Security News > 2023 > March

Malicious actors can take advantage of "Insufficient" forensic visibility into Google Cloud Platform to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response firm Mitiga said in a report.

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.Patches for the flaw - which affects a wide variety of MS Office and SharePoint versions, Microsoft 365 Apps for Enterprise and other products - have been released by Microsoft last month.

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The underlying idea is that the physical effects introduced as a result of a cryptographic implementation can be used to decode and deduce sensitive information, such as ciphertext and encryption keys.

In today's digital age, cybersecurity and privacy have become major concerns for internet users. With the press of a button, DuckDuckGo Privacy Essentials offers seamless protection from most 3rd-party trackers while you search and browse, access to tracking protections for emails you receive, and much more.

Currently there's no shortage of advice telling CIOs to put security first and increase IT security purchases to counter the heightened cyber threat landscape. Knowing where hardware and software inventory is located and how it is protected makes it possible to identify misconfigurations and address potential security gaps.

Recently, Claroty released its State of XIoT Security Report, which shares analyses of publicly disclosed vulnerabilities affecting operational technology, internet of things devices, and most recently, the internet of medical things. In this Help Net Security video, Nadav Erez, VP of Data at Claroty, discuss these findings and the critical need to understand the XIoT risk and vulnerability landscape.

92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov. 92% of the apps leaked valuable, exploitable secrets and 23% of the apps leaked extremely sensitive secrets.

It appears that's not the case in the cyber criminal underground, according to Trend Micro, which recently published a study in which it claims at least 30 percent - if not more - of cyber criminal forum users are women. For its study, Trend Micro looked at five English-language cyber crime forums: Sinister, Cracked, Breached, Hackforums and Raidforum.

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, we first need to explain how we got here.

Microsoft is testing a new and modern-looking Windows 11 volume mixer accessible via the taskbar Quick Settings panel that helps adjust the volume on a per-app basis and switch between audio devices. Testers need to open the Quick Settings panel to access it after clicking the volume icon in the Windows tray or use the new global keyboard shortcut for even faster control.