Security News

Microsoft is investigating a known issue affecting Outlook for Microsoft 365 users and preventing them from creating Teams meetings using the app's ribbon menu. The Teams Meeting add-in, as its name says, can be found in the Calendar view and it enables Outlook users to schedule a Teams meeting from Outlook.

The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect example of how threat actors can exploit legitimate features and configurations that haven't been correctly set. Discovered by Bobby Rauch, the GIFShell attack technique enables bad actors to exploit several Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and other network monitoring tools.

The survey also reveals agreement among C-suite executives that a shift left security strategy is a burden on dev teams. At the same time, C-suite executives overwhelmingly favor a shift left approach, a strategy of moving software testing and evaluation to earlier in the development lifecycle, placing the burden of compliance on development teams.

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication turned on. The newly discovered security issue impacts versions of the application for Windows, Linux, and Mac and refers to Microsoft Teams storing user authentication tokens in clear text without protecting access to them.

Couchbase announced findings from industry research examining the challenges faced by development teams amid the race to the cloud and to execute on digital transformation initiatives. "The modern business depends on the developer and development agility more than ever before. Development teams are not assisting the business, they are leading it to new frontiers through digital transformation. That's why they need to be given the right resources: be it cloud-based infrastructure, CI/CD friendly tooling and the right training. This is what will ensure success in these times of product-led transformation and growth."

A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs.The new attack scenario, shared exclusively with BleepingComputer, illustrates how attackers can string together numerous Microsoft Teams vulnerabilities and flaws to abuse legitimate Microsoft infrastructure to deliver malicious files, commands, and perform exfiltrating data via GIFs.

GitLab released the results of its annual DevSecOps survey which highlights the continued prioritization of security and compliance, investment in toolchain consolidation, and the ongoing impacts of rapid DevOps adoption. This Help Net Security video reveals how organizations continue to consolidate their DevOps toolchains and processes.

The 2022 survey results highlight security as the highest-priority investment area for organizations, with more than half of security team members stating their organizations have either shifted security left or plan to this year. Security has surpassed even cloud computing as the number one investment area across DevOps teams at global organizations.

If you're considering a third-party audit like SOC 2 or ISO 27001, you should be prepared to answer some tough questions about endpoint security. If you're not sure how you'll answer those questions, then you need Kolide.

The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis. Survey Results: Top Threat Protection Product Pain Points Overlapping capabilities of disparate technologies: 44%. Being able to see the full picture of an attack: 42%. Deployment and maintenance of disparate technologies on one machine: 41%. Lack of forensic information: 40%. Missing reporting capabilities: 25%. Many of the issues smaller teams face with threat protection products are largely attributable to the fact that they're designed for larger organizations with bigger teams and budgets.