Security News > 2023 > March

OSC&R is an open framework for understanding and evaluating software supply chain security threats. Spearheaded by OX Security, OSC&R is a MITRE-like framework designed to provide a common language and structure for understanding and analyzing the tactics, techniques, and procedures used by adversaries to compromise the security of software supply chains.

An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan - a Moscow IT consultancy - that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools. According to The Guardian, this latest whistleblower chose to distribute the secret Russian documents due to anger over Russia's bloody invasion of Ukraine and a desire to see the information reveal some of what is going on inside Russia.

Microsoft has added Security Copilot, a natural language chatbot that can write and analyze code, to its suite of products enabled by OpenAI's GPT-4 generative AI model. Microsoft will release more information through its email updates about when Security Copilot might become generally available.

A misconfiguration in Microsoft's Azure Active Directory could have allowed miscreants to subvert Microsoft's Bing search engine - even changing search results. The team "Spotted several" of these misconfigured apps, including one called Bing Trivia.

Thousands of pages of secret documents reveal how Vulkan's engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company's work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia's foreign intelligence organisation.

A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats. Today, Proofpoint has published a new report on how the threat actor exploits CVE-2022-27926 on Zimbra Collaboration servers to access the communications of NATO-aligned organizations and persons.

Microsoft has shared more information on what malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware.While previously, OneNote warned users that opening attachments could harm their data but still allowed them to open the embedded files tagged as dangerous, after the security improvement rolls out, users will no longer have the choice to open files with dangerous extensions.

The AlienFox toolkit is being hawked on Telegram as a way to compromise misconfigured hosts on cloud services platforms and harvest sensitive information like API keys and other secrets, according to security shop SentinelOne. While the AlienFox scripts can be used against a range of web services, they primarily target cloud-based and software-as-a-service email hosting services, Delamotte wrote.

Internet telephony company 3CX is warning its customers of malware that was apparently weaseled into the company's own 3CX Desktop App by cybercriminals who seem to have acquired access to one or more of 3CX's source code repositories. You bundle in the Electron toolkit and program the bulk of your app in JavaScript, HTML and CSS, as if you were building a website that would work in any browser.

Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU. The crime group created over 100 fake "Phishing" sites targeting users in France, Spain, Poland, the Czech Republic, Portugal, and other European countries, enticing them with products below market prices. Orders placed by the victims didn't correspond to actual purchases, while the threat actors stole credit card details they entered on the phony sites.