Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default.
Microsoft Restricts Excel 4.0 Macros by Default
Cloud Security Provider Anitian Raises $55 Million
Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding round led by Sageview Capital.
The new investment brings the total raised by Anitian $71 million and provides fresh capital to fuel ambitious expansion plans.
CISA Releases Final IPv6 Security Guidance for Federal Agencies
The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies.
Prolific Chinese APT Caught Using ‘MoonBounce’ UEFI Firmware Implant
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements.
Microsoft Edge Adds Security Mode to Thwart Malware Attacks
A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Thousands of Industrial Firms Targeted in Attacks Leveraging Short-Lived Malware
Thousands of industrial organizations worldwide have been hit in campaigns that leverage short-lived malware to harvest corporate credentials that are then sold by threat actors for a profit, according to Kaspersky.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
ICS Vendors Targeted in Espionage Campaign Focusing on Renewable Energy
Major industrial control system (ICS) vendors and other types of organizations have been targeted in a cyberespionage campaign that appears to focus on renewable energy.
Details Published on AWS Flaws Leading to Data Leaks
Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.
