Tag: office
-
Top 12 US cities for cybersecurity job and salary growth
Tags: access, ai, apple, attack, blockchain, business, country, crowdstrike, cyber, cybersecurity, data, defense, finance, fintech, government, group, infrastructure, insurance, iot, jobs, metric, microsoft, nvidia, office, okta, privacy, software, startup, strategy, supply-chain, technology, training, warfareWhile major hubs like San Francisco naturally come to mind, and perform well based on the metrics we evaluated, there are many lesser-known cities that may be just as promising, if not more. These emerging destinations can offer easier access to job opportunities, more sustainable career paths, higher pay, and a lower cost of living.Here’s…
-
SideWinder APT Hackers Exploits Legacy Office Vulnerabilities to Deploy Malware Undetected
Tags: apt, credentials, cyber, exploit, government, hacker, malware, microsoft, military, office, threat, vulnerabilityThe Acronis Threat Research Unit (TRU) has revealed an advanced campaign believed to be orchestrated by the SideWinder advanced persistent threat (APT) group. This operation, running through early 2025, has primarily targeted high-value government and military institutions across Sri Lanka, Bangladesh, and Pakistan, exploiting unpatched legacy Microsoft Office vulnerabilities to deploy credential-stealing malware while evading…
-
New Phishing Attack Uses AES Malicious npm Packages to Office 365 Login Credentials
Fortra’s Suspicious Email Analysis (SEA) team uncovered a highly sophisticated phishing campaign targeting Microsoft Office 365 (O365) credentials. Unlike typical phishing attempts, this attack stood out due to its intricate use of modern technologies and developer infrastructure. The threat actors employed a multi-layered strategy involving AES (Advanced Encryption Standard) encryption, malicious npm (Node Package Manager)…
-
Summer Cyberattacks
Why the Heat Brings a Surge in Credential-Based Threats Summer is synonymous with vacations, long weekends, and out-of-office replies”, but it’s also peak season for cybercrime. As security teams scale back and employees unplug, attackers ramp up their efforts. Summer cyberattacks are a growing concern for organizations, particularly those managing identity systems like Active Directory…
-
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.”The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas…
-
Mai 2025-Patchday: Tenable Einschätzung zu Schwachstellen
Zum 13. Mai 2025 hat Microsoft ja zahlreiche Sicherheits-Updates für Windows, Office und weitere Produkte veröffentlich. Ich hatte zeitnah einen kurzen Überblick über die adressierten Schwachstellen gegeben. Sicherheitsanbieter Tenable hat mir im Nachgang noch deren Einschätzung zu den Sicherheitslücken übermittelt, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/17/mai-2025-patchday-einschaetzung-zu-schwachstellen/
-
OPM urged to continue identity protection contracts shielding people affected by 2015 hack
Sen. Mark Warner said the Office of Personnel Management must maintain ID protection services for millions of people whose data was stolen in a massive 2015 data breach at the agency. First seen on therecord.media Jump to article: therecord.media/opm-federal-employee-data-protection-contracts-2015-hack-warner
-
OPM urged to continue identity protection contracts shielding people affected by 2015 hack
Sen. Mark Warner said the Office of Personnel Management must maintain ID protection services for millions of people whose data was stolen in a massive 2015 data breach at the agency. First seen on therecord.media Jump to article: therecord.media/opm-federal-employee-data-protection-contracts-2015-hack-warner
-
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT.”Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents,” Qualys security researcher Akshay Thorve said in a technical report. “The attack chain leverages…
-
Ban sales of gear from China’s TP-Link, Republican lawmakers tell Trump administration
Senate Intelligence Committee Chairman Tom Cotton and 16 other GOP lawmakers wrote this week to Commerce Secretary Howard Lutnick, saying his department should block future sales of TP-Link’s popular small office/home office (SOHO) internet routers. First seen on therecord.media Jump to article: therecord.media/republican-lawmakers-call-for-tp-link-ban
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
Alabama state government says cyber incident’s effects are limited, but response continues
The state’s Office of Information Technology (OIT) said it has called in two incident response teams for around-the-clock mitigation following a “cybersecurity event” discovered last week. First seen on therecord.media Jump to article: therecord.media/alabama-state-government-cyber-incident
-
Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including five zero-day flaws. Microsoft Patch Tuesday security updates addressed 75 security vulnerabilities in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Nuance PowerScribe, Remote Desktop Gateway Service, and Microsoft Defender. Of the flaws fixed by the…
-
Critical Microsoft Office Vulnerabilities Enable Malicious Code Execution
Microsoft has addressed three critical security flaws in its Office suite, including two vulnerabilities rated Critical and one Important, all enabling remote code execution (RCE) via use-after-free memory corruption weaknesses. These vulnerabilities, disclosed between March and May 2025, expose systems to attacks where malicious actors could execute arbitrary code by enticing users to open specially…
