Security News > 2020 > December

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

Organizations with call centers must keep this in mind and take an omnichannel strategy to fraud mitigation: end consumers, call center agents, security teams, and technology must work together to stop fraud. Fraudsters exploit self-service prompts and call flows to steal information they will use at a later date; with contemporary technology and machine learning, it's possible to predict probable fraud attempts up to two months in advance.

As a result, companies have to make sure the SaaS vendors keep their company's data secure, and that their employees use of these SaaS solutions is secure also when end users are not connected to the office network. They'll also look for BYOD security strategies and take a more modern approach to security architecture that includes cloud-based security and access management protections, such as multifactor authentication and federation with SaaS applications.

CFOs are taking on greater strategic and enterprise-building roles after guiding their organizations through the challenges of COVID-19. CFO Research of Argyle Advisory & Research Services and FTI Consulting surveyed 325 corporate finance executives to better understand how CFOs and the finance function drive enterprise value.

The operators of Joker's Stash operate several versions of the platform, including Blockchain proxy server domains -. The actors behind Joker's Stash took to Russian-language carding forum Club2CRD stating that no card dumps were stored on the servers and transition plans were already underway to move the content hosted on the busted site to a new blockchain version of the portal.

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.

The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "Abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago. The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[. A now-defunct online service that had been previously selling access to data hacked from other websites.

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could allow a remote attacker to execute unauthenticated API commands, thus resulting in a compromise of the SolarWinds instance.

Microsoft is believed to be working on a new virtualized desktop experience called 'Cloud PC' to help administrators deploy and manage Windows 10 PCs in the cloud via web browser, mobile app or another PC. Cloud PC will also allow Microsoft to handle your organization's device configuration by applying updates security improvements regularly, and offer managed support. Cloud PC is based on Azure and Windows Virtual Desktop and it won't replace any version of Windows.