The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates…

Netwrix announced additional findings for the healthcare sector from its global 2022 Cloud Security Report, revealing that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. Phishing was the most common type of attack reported. “The healthcare sector is…

The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…

YouMail, the leading provider of call protection services for consumers, enterprises, and service providers, and WMC Global, a 16-year leader in mobile threat intelligence, today announced their joint cybersecurity intelligence solution that safeguards against voice and SMS phishing scams. The partnership between YouMail and WMC Global is a first-of-its-kind offering that protects brands and their…

Leveraging threat intelligence to combat nation state espionage threats is a common practice for cybersecurity teams. However, outside of common types of fraud seen in darkweb or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. If you are a target of APT threats by espionage actors, buying access to…

Initially announced in February, the macro-blocking feature is meant to prevent phishing attacks by making it more difficult for users to enable macros in documents received from the internet. Small snippets of code embedded in Office documents, macros have long been abused by threat actors in phishing attacks and for malware delivery. In 2016, Microsoft…

According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targets into installing a loader for additional malware previously attributed to EvilCorp. Even more ominously, Microsoft said its research teams discovered EvilCorp malware distribution tactics and observed behavior all over the…