Security News > 2023 > October

A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity. The malware is a backdoor with a variety of functions that let it manage plugins and hide itself from active ones on the compromised websites, replace content, or redirect certain users to malicious locations.

The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance. BianLian claims to have exfiltrated technical and operational data spanning from 2008 to 2023, including details about the company's technical and security challenges, SQL backups, personal information of employees, data regarding vendors and suppliers, confidential documents, and archives from company databases.

A US Navy service member pleaded guilty yesterday to receiving thousands of dollars in bribes from a Chinese spymaster in exchange for passing on American military secrets. Petty Officer Wenheng Zhao, 26, aka Thomas Zhao, of Monterey Park, California, now faces up to 20 years in prison for two federal felony offenses: conspiring with a People's Republic of China intelligence officer, and receiving a bribe.

Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview.According to Microsoft, Defender for Endpoint now prevents attackers' lateral movement attempts within victims' on-premises or cloud IT infrastructure by temporarily isolating the compromised user accounts they might exploit to achieve their objectives.

Microsoft is investigating Exchange Online mail delivery issues causing "Server busy" errors and delays when receiving emails from outside organizations. According to user reports online, the Exchange Online problems started this morning, affecting Microsoft 365 customers worldwide, across the Americas, Europe, and Asia.

The ACCC has given the green light for cross-banking collaboration to address scams. 1.5 billion came from investment scams, with remote access scams and payment redirection scams rounding out the top three.

Windows Server 2012 and multiple editions of Windows 11, version 21H2, have reached the end of support with this month's Patch Tuesday.Even though Windows Server 2012's mainstream support ended more than four years ago in October 2018, Microsoft extended the end date for extended support by five years to provide customers additional time to transition to newer, supported versions of Windows Server.

That's according to the latest results of IANS' survey of 600 US-based CISOs, which also found that most people working in the role are either earning below $400,000 or above $700,000 a year. One in five of all CISOs earn above $700,000 and half of these corporate rockstars are paid more than $1 million a year.

Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. Today, Microsoft Threat Intelligence analysts shared more information about Storm-0062's involvement in CVE-2023-22515's exploitation and posted four offending IP addresses on a thread on Twitter.

In this post I'm going to focus specifically on data security and how your team can ensure a safe Copilot rollout. Microsoft relies heavily on sensitivity labels to enforce DLP policies, apply encryption, and broadly prevent data leaks.