Tag: office
-
Enhance Microsoft security by ditching your hybrid setup for Entra-only join
by
in SecurityNews
Tags: ai, authentication, business, cloud, compliance, conference, credentials, email, firewall, group, identity, infrastructure, intelligence, Internet, microsoft, network, ntlm, office, powershell, risk, service, switch, technology, tool, vpn, windowsArtificial intelligence is top of mind for nearly everything Microsoft is doing these days, but there’s another goal the company would like to see its users strive to attain, one that may not be easily obtained, and that’s to be Entra-joined only.That means no more Active Directory (AD) and no more traditional domain: instead, your…
-
Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight
by
in SecurityNews
Tags: access, ai, authentication, best-practice, business, china, cisa, cisco, cloud, computer, control, cyber, cybersecurity, data, data-breach, email, extortion, finance, framework, fraud, google, government, guide, hacker, identity, incident, incident response, infrastructure, intelligence, international, Internet, jobs, korea, kubernetes, law, lessons-learned, linux, login, malicious, microsoft, mobile, monitoring, network, north-korea, office, password, regulation, risk, risk-management, russia, service, software, tactics, technology, threat, tool, updateCheck out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges. Dive…
-
Managing Threats When Most of the Security Team Is Out of the Office
by
in SecurityNewsDuring holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/managing-threats-when-security-on-vacation
-
UK ICO Criticizes Google Advertising Policy Update
by
in SecurityNewsData Protection Authority Says Change Isn’t Green Light for Device Fingerprinting. The U.K. data regulator blasted Google Thursday for a changes to policies governing online advertising the government agency says amount to bestowing permission to track users by the indelible fingerprint of their devices. Businesses do not have free rein to use fingerprinting, the office…
-
Microsoft 365 users hit by random product deactivation errors
by
in SecurityNewsMicrosoft is investigating a known issue randomly triggering “Product Deactivated” errors for customers using Microsoft 365 Office apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-365-users-hit-by-random-product-deactivation-errors/
-
We told Post Office about system problems at the highest level, Fujitsu tells Horizon Inquiry
by
in SecurityNews
Tags: officeState-owned retail company was not subordinate to Japanese multinational in technical matters, legal rep says First seen on theregister.com Jump to article: www.theregister.com/2024/12/18/we_told_post_office_about/
-
Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment”
by
in SecurityNewsCybersecurity firm Recorded Future has been listed as an “undesirable” organization by the Prosecutor General’s Office of the Russian Federation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/recorded-future-russia-undesirable/
-
IAM Predictions for 2025: Identity as the Linchpin of Business Resilience
by
in SecurityNews
Tags: access, ai, apple, attack, authentication, banking, breach, business, cloud, compliance, corporate, credentials, crime, data, deep-fake, detection, finance, iam, identity, malicious, microsoft, mobile, office, passkey, password, privacy, regulation, resilience, risk, service, supply-chain, theft, threat, tool, vulnerabilityIAM Predictions for 2025: Identity as the Linchpin of Business Resilience madhav Thu, 12/19/2024 – 05:33 As we look toward 2025, the lessons of 2024 serve as a stark reminder of the rapidly evolving identity and access management (IAM) landscape. The numbers tell the story: The latest Identity Theft Resource Center report indicates that consumers…
-
Moscow lists Recorded Future as ‘undesirable’ organization
by
in SecurityNewsRussia’s Prosecutor General’s Office declared Record Future “undesirable,” a designation prohibits Russians from working with the cybersecurity company.]]> First seen on therecord.media Jump to article: therecord.media/recorded-future-undesirable-russia-prosecutor-general
-
New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials
by
in SecurityNewsThe VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. Delivered as attachments disguised as archives or Microsoft 365 files, it employs malicious Microsoft Office documents to spread through command-and-control (C2) infrastructure. It targets sensitive data, including login credentials, financial information, system data, and personally identifiable information, posing a significant…
-
That cheap webcam? HiatusRAT may be targeting it, FBI warns
by
in SecurityNewsWebcams have been a key part of business and home offices everywhere, especially since the COVID pandemic hit. But they are not often high-quality products, especially if used only sporadically, as many consumers and remote workers are content with a cheap one from China. This not only causes regular hardware problems, but it can also be…
-
Playbook advises federal grant managers how to build cybersecurity into their programs
by
in SecurityNewsThe guidance comes from the Office of the Director of National Cybersecurity and the Cybersecurity and Infrastructure Security Agency. First seen on cyberscoop.com Jump to article: cyberscoop.com/playbook-advises-federal-grant-managers-how-to-build-cybersecurity-into-their-programs/
-
XDR provider Arctic Wolf buys BlackBerry’s Cylance suite
by
in SecurityNews
Tags: ai, business, ceo, ciso, cybersecurity, detection, edr, endpoint, government, infrastructure, office, phone, risk, service, soc, technologyUS provider Arctic Wolf has struck a deal to buy BlackBerry’s Cylance endpoint security suite, which it will integrate into its Aurora extended detection and response (XDR) platform.Arctic Wolf said this morning that if the deal is approved by regulators, the company will be able to offer one of the largest open XDR security platforms…
-
Security leaders top 10 takeaways for 2024
by
in SecurityNews
Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerabilityThis year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…
-
Rhode Island says personal data likely breached in social services cyberattack
by
in SecurityNewsState officials said hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state’s online portal for social services, with a “high probability” that personally identifiable information was breached. According to an update from Governor Dan McKee’s office, the attack targeted RIBridges, which Rhode Island residents use to apply for…
-
Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action
by
in SecurityNewsGermany’s Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.In a statement published earlier this week, authorities said they severed the communications between the devices and their command-and-control (C2) servers by sinkholing the domains…
-
German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox
The German agency BSI has sinkholed a botnet composed of 30,000 devices shipped with BadBox malware pre-installed. The Federal Office for Information Security (BSI) announced it had blocked communication between the 30,000 devices infected with the BadBox malware and the C2. The devices were all located in Germany, they were all using outdated Android versions. >>The Federal…
-
Germany blocks BadBox malware loaded on 30,000 Android devices
Germany’s Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/germany-blocks-badbox-malware-loaded-on-30-000-android-devices/
-
Germany cuts hacker access to 30,000 devices infected with BadBox malware
Germany’s Federal Office for Information Security (BSI) blocked communication between the infected devices, which are typically Android products such as smartphones, tablets and streaming boxes sold through online retailers or resale sites, and the criminals’ control servers.]]> First seen on therecord.media Jump to article: therecord.media/germany-hacker-access-malware-cut
-
Germany sinkholes BadBox malware pre-loaded on Android devices
Germany’s Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/germany-sinkholes-badbox-malware-pre-loaded-on-android-devices/
-
Nigerian Cyber Criminal Extradited to Nebraska for Multi-Million Dollar Fraud Scheme
by
in SecurityNewsAbiola Kayode, a 37-year-old Nigerian national, was extradited to Nebraska facing charges related to a massive wire fraud scheme, the United States Attorney’s Office for the District of Nebraska announced Wednesday. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/abiola-kayode-wire-fraud-charges/
-
Experts Call for Overhaul of National Cyber Director Role
by
in SecurityNewsCybersecurity Experts Push for Clearer Mission, Expanded Authority, More Resources. Cybersecurity experts are urging a revamp of the Office of the National Cyber Director. The Center for Cybersecurity Policy and Law says the office needs a clearer mission, more resources and the authority to lead cybersecurity policy for other government agencies to bolster U.S. cyber…
-
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
by
in SecurityNews
Tags: api, application-security, attack, cve, exploit, flaw, injection, malicious, microsoft, mitigation, office, programming, software, switch, technology, tool, vulnerability, windowsSecurity researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows.The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set.However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation at Black…
-
Something to Read When You Are On Call and Everyone Else is at the Office Party
by
in SecurityNewsIts mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/something-to-read-when-you-are-on-call-and-everyone-else-is-at-the-office-party/
-
Malware-Explosion: Windows-Ziele im Fokus
by
in SecurityNewsEin aktuelles Security-Bulletin meldet 2024 täglich 467.000 neue Schaddateien ein Plus von 14 Prozent. Trojaner nahmen um 33 Prozent zu, Trojan-Dropper um 150 Prozent. Sechs Prozent der Schadsoftware stammten aus MS-Office-Dokumenten, 93 Prozent der Angriffe zielten auf Windows. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/malware-explosion-windows-ziele-im-fokus/
-
Malware trickst Sicherheitslösungen mit beschädigten Dateien (ZIP, Office) aus
by
in SecurityNewsDie Betreiber von ANY.RUN sind auf eine neue Angriffswelle bzw. SPAM-Kampagne gestoßen, die für 0-Day-Angriffe ausgenutzt werden könnte. Beschädigte ZIP-Archive oder kaputte Office-Dokumente sollen SPAM-Filter und Sicherheitslösungen austricksen, so dass entsprechende Phishing-Mails im Postfach landen. ANY.RUN-Beobachtung einer Kampagne ANY.RUN ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/12/beschaedigte-dateien-zip-office-tricksen-sicherheitsloesungen-aus/
-
Patchday: Microsoft Office Updates (10. Dezember 2024)
by
in SecurityNewsAm 10. Dezember 2024 (zweiter Dienstag im Monat, Microsoft Patchday) hat Microsoft mehrere sicherheitsrelevante Updates für Microsoft Office 2016, sowie die C2R-Varianten (Office 2016-2021 und 365) und andere Produkte veröffentlicht. Nachfolgend finden Sie eine Übersicht über die verfügbaren Updates. Eine … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/12/patchday-microsoft-office-updates-10-dezember-2024/
-
US sanctions Chinese cybersecurity firm over global malware campaign
by
in SecurityNews
Tags: attack, breach, china, computer, control, corporate, credentials, cve, cyber, cyberattack, cybersecurity, email, encryption, exploit, finance, firewall, fraud, government, group, healthcare, identity, infection, infrastructure, intelligence, international, malicious, malware, monitoring, network, office, password, ransomware, risk, service, software, sophos, technology, terrorism, threat, tool, vulnerability, zero-dayThe US government has imposed sanctions on Chinese cybersecurity firm Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, for their alleged involvement in a 2020 global cyberattack that exploited zero day vulnerabilities in firewalls.The actions were announced by the US Department of the Treasury and the Department of Justice (DOJ), which also…