Initially announced in February, the macro-blocking feature is meant to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet. Small snippets of code embedded in Office documents, macros have long been abused by threat actors in phishing attacks and for malware delivery. In 2016, Microsoft…

According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targets into installing a loader for additional malware previously attributed to EvilCorp. Even more ominously, Microsoft said its research teams discovered EvilCorp malware distribution tactics and observed behavior all over the…

A new study polling 1,000 software developers and startup employees found 29% of companies use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach. Unprotected production data is defined as data that is not de-identified…

Transport layer security (TLS) is the modern version of the now-deprecated secure socket layer (SSL) protocol. Due to multiple vulnerabilities within SSL, organizations require a more robust protocol to coincide with the increasing number of web-based technologies. For example, unlike SSL, TSL allows you to negotiate encryption on regular ports and protocols such as IMAP…

Obi-Wan Kenobi is set ten years after the proclamation of the Galactic Empire, and nine years before said Galactic Empire left the critical infrastructure facility DS-1 Orbital Battle Station (more commonly known as the Death Star) so scandalously vulnerable that it was attacked and largely destroyed by the Rebel Alliance. I watched the series in…

Smart technology continues to change how people live and interact with the cities around them. While the full value of a connected city evolves – one that leverages innovations powered by artificial intelligence and machine learning – cybersecurity stands as one of its greatest challenges. The Smart City Conundrum While the promise of Smart Cities…

Our in-depth analysis of what began as an unusual PowerShell script revealed intrusion sets associated with Gootkit loader. In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files. We uncovered this tactic through managed extended detection and response (MxDR) and by investigating…

A zero trust strategy establishes rules and good practices to improve the security and resiliency of your IT infrastructure, but what can it do for operational technologies (OT)? It turns out, quite a bit – but there are limits. Last fall, my colleague Greg Young wrote a blog post IoT and Zero Trust are Incompatible?…