Tag: daily cybersecurity news

Microsoft Urges Customers to Secure On Premises Exchange Servers
Risk, Security

Microsoft Urges Customers to Secure On Premises Exchange Servers

Microsoft advises users to maintain their Exchange servers up to date as well as take precautions such as turning on Windows Extended Protection and setting up the certificate-based signing of PowerShell serialization payloads. The software giant's Exchange Team stated in a post that attackers attempting to target unpatched Exchange servers would not stop. The value of unpatched on-premises Exchange infrastructure to hostile actors attempting to steal data or carry out other wrongdoing is too great. Microsoft also noted that the mitigations it has released are only a temporary fix and may "become insufficient to guard against all permutations of an attack," requiring users to apply the required security updates in order to secure the servers read the complete article Microsoft Urges...
Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery
Resources, Risk, Security

Microsoft to Block Excel XLL Add-Ins to Stop Malware Delivery

To stop phishing attacks that use these kinds of lures, Microsoft has announced plans to automatically block all XLL add-in files downloaded from the internet for its Office 365 clients. The software juggernaut has acknowledged it aims to carry out these strategies by March 2023 in a post on its Microsoft 365 roadmap page. "We are putting in place safeguards that will block XLL add-ins coming from the internet in order to counteract the rising number of malware attacks in recent months," the statement reads. According to Dave Storie, an engineer at Lares Consulting who specializes in adversarial collaboration, threat actors have long leveraged Microsoft add-in abuse as a means of executing malicious code read the complete article Microsoft to Block Excel XLL Add Ins to Stop Malwa...
ChatGPT popularity raises cybersecurity concerns
Availability, Resources, Risk, Security

ChatGPT popularity raises cybersecurity concerns

As ChatGPT becomes popular, it also brings up important cybersecurity issues, such as hackers utilizing the chatbot to create phishing emails and codes. Regarding the possible threats related to ChatGPT, security professionals have expressed both concern and hope in equal measure. In November 2022, OpenAI released ChatGPT (Generative Pre-Trained Transformer), an AI-driven chatbot that can understand and produce human-written text or natural language. It is a technology that learns how to produce text that is reminiscent of human conversation by being educated on massive volumes of text data using the Transformer algorithm. ChatGPT, dubbed the "smartest chatbot ever developed," can produce text responses that resemble those of real people in response to commands read the complete art...
Canada cybersecurity chief warns about data-harvesting apps as concerns grow over TikTok
Risk, Security

Canada cybersecurity chief warns about data-harvesting apps as concerns grow over TikTok

The top cybersecurity official in Canada has urged Canadians to use applications with caution because they may put their data in the "wrong hands." The warning comes as TikTok, a social networking app controlled by China, is being accused of collecting user data. The Canadian electronic surveillance agency is on the lookout for security risks from Tik Tok, according to Prime Minister Justin Trudeau's statement from last month. Republican senators in the neighbouring US tried to outlaw TikTok earlier this month. Tik To is hugely popular in both the US and Canada and has supposedly over a billion members globally. Do they require access to that information, is the question you must ask yourself read the complete article Canada cybersecurity chief warns about data harvesting apps as co...
Riot Games Halts Work After Cyber Attack
Risk, Security

Riot Games Halts Work After Cyber Attack

A well-known gaming company in California has acknowledged that a significant cyber-attack on its servers has stopped all upgrades. Riot Games, which is owned by Tencent and creates well-known games like League of Legends and Valorant, provided a concise explanation of what transpired on Friday in a series of tweets. Earlier this week, a social engineering attack led to the vulnerability of systems in our development environment. The statement read, "At this time, we don't have all the answers, but we wanted to reach out to you early to let you know that there is no evidence that player data or personal information was obtained. We regret that this has temporarily hampered our capacity to publish content. While our staff is putting great effort towards a fix read the complete art...
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud
Resources, Risk, Security

Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two security holes have been identified in Samsung's Galaxy Store programme for Android, which a local attacker might use to instal arbitrary apps covertly or lead potential victims to bogus landing pages online. The vulnerabilities were found by NCC Group and reported to the South Korean chaebol in November and December 2022. They were tracked as CVE-2023-21433 and CVE-2023-21434.  The updates were included in version 4.5.49.8, which was published earlier this month, and Samsung categorized the bu...