Latest News Articles
--- TLP:WHITE ---
News
− Microsoft fixes Acropalypse privacy bug in Windows 11 Snipping Tool
Microsoft is testing an updated version of the Windows 11 Snipping Tool that fixes a recently disclosed 'Acropalypse' privacy flaw that allows the partial restoration of cropped images.
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-acropalypse-privacy-bug-in-windows-11-snipping-tool/− German political parties accused of microtargeting voters on Facebook
Country's strong data rights under magnifying glass after half a dozen complaints filed from privacy activists at Noyb. The group claims six of Germany's political parties broke European data law when.
https://go.theregister.com/feed/www.theregister.com/2023/03/22/germany_complaints_noyb/Vulnerabilities
− Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
Ransomware and data related attacks are the top cybersecurity threats to the transport sector in the EU, ENISA says.
https://www.enisa.europa.eu/publications/enisa-transport-threat-landscape− Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies
A recent campaign undertaken by Earth Preta indicates that nation-state groups aligned with China are getting increasingly proficient at bypassing security solutions.
https://www.trendmicro.com/en_us/research/23/c/earth-preta-updated-stealthy-strategies.html− Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction.
https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/− Exchange Online to block emails from vulnerable on-prem servers
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from 'persistently vulnerable Exchange servers' 90 days after the admins are pinged to secure them.
https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078Community News
− New CISA tool detects hacking activity in Microsoft cloud services
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
https://github.com/cisagov/untitledgoosetool#about− What TikTok knows about you – and what you should know about TikTok
As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us.
https://www.welivesecurity.com/2023/03/24/what-tiktok-knows-you-should-know-tiktok/--- TLP:WHITE ---