Security News > 2023 > March

New York law firm Heidell, Pittoni, Murphy and Bach has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world. New York Attorney General Letitia James, who brought the lawsuit against the lawyers, blamed HPMB's poor data security practices for the privacy breach.

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "Persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them.It will also be able to throttle and eventually block emails from Exchange servers that haven't been remediated before reaching Exchange Online mailboxes.

Traditional, well-behaved image viewers, including the very tool you just used to crop the file, would ignore the extra data, but deliberately-coded data recovery or snooping apps might not. The low-level details of the bug were different, not least because Google's app was coded in Java and used Java libraries, while Microsoft's apps are written in C++ and use Windows libraries, but the leaky side-effects were identical.

Apple has released security updates to backport patches released last month, addressing an actively exploited zero-day bug for older iPhones and iPads. "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited," Apple describes the zero-day.

New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. Proofpoint has identified two new variants of the IcedID loader, namely "Lite" and "Forked", both delivering the same IcedID bot with a more narrow-focused feature set.

GitHub is now prompting developers and administrators who use the site to secure their accounts with two-factor authentication. The move toward two-factor authentication for all such users officially started on March 13 and will be a requirement by the end of 2023, GitHub said in a recent blog post.

Apparently, Moore and Noyce toyed with the precise but unadventurous company name Moore Noyce, but soon realised that when said aloud, it was easily confused with "More noise", an undesirable attribute in electronic circuits. Looking ahead 10 years, Moore therefore conjectured that by 1975, we might reasonably expect chips with 216 components baked into them - an astonishing acceleration in potential computer power.

A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. MacStealer is being distributed as a malware-as-a-service, where the developer sells premade builds for $100, allowing purchasers to spread the malware in their campaigns.

Microsoft has unveiled a faster and redesigned version of its Microsoft Teams communication and collaboration software that has begun rolling out to Windows users today as a preview release. The company describes the new Teams client as being twice as faster and consuming 50% less memory and up to 70% less disk space when compared to the current app.

Microsoft has unveiled a faster and redesigned version of its Microsoft Teams communication and collaboration software that has begun rolling out to Windows users today as a preview release. The company describes the new Teams client as being twice as faster and consuming 50% less memory and up to 70% less disk space when compared to the current app.