News & Updates
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors since November 2022.
Microsoft Word is finally getting a keyboard shortcut to paste plaintext
Microsoft is finally adding a keyboard shortcut to Word that lets you paste something as plaintext, stripping it of any formatting it had when you copied it. It’s the same Control + Shift + V shortcut that’s used in many other apps, and it’s currently rolling out to people using the Word beta on both Mac and PC, according to Microsoft’s Jennifer Gentleman.
Highlights from the New U.S. Cybersecurity Strategy
The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests.
DuckDuckGo’s new Wikipedia summary bot: “We fully expect it to make mistakes”
Not to be left out of the rush to integrate generative AI into search, on Wednesday DuckDuckGo announced DuckAssist, an AI-powered factual summary service powered by technology from Anthropic and OpenAI. It is available for free today as a wide beta test for users of DuckDuckGo’s browser extensions and browsing apps. Being powered by an AI model, the company admits that DuckAssist might make stuff up but hopes it will happen rarely.
Microsoft’s latest AI CoPilot could be the voice behind a deluge of work emails
If you notice that emails from salespeople or responses from customer support agents seem a bit off — or that they’ve gotten a significant bump in writing quality — you may have AI to thank. Microsoft has announced that it’ll be introducing AI features into Dynamics 365, its set of enterprise apps for customer relationship management and resource planning.
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date.
Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks
Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found.
BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems
The BlackLotus bootkit can bypass security protections on fully updated Windows 11 systems and persistently infect them, ESET’s analysis of the threat has revealed.
Major Windows 11 update adds Notepad tabs, iPhone pairing, and a dash of AI
Microsoft announced 2023's first major batch of updates for Windows 11, part of the company's plan to release new Windows features "when they are ready" instead of waiting for the big annual update in the fall.
Token protection in Azure AD Conditional Access – Microsoft Entra
Token protection (sometimes referred to as token binding in the industry) attempts to reduce attacks using token theft by ensuring a token is usable only from the intended device. When an attacker is able to steal a token, by hijacking or replay, they can impersonate their victim until the token expires or is revoked. Token theft is thought to be a relatively rare event, but the damage from it can be significant.