Tag: office
-
‘CISOs sprechen heute die Sprache des Business”
Nick Godfrey, Leiter des Office of the CISO bei Google Cloud Google CloudAls Senior Director und Leiter des Office of the CISO bei Google Cloud ist es die Aufgabe von Nick Godfrey, das Unternehmen beim Austausch zwischen CISOs rund um die Themen Cloud und Security zu unterstützen. Godfrey, selbst ehemaliger Sicherheitsverantwortlicher bei einem Finanzdienstleister, leitet…
-
From Managing Vulnerabilities to Managing Exposure: The Critical Shift You Can’t Ignore
Tags: ai, attack, best-practice, breach, business, cloud, computing, control, cyber, cybersecurity, data, data-breach, endpoint, identity, infrastructure, intelligence, Internet, office, risk, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-managementVulnerability management remains core to reducing cyber risk, but as the attack surface grows, teams need a risk-driven strategy that looks beyond vulnerabilities to see the bigger picture. Discover how exposure management unifies data and prioritizes real exposures, keeping teams proactive and ahead of cyber threats. The limits of siloed security Over the years, the…
-
Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time
Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered productivity assistant, Microsoft 365 Copilot, and its suite of Office apps. The integration of SafeLinks protection at time-of-click marks a significant step forward in safeguarding users from modern cyber threats. AI is revolutionizing workflows across industries, and Microsoft Copilot is at…
-
US indicts Yemeni man in Black Kingdom ransomware attacks
The U.S. Attorney’s Office for the Central District of California announced charges against Rami Khaled Ahmed for allegedly helping to develop and deploy Black Kingdom, which infected “approximately 1,500 computer systems.” First seen on therecord.media Jump to article: therecord.media/us-indicts-yemeni-man-black-kingdom-ransomware
-
British Library avoids investigation over ransomware attack, praised again for response
The U.K. Information Commissioner’s Office said it will not investigate the British Library over a 2023 ransomware attack. The institution will not face potential monetary penalties or a reprimand. First seen on therecord.media Jump to article: therecord.media/british-library-no-ico-investigation-ransomware-attack
-
Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?
Tags: cisa, cybersecurity, government, office, risk, risk-management, sbom, software, technology, toolCISA’s Secure by Design effort is ‘tiny’: Not everyone believes in the concept of security by design. Jeff Williams, founder and CTO of Contrast Security and creator of the first OWASP Top 10 list in 2002, told CSO that, in his view, the very first secure-by-design manual was the vaunted August 1983 “Orange Book” produced…
-
Exposure Management Works When the CIO and CSO Are in Sync
Tags: access, ai, attack, business, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, endpoint, finance, infrastructure, jobs, office, risk, strategy, technology, threat, tool, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CIO Patricia Grant looks at how the CIO/CSO relationship is key to a successful exposure management program. You can read the entire Exposure Management Academy series here. When I…
-
4 big mistakes you’re probably still making in vulnerability management”¦and how to fix them
Tags: attack, automation, business, cloud, cve, data, endpoint, mitigation, office, risk, software, threat, tool, update, vulnerability, vulnerability-managementWhy is it a problem? Monthly, weekly, or even daily scans used to be adequate. Now? They leave blind spots. Cloud resources, remote endpoints, VMs”¦ can spin up and vanish in minutes, and you’ll never catch those with a scan that runs on a schedule.Fix it! Shift to continuous scanning. Use tools that integrate with…
-
Microsoft Office 365 MFA targeted by ‘SessionShark’ phishing kit
First seen on scworld.com Jump to article: www.scworld.com/news/microsoft-office-365-mfa-targeted-by-sessionshark-phishing-kit
-
6 types of risk every organization must manage, and 4 strategies for doing it
Tags: ai, attack, backup, best-practice, breach, business, compliance, control, cyber, cybersecurity, data, finance, framework, fraud, GDPR, governance, government, grc, hacker, healthcare, infrastructure, insurance, intelligence, law, mitigation, office, phishing, ransom, ransomware, regulation, risk, risk-assessment, risk-management, service, startup, strategy, technology, threat, training, vulnerabilityCybersecurity risks Threats such as data breaches, phishing attacks, system intrusions, and broader digital vulnerabilities fall under the umbrella of security risks. The definition of cybersecurity risk is constantly evolving, now encompassing threats related to artificial intelligence and AI-driven systems.If you’re trying to mitigate risks in this area, you need to think not just about…
-
‘SessionShark’ A New Toolkit Bypasses Microsoft Office 365 MFA Security
Tags: 2fa, authentication, cyber, cybercrime, marketplace, mfa, microsoft, office, phishing, service, threatSecurity researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users: a phishing-as-a-service toolkit dubbed “SessionShark O365 2FA/MFA.” Promoted through cybercriminal marketplaces, SessionShark is designed to bypass Microsoft’s multi-factor authentication (MFA) protections”, an alarming escalation in the ongoing battle between defenders and cyber attackers. A Toolkit Purpose-Built to Evade 2FA and MFA…
-
U.S. Secret Service Reveals Ways to Identify Credit Card Skimmers
With credit card skimming crimes escalating nationwide, the U.S. Secret Service’s Washington Field Office is sharing essential tips for the public to protect themselves from this growing threat, shared by Officials in LinkedIn post. According to the agency, credit card skimming involves criminals installing illicit devices to steal card information, has become a “low-risk, high-reward”…
-
‘SessionShark’ ToolKit Evades Microsoft Office 365 MFA
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it’s anything but. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/sessionshark-toolkit-microsoft-365-steal-tokens
-
New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT
A recently uncovered cyberattack campaign has brought steganography back into the spotlight, showcasing the creative and insidious methods attackers employ to deliver malware. This operation, dubbed the >>Stego-Campaign,
-
New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins
SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake… First seen on hackread.com Jump to article: hackread.com/sessionshark-phishing-kit-bypass-mfa-steal-office-365-logins/
-
Angriffswelle im April 2025 auf NGOs über Office 365 Accounts und SharePoint-Links?
