Security News > 2024 > April

As a Cyber Security Incident Response Specialist, you will be responsible for the operational IT security of PHOENIX Corporate IT, information security event management and incident response, threat hunting and coordination of mitigation measures. As Information Security Specialist, you will assist in developing information security policies, procedures and necessary documents in compliance with applicable standards and regulations, conduct phishing and social engineering test campaigns, measure key performance indicators to ensure the effectiveness of information security controls.

As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has become increasingly challenging, with issues such as the proliferation of personal devices, the expansion of remote access points, and the potential for security gaps between in-office and remote environments. Issues such as the proliferation of personal devices, the expansion of remote access points, and the potential for security gaps between in-office and remote environments have compounded these challenges.

Demonstrating a sound understanding of cloud security key principles and practices opens various professional opportunities. But first, you need the right mix of technical and soft skills to...

Microsoft has rolled back a fix for a known Outlook issue that was causing incorrect security alerts when opening ICS calendar files after installing the December Outlook Desktop security updates. Affected Microsoft 365 users are seeing unexpected warnings that "Microsoft Office has identified a potential security concern" and that "This location may be unsafe" when double-clicking ICS files saved on their devices.

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. Cisco Talos assesses with moderate confidence that the campaign is a CoralRaider operation, based on similarities in tactics, techniques, and procedures with past attacks attributed to the threat actor.

Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates.Although the April 2024 HU is optional, it also adds support for ECC certificates and Hybrid Modern Authentication for OWA/ECP. If you have installed the March 2024 SU and have not experienced any known issues fixed in the optional update and do not need the new features, you can wait for the next Exchange Server SU, which will also include these hotfixes.

The Treasury Department's Office of Foreign Assets Control has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. Entities at least 50% owned by blocked persons are also subject to freeze, and transactions involving their assets are prohibited without OFAC authorization, while financial institutions and other organizations dealing with sanctioned individuals and companies also risk exposure to sanctions or enforcement actions.

The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. The police discovered several instances of successful breaches of defense companies in South Korea involving the hacking groups Lazarus, Andariel, and Kimsuky, all part of the North Korean hacking apparatus.

The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. The crackdown has begun with 13 individuals and their close families linked to commercial spyware operations.

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. Researchers describe GuptiMiner as "a highly sophisticated threat" that can perform DNS requests to the attacker's DNS servers, extract payloads from images, sign its payloads, and perform DLL sideloading.