Security News > 2024 > July

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. The cybersecurity company is tracking the "Crafty" phishing and downloader campaign under the name OneDrive Pastejacking.

A huge phishing campaign exploited a security blind-spot in Proofpoint's email filtering systems to send an average of three million "Perfectly spoofed" messages a day purporting to be from Disney, IBM, Nike, Best Buy, and Coca-Cola - all of which are Proofpoint customers. Guardio dubbed the campaign EchoSpoofing - because the spam was "Echoed" from email relay servers owned and operated by Proofpoint itself.

A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "Several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. "A malicious actor with sufficient Active Directory permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group after it was deleted from AD," Broadcom-owned VMware noted in an advisory released in late June 2024.

Although endpoint anti-malware and other security controls are now standard at the operating system level, keeping all endpoint software up-to-date and secure remains an open issue for many organizations. Having worked with many enterprise security software, I noticed that established market players tend to accumulate substantial technical debt, which translates into bloated endpoints that spawn several processes and services bolted together as new functionalities get added, ultimately noticeably hitting endpoint performance and hampering employee productivity.

Geyer also addresses the challenges and solutions for securing remote access to critical OT assets. The trend of connecting previously isolated OT assets to public networks is driven by several factors, including the need for real-time data analysis, remote management, operational efficiency, and improved decision-making.

Opting for a safer or more secure language or language subset during implementation can eliminate entire categories of vulnerabilities. What do professionals think about secure programming languages? We asked a CEO involved with secure systems design and an experienced software engineer to discuss secure programming languages, and the NIST list.

Healthcare organizations continue to put their business and patients at risk of exposing their most sensitive data, according to Metomic. While publicly shared files that contain highly sensitive data pose the biggest risk for healthcare organizations and underscore the need for data security and DLP tools, many of the access permissions for private files are never updated or removed.

Legislation for an internet "Kill switch" will reach Malaysia's Parliament in October, according to the country's minister for Law and Institutional Reform. She did write that the government wants social media platform providers and internet messaging services to take more responsibility for the role their products play in online crimes such as fraud, child sexual abuse material, sexual harassment and solicitation, plus bullying.

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.

Reducing costs is the biggest priority for Australian SMEs. Due to increasing costs and higher interest rates in the Australian market, SME leaders were found to be seeking "Growth without additional cost," the report said, in an effort to drive productivity enhancements through technology optimisation rather than through more spending.