Security News > 2023 > April

Microsoft has announced plans to automatically block embedded files with "Dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery. Microsoft said it intends to prevent users from directly opening an embedded file with a dangerous extension and display the message: "Your administrator has blocked your ability to open this file type in OneNote."

Giorgos highlights the company's customizable technology, which can be tailored to meet the unique needs of different organizations, as well as the security measures that Elemendar takes to protect the data processed by their AI technology. That's because, to use CTI as structured, machine-readable data in a defensive system, you need to translate it from a human-readable form into a machine-readable one: the greatest benefit from cyber threat intelligence comes with higher-level information that is expressed in human-readable forms, because a human wrote it in the first place.

The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. The backdoor's links to North Korea stem from the fact that it "Co-existed on victim machines with AppleJeus, a backdoor attributed to the Korean-speaking threat actor Lazarus," detailing an attack on an unnamed crypto firm located in Southeast Asia in 2020.

68% of data security professionals have identified shadow data as their top concern when it comes to protecting cloud data. While security teams are confident that they have complete visibility into new public cloud data repositories, 93% are concerned about shadow data, up 11% from the year before, and 68% of respondents say it is the greatest challenge in protecting cloud data.

To strengthen their cybersecurity posture, companies must spend valuable resources on maintaining or updating systems, hiring and training staff, and implementing security software - resources and options that many don't have readily available. For businesses, security breaches risk not only exposure to customer data and a decrease in trust, but also losses in revenue if systems are taken offline through attacks such as DDoS. "The findings in this report show that SMBs have specific needs and pain points, particularly when it comes to hiring and having dedicated security employees," said Tyler Healy, VP of Security at DigitalOcean.

Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices. In an interview with The Register this month, Chen and Xia demonstrated two separate NUIT attacks: NUIT-1, which emits sounds to exploit a victim's smart speaker to attack the same victim's microphone and voice assistant on the same device, and NUIT-2, which exploits a victim's speaker to attack the same victim's microphone and voice assistant on a different device.

The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries. Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.

Uber has had more of its internal data stolen from a third party that suffered a security breach. Uber did not respond to The Register's question about how many of its drivers had their records stolen.

Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. The criminals behind these cryptocurrency fraud scams approach their victims via various dating platforms, messaging apps, or social media platforms, build trust, and introduce them to investment schemes which eventually allow them to empty the targets' crypto wallets.

The answer, our researchers discovered, is that so-called active adversaries might be able to shake loose at least some queued-up data from at least least some access points. The researchers figured out various ways of tricking some access points into releasing those queued-up network packets.