Security News

A new QBot malware campaign dubbed "QakNote" has been observed in the wild since last week, using malicious Microsoft OneNote'. Qbot is a former banking trojan that evolved into malware that specializes in gaining initial access to devices, enabling threat actors to load additional malware on the compromised machines and perform data-stealing, ransomware, or other activities across an entire network.

Microsoft announced on Tuesday a new version of its Bing search engine powered by a next-generation OpenAI language model more powerful than ChatGPT and specially trained for web search. "Today, we're launching Bing and Edge powered by AI copilot and chat, to help people get more from search and the web."

Microsoft is investigating and working on addressing an ongoing outage affecting the company's Outlook webmail service. According to information shared via the company's Microsoft 365 Status Twitter account, Redmond is performing targeted restarts to portions of the infrastructure impacted by a recent change.

An Iranian nation-state group sanctioned by the U.S. government has been attributed to the hack of the French satirical magazine Charlie Hebdo in early January 2023. Two Iranian nationals have been accused for their role in the disinformation and threat campaign.

Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers' personal information is none other than a Tehran-backed gang. On January 4, a previously unknown cyber-crime group that called itself Holy Souls claimed to have stolen a Charlie Hebdo database containing 230,000 customers' names, email addresses, phone numbers, addresses, and financial information, and offered it for sale for about $340,000.

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Enterprise firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone.

Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite. They are displayed during the Windows Out of Box Experience before loading the Windows desktop.

Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins. NET-based malware and embedding it into the Office add-in.

Microsoft says the KB5021751 update is respecting users' privacy while identifying the number of customers running Office versions that are outdated or approaching their end of support. It will only be installed on systems where one of the following Microsoft Office versions is also present: Office 2013, Office 2010, or Office 2007.

Microsoft this week rolled out fixes to issues caused by security updates released in December 2022 that botched how XPS documents are displayed in various versions of. Some users who installed the security updates for those developer platforms saw problems with how Windows Presentation Foundation applications rendered XPS documents.