Daily Archives: October 14, 2025

Microsoft warns of ‘payroll pirate’ attacks against US universities

Posted on by

Microsoft’s Threat Intelligence team has sounded the alarm over a new financially-motivated cybercrime spree that is raiding US university payroll systems.

In a blog post, Redmond said a cybercrime crew it tracks as Storm-2657 has been targeting university employees since March 2025, hijacking salaries by breaking into HR software such as Workday.

The attack is as audacious as it is simple: compromise HR and email accounts, quietly change payroll settings, and redirect pay packets into attacker-controlled bank accounts. Microsoft has dubbed the operation “payroll pirate,” a nod to the way crooks plunder staff wages without touching the employer’s systems directly.

Storm-2657’s campaign begins with phishing emails designed to harvest multifactor authentication (MFA) codes using adversary-in-the-middle (AiTM) techniques. Once in, the attackers breach Exchange Online accounts and insert inbox rules to hide or delete HR messages. From there, they use stolen credentials and SSO integrations to access Workday and tweak direct deposit information, ensuring that future payments go straight to them.

Microsoft stresses that the attacks don’t exploit a flaw in Workday itself. The weak points are poor MFA hygiene and sloppy configurations, with Redmond warning that organizations still relying on legacy or easily-phished MFA are sitting ducks.

“Since March 2025, we’ve observed 11 successfully compromised accounts at three universities that were used to send phishing emails to nearly 6,000 email accounts across 25 universities,” Microsoft explained. It says these lures were crafted with academic precision: fake HR updates, reports of faculty misconduct, or notes about illness clusters, often linked through shared Google Docs to bypass filtering and appear routine.

In one instance, a phishing message urging recipients to “check their illness exposure status” was sent to 500 people within a single university, and only about 10 percent flagged it as suspicious, according to Microsoft.

[…]

Source: Microsoft warns of ‘payroll pirate’ attacks against US unis • The Register

Microsoft illegally tracked students via 365 Education, must now say what it did with the data

Posted on by

An Austrian digital privacy group has claimed victory over Microsoft after the country’s data protection regulator ruled the software giant “illegally” tracked students via its 365 Education platform and used their data.

noyb said the ruling [PDF] by the Austrian Data Protection Authority also confirmed that Microsoft had tried to shift responsibility for access requests to local schools, and the software and cloud giant would have to explain how it used user data.

The ruling could have far-reaching effects for Microsoft and its obligations to inform Microsoft 365 users across Europe about what it is doing with their data, noyb argues.

The complaint dates back to the COVID-19 pandemic, when schools rapidly shifted to online learning, using the likes of 365 Education.

The privacy group said: “Microsoft shifted all responsibility to comply with privacy laws onto schools and national authorities – that have little to no actual control over the use of student data.”

When the complainant filed an access request to see what information was being processed, “this led to massive finger pointing: Microsoft simply referred the complainant to its local school.”

But the school and education authorities could only provide minimal information. The school, for example, could not access information that rested with Microsoft. “No one felt able to comply with GDPR rights.”

This prompted a complaint against the school, national and local education authorities, and Microsoft.

The ruling, machine translated, said: “It is determined that Microsoft, as a controller, violated the complainant’s right of access (Art. 15 GDPR) by failing to provide complete information about the data processed when using Microsoft Education 365.”

Microsoft was ordered to provide complete information about the data transmitted, and to provide clear explanations of terms such as “internal reporting,” “business modelling” and “improvement of core functionality.” It must also disclose if information was transferred to third parties.

[…]

 

Source: Microsoft ‘illegally’ tracked students via 365 Education • The Register

Earth’s Climate Has Passed Its First Irreversible Tipping Point and Entered a ‘New Reality’

Posted on by

Climate change has pushed warm-water coral reefs past a point of no return, marking the first time a major climate tipping point has been crossed, according to a report released on Sunday by an international team in advance of the United Nations Climate Change Conference COP30 in Brazil this November.

Tipping points include global ice loss, Amazon rainforest loss, and the possible collapse of vital ocean currents. Once crossed, they will trigger self-perpetuating and irreversible changes that will lead to new and unpredictable climate conditions. But the new report also emphasizes progress on positive tipping points, such as the rapid rollout of green technologies.

[…]

The world is entering a “new reality” as global temperatures will inevitably overshoot the goal of staying within 1.5°C of pre-industrial averages set by the Paris Climate Agreement in 2015, warns the Global Tipping Points Report 2025, the second iteration of a collaboration focused on key thresholds in Earth’s climate system.

[…]

“The marine heat wave hit 80 percent of the world’s warm-water coral reefs with the worst bleaching event on record,” said Smith. “Their response confirms that we can no longer talk about tipping points as a future risk. The widespread dieback of warm-water coral reefs is already underway, and it’s impacting hundreds of millions of people who depend on the reef for fishing, for tourism, for coastal protection, and from rising seas and storm surges.”

The report singled out Caribbean corals as a useful case study given that these ecosystems face a host of pressures, including extreme weather, overfishing, and inadequate sewage and pollution management. These coral diebacks are a disaster not only for the biodiverse inhabitants of the reefs, but also for the many communities who depend on them for food, income, coastal protection, and as a part of cultural identity.

[…]

 

Source: Earth’s Climate Has Passed Its First Irreversible Tipping Point and Entered a ‘New Reality’

Vodafone UK keels over, leaving millions disconnected

Posted on by

Vodafone fell over in the UK this afternoon, with Register readers reporting that many services including mobile coverage, internet services, and even the company’s own status page went down.

The outage began on Monday at 14.25 BST, and 30 minutes later it peaked when monitoring website Downdetector.co.uk reported that almost 140,000 customers were unable to use the service. One Register reader, Steve Maxted, noted that “Vodafone is down. Hard! Everything. Landline internet, mobile internet, website… It’s not just DNS, as ping also fails.”

Ah, yes, that old standby – it isn’t DNS – it can’t be DNS – until it is. However, something more serious appears to have affected the telco. The Register contacted Vodafone for more details, but the company has yet to respond.

Another reader told us: “One of our multi-network roaming SIM providers just warned us that ‘we are currently aware of an ongoing issue with the Vodafone UK Network. This seems to be affecting a large number of consumer devices across the country.'”

Our reader’s phone registered a strong signal, but data appeared to be broken, and while an inbound call worked, “trying an outbound call caused my Pixel 7 to lock up completely and do a very slow reboot – first time I’ve seen that.”

Less than ideal. Readers also reported that broadband was affected by the outage, which is odd since we would have expected cellular and internet connectivity to be largely separate. Hopefully, there are no single points of failure lurking within Vodafone UK’s infrastructure.

Vodafone and Three recently announced a deal whereby customers of one could use the other’s network. At the time of writing, Three does not appear to have any issues, so it would have been a good time for a network switcheroo. However, as one reader observed, the problems did not seem to be with the signal strength but rather with something else within the system.

A spokesperson at Vodafone told us:

“This afternoon, for a short time, the Vodafone network had an issue affecting broadband, 4G and 5G services. 2G voice calls and SMS messaging were unaffected and the network is now recovering. We apologise for any inconvenience this caused our customers.”

Source: Vodafone keels over, leaving millions disconnected • The Register