Security News > 2023 > October

Microsoft OneDrive for Business has been redesigned and has a new upgrade roadmap, which includes the Copilot natural language AI assistant, Microsoft announced on October 3. New layout and features are now visible in Microsoft OneDrive for Business.

Cisco has issued a security advisory about a vulnerability in its Emergency Responder software that would allow an unauthenticated remote attacker to log in to an affected device using the root account. Cisco Emergency Responder is designed to work with Cisco Unified Communications Manager to ensure that emergency calls get routed to a location-appropriate Public Safety Answering Point.

Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions. One of these PoC exploits, confirmed as working by vulnerability and exploit expert Will Dormann, was released by independent security researcher Peter Geissler earlier today.

Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons. The campaign spotted by EclecticIQ focuses on firms based in Taiwan, Hong Kong, and Singapore, with the observed TTPs bearing similarities to previous activities linked to Chinese state-backed threat groups.

Apple has demonstrated that it can more than hold its own among the tech giants, at least in terms of finding itself on the wrong end of zero-day vulnerabilities. iOS and iPadOS have again come under attack, and Apple has rushed out a fix to ward off miscreants.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations. "These teams have assessed the security posture of many networks across the Department of Defense, Federal Civilian Executive Branch, state, local, tribal, and territorial governments, and the private sector," the NSA said.

Amazon will require all privileged AWS accounts to use multi-factor authentication for stronger protection against account hijacks leading to data breaches, starting in mid-2024.Amazon has been offering free MFA security keys for eligible AWS customers in the United States since 2021 and added more flexible MFA options on the platform in November 2022, allowing the registration of up to 8 MFA devices per account.

IBM has unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts, helping to accelerate security response timelines for clients. The managed services are delivered by IBM Consulting's global team of security analysts via IBM's advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company's vast global security network - helping automate away the noise while quickly escalating critical threats.

A new, redesigned, and faster Microsoft Teams application is generally available for all Windows and macOS users starting today. As revealed when the new Teams was made available as a preview release in March, the new client will launch three times faster, enabling users to switch between chats and channels up to 1.7 times faster than the Classic Teams app.

Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data.In response to the situation and to determine the impact on customer data, Lyca Mobile says it has launched an urgent investigation that involves third-party IT experts.