#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Microsoft OneNote | Breaking Cybersecurity News | The Hacker News

Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions

Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions
Apr 04, 2023 Attack Vector / Malware
Microsoft has announced plans to automatically block embedded files with "dangerous extensions" in OneNote following reports that the note-taking service is being  increasingly abused  for malware delivery. Up until now, users were shown a dialog warning them that opening such attachments could harm their computer and data, but it was possible to dismiss the prompt and open the files. That's going to change going forward. Microsoft said it intends to prevent users from directly opening an embedded file with a dangerous extension and display the message: "Your administrator has blocked your ability to open this file type in OneNote." The update is expected to start rolling out with Version 2304 later this month and only impacts OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms, including macOS, Android, and iOS, as well as OneNote versions available on the web and for Windows 10. "By default, OneNote blocks the sa

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery

IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery
Mar 28, 2023 Ransomware / Endpoint Security
Multiple threat actors have been observed using two new variants of the  IcedID malware  in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering additional malware, including ransomware. "The well-known IcedID version consists of an initial loader which contacts a Loader [command-and-control] server, downloads the standard DLL Loader, which then delivers the standard IcedID Bot," Proofpoint  said  in a new report published Monday. One of the new versions is a Lite variant that was  previously highlighted  as being dropped as a follow-on payload by the  Emotet malware  in November 2022. Also newly observed in February 2023 is a Forked variant of IcedID. Both these variants are designed to drop what's called a Forked version of IcedID Bot that leaves out the web injects and backconnect functionality that would typic

Hands-on Review: Cynomi AI-powered vCISO Platform

Hands-on Review: Cynomi AI-powered vCISO Platform
Apr 10, 2024vCISO / Risk Assessment
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe

Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe
Mar 28, 2023 Malware Attack / Hacking
A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed  DBatLoader . "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh  said  in a report published Monday. The findings build upon a previous report from SentinelOne last month that detailed phishing emails containing malicious attachments that masquerade as financial documents to activate the infection chain. Some of the file formats used to distribute the DBatLoader payload concern the use of a multi-layered obfuscated HTML file and OneNote attachments. The development adds to  growing abuse  of  OneNote files  as an initial vector for malware distribution since late last year in response to Microsoft's decision to block macros by default in files downloaded f

WATCH: The SaaS Security Challenge in 90 Seconds

cyber security
websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.

Emotet Rises Again: Evades Macro Security via OneNote Attachments

Emotet Rises Again: Evades Macro Security via OneNote Attachments
Mar 20, 2023 Endpoint Security / Email Security
The notorious Emotet malware, in its  return after a short hiatus , is now being distributed via  Microsoft OneNote email attachments  in an attempt to bypass macro-based security restrictions and compromise systems. Emotet , linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A  derivative  of the  Cridex   banking worm  – which was  subsequently   replaced  by  Dridex  around the same time GameOver Zeus was disrupted in 2014 – Emotet has  evolved  into a "monetized platform for other threat actors to run malicious campaigns on a pay-per-install (PPI) model, allowing theft of sensitive data and ransom extortion." While Emotet infections have acted as a  conduit  to deliver Cobalt Strike, IcedID, Qakbot, Quantum ransomware, and TrickBot, its return in late 2021 was  facilitated  by means of TrickBot. "Emotet is known for extended periods of ina

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Feb 03, 2023 Attack Vector / Endpoint Security
In a continuing sign that threat actors are adapting well to a  post-macro world , it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,  RedLine Stealer , Agent Tesla,  DOUBLEBACK , Quasar RAT, XWorm,  Qakbot ,  BATLOADER , and  FormBook . Enterprise security firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone. In some instances, the email phishing lures contain a OneNote file, which, in turn, embeds an HTA file that invokes a PowerShell script to retrieve a malicious binary from a remote server. Other scenarios entail the execution of a rogue VBScript that's embedded within the OneNote document and concealed behind an image that appears as a seemingly harmless button. The VBScript, for its part, is designed to drop a PowerShell script to run DOUBLEBACK
Cybersecurity Resources