Security News > 2023 > March

Microsoft will introduce improved protection against phishing attacks pushing malware via malicious Microsoft OneNote files.To thwart phishing attacks using malicious Microsoft OneNote attachments, you can set up secure mail gateways or mail servers to automatically block OneNote documents with.

An elephant uses its right-of-way privileges to stop sugar-cane trucks and grab food.

What we didn't know, even as this case was grinding through the New York judicial system, was that SHEIN was adding some curious code to its Android app that turned it into a basic sort of "Marketing spyware tool". We then performed a dynamic analysis by running the app in an instrumented environment to observe the code, including how it read the clipboard and sent its contents to a remote server.

A newly discovered Golang-based botnet malware scans for and infects web servers running phpMyAdmin, MySQL, FTP, and Postgres services. According to researchers with Palo Alto Networks' Unit 42, who first spotted it in the wild and dubbed it GoBruteforcer, the malware is compatible with x86, x64, and ARM architectures.

According to the Monetary Authority of Singapore, trade barriers between US and China have resulted in geoeconomic fragmentation and will likely result in slower global growth and higher inflation. Speaking at the at the IMAS-Bloomberg Investment Conference on Thursday, MAS managing director Ravi Menon said tensions between the US and China have not only affected the two countries, but global trade patterns and supply chains as well.

A suspected North Korean hacking group is targeting security researchers and media organizations in the U.S. and Europe with fake job offers that lead to the deployment of three new, custom malware families. Mandiant says the particular group has previously targeted tech firms, media groups, and entities in the defense industry.

Over 60% of organizations have been operating in a cloud environment for three or more years, but technical complexities and maintaining comprehensive security still hamper their cloud migration efforts, according to the 2023 State of Cloud-Native Security Report. In the report, the ideal cloud security solution is scalable and able to handle immediate security needs and additional use cases as the company expands cloud applications and uses.

CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild. The flaw was found in the XStream open-source library used by vulnerable VMware products and has been assigned an almost maximum severity score of 9.8/10 by VMware.

Cloud software provider Blackbaud has agreed to pay $3 million to settle charges brought by the Securities and Exchange Commission, alleging that it failed to disclose the full impact of a 2020 ransomware attack that affected more than 13,000 customers. To settle the SEC's charges, Blackbaud has agreed to pay a $3 million civil penalty for failing to disclose the full scope of the cyber attack.

Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse.