation remains that we entrust our most critical data to these services. Having been a staunch advocate for Microsoft throughout my career, I am increasingly apprehensive about the future efficacy of its security practices. Am I the only one?
My laptop has been blocked by BitLocker.
However, there is no BitLocker recovery keys on my Microsoft account. I have tried to call Microsoft support, but I only get bot messages that take me to sites that asks me to go and check my Microsoft account. Is there any way I can chat with a human that can actually help me how to get around this BitLocker? thanks
Unwanted Linked device
Hi 2 devices have access to my Microsoft account, sometimes when I log into my device it welcomes me as the other person vice versa. When we try creating a new alias on the other device it does not allow us (I don't even know what an alias is, all I know is it's in my name on another person's device) Sometimes I find the other device linked to mine, I keep removing the device however it keeps linking itself. Please help me because it turns out the other device has access to my cloud documents, regardless of whether I've logged in or not. I have to get this fixed within next 2 weeks otherwise I'm done for.Can’t Remove Defender Tag After Asset Rule Was Deleted
Hi all, I’m facing an issue where a rule-based tag in Microsoft Defender for Endpoint remains visible on devices even after I deleted the original asset rule. The rule was disabled and deleted months ago, but the tag still appears under Rule-based tags in the device details. Even using the API or PowerShell doesn’t show or remove it. Is there any supported way to force a tag refresh or clear orphaned rule-based tags from the Defender portal? Thanks in advance, LucaAutomating Defender Alerts with CISA KEV and n8n – Has anyone tried similar workflows?
Hi everyone, I’ve been experimenting with n8n automation to improve vulnerability management. I created a workflow that cross-references Microsoft Defender for Endpoint vulnerabilities with the CISA Known Exploited Vulnerabilities (KEV) catalog, and then automatically creates Jira tickets for remediation. The flow takes about 16 seconds to run and prioritizes only the CVEs that are both present in the environment and listed in KEV. Has anyone here built similar automation (maybe with Logic Apps, Power Automate, or Sentinel playbooks)? Would love to hear how others handle vulnerability prioritization or ticket creation!Defender for Endpoint Firewall Rules Not Applying to Devices
Hello Security Experts, I’m currently deploying Microsoft Defender for Business and trying to enforce firewall configurations directly from the Defender portal. However, I’ve noticed that the settings are not applying to any of the onboarded devices — nothing changes on the endpoints. Do firewall rules in Defender for Endpoint require Intune to be enforced, or should they work standalone? And if Intune isn’t used, what’s the best approach to apply consistent Defender firewall rules across devices? Thanks, LucaHigh CPU Usage by Microsoft Defender (MsMpEng.exe) on Azure Windows Server 2019
Hi everyone, I’ve been seeing consistent CPU spikes from MsMpEng.exe (Antimalware Service Executable) on several Windows Server 2019 Datacenter VMs hosted in Azure. The usage reaches 100% for about 10–15 minutes daily, always around the same time. No manual scans are scheduled, and limiting CPU usage with Set-MpPreference -ScanAvgCPULoadFactor didn’t help. Could this be related to Defender’s cloud protection update cycle, or possibly a backend maintenance task from Defender for Cloud? Is there a recommended way to throttle or schedule these background Defender tasks in production environments? Appreciate any insights, Luca
