Security News > 2023 > February

Gmail client-side encryption is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar since last year.

An advanced hacking operation dubbed 'SCARLETEEL' targets public-facing web apps running in containers to infiltrate cloud services and steal sensitive data. While the attackers deployed cryptominers in the compromised cloud environments, the hackers showed advanced expertise in AWS cloud mechanics, which they used to burrow further into the company's cloud infrastructure.

Microsoft announced today that it's integrating the new AI-powered Bing Chat into the Windows 11 search box with the latest Windows feature update. "Today, we take the next major step forward and combine the incredible breadth and ease of use of the Windows PC with the amazing power of the new AI-enhanced Bing to provide hundreds of millions of Windows 11 users the next era of computing," said Microsoft EVP & Chief Product Officer Panos Panay on Tuesday.

The new update is being released as an optional cumulative preview update that can be manually installed by opening Settings > Windows Update and clicking the 'Check for updates' button. Due to this less frequent update cycle, Microsoft introduced a new update process for Windows 11 that allows new features to be released more frequently.

Microsoft announced today an early preview of Phone Link for iPhone users available to Windows Insiders running the latest Windows 11 builds. "The preview will begin rolling out to Insiders who have opted in their device into one of the 3 Insider Channels via Settings > Windows Update > Windows Insider Program," Microsoft Senior Program Manager Brandon LeBlanc said.

Romanian cybersecurity company Bitdefender has released a free decryptor for a new ransomware strain known as MortalKombat. MortalKombat is a new ransomware strain that emerged in January 2023.

Some of the notable features include establishing a reverse shell with elevated privileges, uploading and downloading files, logging keystrokes, launching ransomware to encrypt files, and starting a live VNC session for real-time access. The cybersecurity firm assessed with moderate confidence that threat actors responsible for creating the malware are operating from North, East, or Southeast Asia and are likely former affiliates of the LockBit ransomware.

The old phrase "Sharing is caring" is something that Faye Francy has seen revolutionize entire industries. From her years as a Boeing Commercial Airplanes Cybersecurity ONE team leader, to Aviation-ISAC, and ultimately becoming the Executive Director of Automotive-ISAC, Faye has the unique vantage point of enabling communication between very private and siloed industries.

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack-using power consumption-against an implementation of the algorithm that was supposed to be resistant against that sort of attack.

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups: "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack." The second incident went initially unnoticed, LastPass says, the tactics, techniques, and procedures and the indicators of compromise of the second incident "Were not consistent with those of the first." It was only later determined that the two incidents were related.