The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine.
Threatpost
Posts tagged "Against"
Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities
LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.
Threatpost
Microsoft Excel is making a big change to protect against malware
Excel 4.0 (XLM) macros are now disabled by default, Microsoft has confirmed. In a Tech Community blog post, the company revealed that the change has been made to better protect users against “related security threats” coming through spreadsheets.
Back in July 2021, the company released a new Excel Trust Center setting option, allowing administrators to restrict the usage of Excel 4.0 (XLM) macros. It has now made this option default for everyone.
Administrators can use existing Microsoft 365 applications policy control to configure this setting, the announcement reads. The Group Policy setting “Macro Notification Settings” for Excel can be found in the following path and registry key:
Group Policy Path: User configuration > Administrative templates > Microsoft Excel 2016 > Excel Options > Security > Trust Center.
Registry Key Path: Computer\HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office.0\excel\security
Malicious actors often abuse macros
Furthermore, administrators can manage this policy setting with both cloud policies, and ADMX policies. They can also completely block all XLM macro usage, including in new user-created files, by enabling the Group Policy, “Prevent Excel from running XLM macros”, Microsoft added.
Excel 4.0 (XLM) macros were the default format until 1993, and even though they’ve since been discontinued, they can still be run by the latest versions of the Office program. That makes them ideal for threat actors, who’ve been abusing them to push malware such as TrickBot, Zloader, Qbot, Dridex, ransomware, and many other malicious programs, BleepingComputer reminds.
The publication also reminds that in October 2019, Microsoft added a new Group Policy, allowing administrators to block Excel users from opening untrusted Microsoft query files with IQY, OQY, DQY and RQY extensions. It claims that these files have been weaponized in “numerous malicious attacks”, to deliver remote access Trojans and malware, for years.
XLM is disabled by default in version 16.0.14527.20000+, current Channel builds 2110 or greater, monthly Enterprise Channel builds 2110 or greater, semi-annual Enterprise Channel (Preview) builds 2201 or greater, and semi-annual Enterprise Channel builds 2201 or greater (coming this July).
- Here’s our rundown of the best antivirus software available now
Via: BleepingComputer
Organizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.
Threatpost
Zoom thinks it can help the fight against global terrorism
Far from just allowing users to stay in touch with family and friends around the globe, Zoom now also wants to tackle online terrorism.
The video conferencing giant has announced it is joining the Global Internet Forum to Counter Terrorism (GIFCT) alongside the likes of Microsoft, Amazon and Meta.
“It is our responsibility to support our users and protect them against online threats,” Josh Parecki, Zoom's associate general counsel for trust and safety, told Reuters. “By collaborating with other leaders across the industry, sharing key learnings and advancing research, we aspire to make the digital world a safer place for all.”
Zoom GIFCT
Formed by Facebook, Microsoft, Twitter, and YouTube in 2017 following a spate of deadly terrorist attacks across Europe, GIFCT says its mission is “to prevent terrorists and violent extremists from exploiting digital platforms.”
Now numbering 18 companies following Zoom's addition, the NGO was initially focused on sharing technical collaboration to combat online extremism, but has since expanded to managing a hash-sharing database.
This allows members to share unique “hashes” – records of original content that have had to be removed from their platforms or services following extremism concerns.
These hashes are then used by other GIFCT members to identify if similar content has been uploaded to their platforms.
In a statement, GIFCT Executive Director Nicholas Rasmussen said it was delighted to have Zoom as a partner. He noted that the group's mission “requires we work with a diverse range of companies …to develop cross-platform solutions that render terrorists and violent extremists ineffective across the Internet”.
After an initial surge in popularity and an explosion in user numbers at the start of the pandemic, Zoom came under heavy criticism for failing to secure its platform.
Following several high-profile “Zoombombing” incidents where outside parties were able to gain access to Zoom calls without permission, the company carried out a major upheaval of its security protections.
- Check out our list of the best collaboration tools around
Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
Threatpost
Cyber Command Publicly Joins Fight Against Ransomware Groups
U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.
Threatpost
Iranians Charged in Cyberattacks Against U.S. 2020 Election
The State Department has offered a $ 10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
Three US state laws are providing safe harbor against breaches
Three US state laws passed between 2018 and 2021 are encouraging organizations not currently following a cybersecurity control framework to look to update their security programs
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.
Threatpost