Security News

Configure Active Directory securely with LDAP signing and LDAPS requirements, regularly rotate the KRBTGT password and use group-managed service accounts to rotate service account credentials. Enable multi-factor authentication and a strong password policy, augmented by solutions such as Specops Password Policy.

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. "Although the initial vector of compromise is unclear, the details of the next stage imply the use of spear phishing or similar methods," Kaspersky said in a new report.

Why? Bad actors know that SMEs typically have a smaller security budget, less infosec manpower, and possibly weak or missing security controls to protect their data and infrastructure. The good news is you don't have to create your security strategy from scratch.

The rise of QR scan scams: Since October 2022, HP has seen almost daily QR code "Scan scam" campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices - potentially to take advantage of weaker phishing protection and detection on such devices.

The guide, "Protection from web-borne threats starts with Browser Security Platform," details the characteristics and the capabilities of a potential solution, and explains how it compares to other security solutions and why it is needed. The guide calls for the recognition of an emerging security solution category, Browser Security Platform, which provides visibility into the browser's application layer.

It's March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild by different threat actors. "CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB share on a threat actor-controlled server. No user interaction is required," Microsoft explained.

Skyhigh Security has seen firsthand how 33,000 enterprise users have accessed ChatGPT through corporate infrastructures. Almost 7 TB of data has been transacted with ChatGPT through corporate web and cloud assets between Nov 2022 - Feb 2023.

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file," Morphisec said in a report shared with The Hacker News.

Deep fakes are expected to become a more prominent attack vector. Audio deep fakes are created by taking audio files, allocating annotations to the sounds, training an ML model based on the annotations to associate sounds with text and then generating a new audio file.

"These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group said in an advisory. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab noted, adding they "Could affect billions of devices."