NEWS: Microsoft to Automatically Block 120 Risky File Extensions in OneNote

The Hacker News Daily Updates [Newsletter]( [cover]( [THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter]( Don't Let Cybercriminals Sneak in Through the Identity Perimeter: Get Actionable Solutions! [Download Now]( Sponsored LATEST NEWS Apr 4, 2023 [Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks]( The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to maintain a persistent presence on targeted networks." Also known by the names APT-C-23 and ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Think Before You Share the Link: SaaS in the Real World]( Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace’s homepage. It can be found six times on Microsoft 365’s homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are ‘collaboration’ will appear as part of the app’s key selling point. By sitting on the cloud, content ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions]( Microsoft has announced plans to automatically block embedded files with "dangerous extensions" in OneNote following reports that the note-taking service is being increasingly abused for malware delivery. Up until now, users were shown a dialog warning them that opening such attachments could harm their computer and data, but it was possible to dismiss the prompt and open the files. That's ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack]( The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. Russian cybersecurity firm Kaspersky, which has been internally tracking the versatile backdoor under the name Gopuram since 2020, said it observed an increase in the number of infections in March 2023 coinciding with the 3CX ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Western Digital Hit by Network Security Breach - Critical Services Disrupted!]( Data storage devices maker Western Digital on Monday disclosed a "network security incident" that involved unauthorized access to its systems. The breach is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "number of the company's systems." Following the discovery of the hack, Western Digital said it has initiated incident response efforts and ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Italian Watchdog Bans OpenAI's ChatGPT Over Data Protection Concerns]( The Italian data protection watchdog, Garante per la Protezione dei Dati Personali (aka Garante), has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect, stating it intends to investigate the company over whether it's unlawfully processing such data ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( ["It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete?]( Privileged Access Management (PAM) solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the harsh reality is that the vast majority of PAM projects either become a years-long project, or ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service]( A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter]( Don't Let Cybercriminals Sneak in Through the Identity Perimeter: Get Actionable Solutions! [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India