Frage an die Administratoren von Microsoft Tenants mit Office 365-Konten: Beobachtet ihr verstärkt Angriffe auf diese Konten. Mir liegt eine Lesermeldung vor, die nahelegt, dass NGOs verstärkt im Fokus solcher Angriff sein könnten. Ich stelle das Thema mal hier im … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/24/angriffswelle-im-april-2025-auf-ngos-ueber-office-365-accounts-und-sharepoint-links/
-
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely
SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls, causing widespread network disruptions. Tracked as CVE-2025-32818, this flaw carries a CVSS v3 score of 7.5 and affects dozens of firewall models across its Gen7 and TZ80 product lines. The…
-
SpyMax Android Spyware: Full Remote Access to Monitor Any Activity
Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of Android spyware, cleverly disguised as the official application of the Chinese Prosecutor’s Office (检察院). This malicious software was targeting Chinese-speaking users in mainland China and Hong Kong in what appears to be a sophisticated cyber espionage campaign. Exploiting Android Accessibility Services…
-
Will politicization of security clearances make US cybersecurity firms radioactive?
Tags: access, business, ceo, cisa, cisco, ciso, credentials, crowdstrike, cybersecurity, disinformation, election, government, infrastructure, intelligence, law, microsoft, network, office, risk, spyware, strategy, threatWhat brought this on: This is mostly a reaction to a White House order on Wednesday that tied security clearances to supporting political concepts. The order chastised Chris Krebs, the former head of Trump’s Cybersecurity and Infrastructure Security Agency (CISA). “Krebs’ misconduct involved the censorship of disfavored speech implicating the 2020 election and COVID-19 pandemic. CISA, under…
-
Office 2016 and Office 2019 reach end of support in October
Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-office-2019-reach-end-of-support-in-october/
-
Back-Office Servicer Says Dual Hacks in 2024 Hit 1.6 Million
Landmark Admin Compromise Affects More Than a Dozen Insurance and Annuity Carriers. Landmark Admin, a third-party vendor that provides administrative services to life insurance and annuity companies, said 1.6 million people are potentially affected by 2024 ransomware and data exfiltration incidents that compromised a wide range of personal, financial and health information. First seen on…
-
UK Fines Law Firm 60,000 Pounds for Ransomware Data Breach
Firm Failed to Close Outdated User Account, Waited 43 Days to Notify Regulators. The U.K. Information Commissioner’s Office imposed a fine of 60,000 pounds against Liverpool-based law firm DDP Law for GDPR violations relating to a 2022 ransomware hack and data leak that exposed sensitive information including the details of its clients’ cases. First seen…
-
Beware! Online PDF Converters Tricking Users into Installing Password-Stealing Malware
CloudSEK’s Security Research team, a sophisticated cyberattack leveraging malicious online PDF converters has been demonstrated to target individuals and organizations globally. This attack, previously hinted at by the FBI’s Denver field office, involves the distribution of potent malware, known as ArechClient2, which is a variant of the harmful SectopRAT family of information stealers. The Deception…
-
Malicious Macros Return in Sophisticated Phishing Campaigns
The cybersecurity landscape of 2025 is witnessing a troubling resurgence of malicious macros in phishing campaigns. Despite years of advancements in security measures and Microsoft’s decision to disable macros by default in Office applications, attackers have adapted their methods to exploit human vulnerabilities and technical loopholes. These malicious macros, embedded within seemingly legitimate documents, have…
-
KB5002623 behebt Patchday-Fehler – Notfall-Update für Microsoft Office behebt kritischen Fehler
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-office-2016-update-kb5002623-behebt-absturzprobleme-a-9084d0054e8510dae99ea82a1f954257/
-
Microsoft blocks ActiveX by default in Microsoft 365, Office 2024
Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-blocks-activex-by-default-in-microsoft-365-office-2024/
-
UK appoints security and intelligence specialist as ambassador to France
Sir Thomas Drew, previously a top official in the Foreign Office and a key figure in Britain’s response to Russia’s invasion of Ukraine, will be the U.K.’s ambassador to France as the two countries prepare to work more closely on security issues. First seen on therecord.media Jump to article: therecord.media/thomas-drew-security-intelligence-specalist-uk-ambassador-france
-
14th April Threat Intelligence Report
The United States Office of the Comptroller of the Currency (OCC), an independent bureau of the Department of the Treasury, has suffered a significant security breach. Threat actors have gained access to […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2025/14th-april-threat-intelligence-report/
-
Microsoft Issues Urgent Patch to Fix Office Update Crash
Microsoft has released an urgent patch for Office 2016 to address a critical issue causing key applications like Word, Excel, and Outlook to crash unexpectedly. The new update, KB5002623, was issued on April 10, 2025, following widespread reports of performance disruptions attributed to the earlier KB5002700 update. This latest patch applies exclusively to the Microsoft…