Tag: office
-
Anton’s Security Blog Quarterly Q4 2024
by
in SecurityNews
Tags: ai, automation, ciso, cloud, cyber, defense, detection, edr, google, governance, incident response, metric, office, security-incident, siem, soc, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Meta AI creation, steampunk theme Top 10 posts with the most lifetime views (excluding paper announcement blogs): Security Correlation Then…
-
Microsoft Security Update Summary (10. Dezember 2024)
by
in SecurityNewsAm 10. Dezember 2024 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 70 Schwachstellen (CVEs), davon 16 kritische Sicherheitslücken, davon eine als 0-day klassifiziert (bereits ausgenutzt). Nachfolgend findet sich … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/microsoft-security-update-summary-10-dezember-2024/
-
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
by
in SecurityNewsMicrosoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day. Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. 16 vulnerabilities are rated Critical, 54 are rated Important, and…
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
Treasury sanctions Chinese cyber company, employee for 2020 global firewall attack
by
in SecurityNewsThe department’s Office of Foreign Assets Control said Guan Tianfeng used a zero-day exploit to deploy malware on 81,000 firewalls. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-sanctions-chinese-cyber-company-2020-firewall-attack/
-
SPA is for Single-Page Abuse! Using Single-Page Application Tokens to Enumerate Azure
by
in SecurityNewsAuthor: Lance B. Cain Overview Microsoft Azure is a leading cloud provider offering technology solutions to companies, governments, and other organizations around the globe. As such, many entitles have begun adopting Azure for their technology needs to include identity, authentication, storage, application management, and web services. One of the most common methods for organizations to begin…
-
Microsoft 365 outage takes down Office web apps, admin center
by
in SecurityNewsMicrosoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-office-web-apps-admin-center/
-
Court Ruling Provides Clarity on Appeals Against ICO Fines
by
in SecurityNewsThe UK’s privacy regulator the Information Commissioner’s Office has welcomed a Court of Appeal ruling First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/court-clarity-appeals-against-ico/
-
Expect more offensive cyber ops once Trump takes office
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/expect-more-offensive-cyber-ops-once-trump-takes-office
-
Boeing busted by employee over plans to surveil workers, quickly reverses course
by
in SecurityNews
Tags: officeCrashing stock, plummeting reputation, but yeah, of course, let’s focus on office usage First seen on theregister.com Jump to article: www.theregister.com/2024/12/06/boeing_employee_surveillance/
-
Talent overlooked: embracing neurodiversity in cybersecurity
by
in SecurityNewsIn cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there’s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.Neurodiversity refers to the way some people’s brains work differently to the neurotypical brain. This includes autism, ADHD (attention…
-
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
by
in SecurityNewsCybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.”The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook’s spam filters, allowing the malicious emails to reach your inbox,” ANY.RUN said in a series of posts…
-
65% of office workers bypass cybersecurity to boost productivity
by
in SecurityNewsHigh-risk access exists throughout the workplace, in almost every job role, proving that the time has come for organizations to re-think the way they protect their workforce, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/employees-privileged-access-security-risk/
-
Corrupted Microsoft Office Documents Used In Phishing Campaign
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36662/Corrupted-Microsoft-Office-Documents-Used-In-Phishing-Campaign.html
-
SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer
by
in SecurityNewsThreat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials.The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in attacks targeting manufacturing, healthcare, and IT companies in Taiwan.”SmokeLoader, known for its ability to deliver other malicious…
-
Phishers send corrupted documents to bypass email security
Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/03/phishers-send-corrupted-documents-to-bypass-email-security/
-
SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials
by
in SecurityNewsSmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data. First seen on hackread.com Jump to article: hackread.com/smokeloader-malware-ms-office-flaws-browser-data/
-
Data Breaches in the USA in November 2024: 5,266,320 People Impacted
by
in SecurityNewsAnalyzing the Maine Attorney General’s data For November 2024, IT Governance USA’s analysis of the Office of the Maine Attorney General’s data breach notifications found the following: We look at what’s reported to a regulator to help us identify significant real-world trends and patterns. We chose the Office of the Maine Attorney General as this…
-
SmokeLoader Malware Campaign Targets Companies in Taiwan
by
in SecurityNewsSmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/smokeloader-malware-taiwan/
-
Biden-â Harris administration releases roadmap to enhance internet routing
by
in SecurityNewsThe Biden-Harris Administration has taken another step toward improving the nation’s cybersecurity. In September, the White House Office of the Nation… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/biden-harris-administration-releases-roadmap-enhance-internet-routing/
-
VPN für Dummies: Was sie können und wie man sie nutzt
by
in SecurityNewsEgal ob im Home Office oder auf Reisen: Virtuelle Private Netzwerke (VPNs) sind das Mittel der Wahl, wenn es darum geht, sich sicher mit dem Internet … First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/tipps-ratgeber/vpn-fur-dummies-was-sie-konnen-und-wie-man-sie-nutzt/
-
CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability
by
in SecurityNewsWritten by Yann Lehmann and Harish Segar of the Kudelski Security Threat Detection & Research Team Summary On July 11th, Microsoft disclosed a rem… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/07/14/cve-2023-36884-office-and-windows-html-remote-code-execution-vulnerability/
-
Escanor Malware delivered in Weaponized Microsoft Office Documents
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/escanor-malware-delivered-in-weaponized-microsoft-office-documents
-
Copilot: Administratorwissen zum Schutz der Daten
by
in SecurityNewsMicrosoft hat ja damit begonnen, seine AI-Lösung Copilot in Microsoft Office-Anwendungen mit “Auto-Opt-in” an Kunden mit entsprechender Lizenz auszurollen. Administratoren kommt eine besondere Verantwortung zu, was den Schutz von Daten im Unternehmen betrifft. Microsoft hat dazu kürzlich einen Beitrag mit … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/01/copilot-was-administratoren-zum-schutz-der-daten-wissen-sollten/
-
Data Breaches in the USA in September 2024: 3,451,574 People Impacted
by
in SecurityNewsAnalyzing the Maine Attorney General’s data For September 2024, IT Governance USA’s analysis of the Office of the Maine Attorney General’s data breach… First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/data-breaches-in-the-usa-in-september-2024-3451574-people-impacted
-
Data Breaches in the USA in October 2024: 3,088,066 People Impacted
by
in SecurityNewsAnalyzing the Maine Attorney General’s data For October 2024, IT Governance USA’s analysis of the Office of the Maine Attorney General’s data breach n… First seen on itgovernanceusa.com Jump to article: www.itgovernanceusa.com/blog/data-breaches-in-the-usa-in-october-2024-3088066-people-impacted
-
Achtung: CoPilot in Office-Apps standardmäßig aktiviert
by
in SecurityNewsMicrosoft hat wohl Updates der Office-Apps in Microsoft 365 ausgerollt, bei denen standardmäßig ein Opt-In in CoPilot aktiviert ist. Damit werten Word oder Excel Dokumente standardmäßig aus, um die AI-Modelle zu trainieren. Nutzer tun gut daran, sofern möglich, diese Option … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/28/achtung-copilot-in-office-apps-standardmaessig-aktiviert-abschalten/
-
APT60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
by
in CISOThe threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August…
-
The workplace has become a surveillance state
by
in SecurityNews
Tags: officeCracked Labs report explores the use of motion sensors and wireless networking kit to monitor offices First seen on theregister.com Jump to article: www.theregister.com/2024/11/27/workplace_surveillance/