-
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
5Critical 66Important 0Moderate 0Low Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild. Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important. This month’s update includes patches for: .NET, Visual Studio, and Build Tools for Visual Studio Active…
-
Copyright office criticizes AI ‘fair use’ before director’s dismissal
The register of copyrights cast serious doubt on whether AI companies could legally train their models on copyrighted material. The White House fired her the next day. First seen on cyberscoop.com Jump to article: cyberscoop.com/us-copyright-office-ai-report-firing-fair-use-debate/
-
Microsoft Security Update Summary (13. Mai 2025)
Microsoft hat am 13. Mai Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 71 Schwachstellen (CVEs), sieben davon wurden als 0-day klassifiziert. Fünf Schwachstellen wurde bereits angegriffen. Nachfolgend findet sich ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/13/microsoft-security-update-summary-13-mai-2025/
-
AI copyright suits to be affected by Copyright Office stance
Federal report findings could weaken GenAI vendors’ fair use positions in copyright suits. First seen on techtarget.com Jump to article: www.techtarget.com/searchenterpriseai/news/366623821/AI-copyright-suits-to-be-affected-by-copyright-office-stance
-
Microsoft Patch Tuesday Release Fixes ‘Unusual’ Number Of Office Bugs: Researcher
While the total number of vulnerabilities addressed in the monthly release of Microsoft security updates is modest, there’s a comparatively high number of Office-related bugs fixed in the release, writes Trend Micro’s Dustin Childs. First seen on crn.com Jump to article: www.crn.com/news/security/2025/microsoft-patch-tuesday-release-fixes-unusual-number-of-office-bugs-researcher
-
Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day
Microsoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its software portfolio, including Windows, Microsoft Office, Azure, and Visual Studio. Microsoft patched a total of 72 vulnerabilities, including 29 related to Remote Code Execution, 18 to Elevation of Privilege, 14 to Information Disclosure, 7 to Denial of Service, and 2…
-
Trump Ousts Copyright Chief Amid AI Fair Use Clash
Perlmutter Out After Draft Report Calls Fair Use Into Question for AI Training. The Trump administration fired Shira Perlmutter as Register of Copyrights a day after her office’s report said that artificial intelligence developers’ use of copyrighted works goes beyond established fair-use boundaries. Whether Perlmutter’s firing by Trump is legal is unsettled. First seen on…
-
Microsoft will update Office apps on Windows 10 until 2028
Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-will-update-office-apps-on-windows-10-until-2028/
-
Wenn der Office 365 Outlook-Client lange Zeit keine E-Mails empfängt
Mit den in diesem detaillierten Leitfaden beschriebenen Lösungen können Sie häufige Probleme bei der Outlook-Synchronisierung beheben, z. B. wenn Office 365 Outlook-Clients über einen längeren Zeitraum keine E-Mails empfangen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-der-office-365-outlook-client-lange-zeit-keine-e-mails-empfaengt/a40784/
-
US Copyright Office found AI companies sometimes breach copyright. Next day its boss was fired
Some see an action to benefit Elon. The White House sees an agency obsessed with DEI First seen on theregister.com Jump to article: www.theregister.com/2025/05/12/us_copyright_office_ai_copyright/
-
Microsoft 365: Support für Office-Apps unter Windows 10 plötzlich erweitert
Entgegen früheren Angaben will Microsoft Windows-10-Nutzer nun doch noch weiter mit Sicherheitsupdates für Office-Anwendungen versorgen. First seen on golem.de Jump to article: www.golem.de/news/windows-10-support-fuer-microsoft-365-apps-ueberraschend-erweitert-2505-196095.html
-
Windows 10: Support für Microsoft-365-Apps überraschend erweitert
Entgegen früheren Angaben will Microsoft Windows-10-Nutzer nun doch noch weiter mit Sicherheitsupdates für Office-Anwendungen versorgen. First seen on golem.de Jump to article: www.golem.de/news/windows-10-support-fuer-microsoft-365-apps-ueberraschend-erweitert-2505-196095.html
-
Why CISOs Must Prioritize Cybersecurity Culture in Remote Work
In the era of remote and hybrid work, Chief Information Security Officers (CISOs) are now tasked with cultivating a strong cybersecurity culture in remote work, extending far beyond traditional responsibilities like managing firewalls and monitoring networks. The shift to distributed teams has dissolved the traditional office perimeter, exposing organizations to new vulnerabilities and threats. Employees…
-
Germany Shuts Down eXch Over $1.9B Laundering, Seizes Euro34M in Crypto and 8TB of Data
Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform.The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets…
-
Government will miss cyber resiliency targets, MPs warn
A Public Accounts Committee report on government cyber resilience finds that the Cabinet Office has been working hard to improve, but is likely to miss targets and needs a fundamentally different approach First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623627/Government-will-miss-cyber-resiliency-targets-MPs-warn