Recent Security News
-
Microsoft: New critical Outlook RCE bug exploited as zero-day
February 14, 2024 at 03:12PM Microsoft updated a security advisory warning about a critical Outlook bug, tracked as CVE-2024-21413, leading to remote code execution if exploited. The vulnerability allows bypassing Protected View, affecting multiple Office products including Microsoft Outlook 2016 and Office 2019. Check Point researchers discovered the vulnerability called Moniker Link, recommending applying the…
-
Microsoft Catches APTs Using ChatGPT for Vuln Research, Malware Scripting
February 14, 2024 at 02:51PM Foreign government-backed hacking teams are leveraging OpenAI’s ChatGPT for malicious activities, including vulnerability research, target reconnaissance, and malware creation. Microsoft and OpenAI collaborated to study the use of large language models (LLMs) by these actors and found multiple known APTs experimenting with ChatGPT for malicious purposes. Microsoft took measures to…
-
Ransomware Epidemic at Romanian Hospitals Tied to Healthcare App
February 14, 2024 at 01:41PM A ransomware infection targeted around 100 hospitals in Romania, originating from the Hipocrate Information System (HIS) sold by Romanian Soft Company (RSC). The attack, starting on Feb. 10, led to demands for 3.5 BTC or 157,000 euro. Fortunately, most hospitals had relatively recent data backups, enabling easier restoration of services…
-
US Air Force’s new cyber, IT skill recruitment plan: Bring back warrant officer ranks
February 14, 2024 at 01:39PM The US Air Force is reintroducing warrant officer ranks exclusively for the cyber and information technology professions to enhance readiness against advanced threats from China and Russia. This move aims to attract tech talent and improve capabilities in the face of modernization and strategic adversaries. Additional technical career tracks and…
-
Microsoft Exchange update enables Extended Protection by default
February 14, 2024 at 12:41PM After installing Exchange Server 2019 CU14 or later, Extended Protection (EP) will be automatically enabled to strengthen Windows Server authentication and mitigate security risks. Admins should review Microsoft’s documentation and PowerShell script before toggling EP, and address any issues after enabling it. Microsoft encourages keeping servers updated to deploy emergency…