Multiple security firms have recently observed an unusual surge in threat actors taking advantage of OneNote to deliver malware. (Image credit: Igor Golovniov/SOPA Images/LightRocket via Getty Images)
Microsoft improved security for OneNote by blocking files with potentially hazardous extensions from the popular note-taking software.In a Microsoft 365 security update, the company announced it will block by default the same extensions as Outlook, Word, Excel, and PowerPoint to defend users against ongoing phishing attacks associated with OneNote. The list includes a total of 120 extensions, including .XLL, .ISO, .BAT, and .JS, according to a Microsoft 365 support page. full list of blocked extensions
The change now completely blocks suspicious OneNote attachments instead of issuing a warning if a dangerous extension is detected. The user will instead receive a dialog stating that the administrator has restricted their ability to open the file type.
OneNote warning with new change (Credit: Microsoft)
OneNote is a digital note-taking application bundled in the Office suite and allows users to create, organize and share notes across multiple devices. In February, multiple security firms reported an unusual surge in threat actors abusing OneNote to deliver malware. According to Proofpoint, six campaigns were detected using OneNote documents to deliver the AsyncRat malware in December 2022, while over 50 OneNote campaigns were discovered delivering various malware payloads in January. “Since Microsoft began blocking macros by default in 2022, threat actors have experimented with many new tactics, techniques, and procedures, including the use of previously infrequently observed filetypes such as virtual hard disk (VHD), compiled HTML (CHM) and now OneNote (.one),” Proofpoint said in a February blog post. Microsoft plans to roll out the feature with Version 2304 in April. The change will affect OneNote for Microsoft 365 on Windows devices. The update, however, does not affect OneNote on Mac OS, OneNote on Android or iOS devices, OneNote on the web, or OneNote for Windows 10. Versions of OneNote affected by the change (Credit: Microsoft)
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.
Such an extensive OpenAI account credential theft may have been achieved by exploiting vulnerabilities or securing admin credentials to infiltrate the auth0.openai.com subdomain, according to Malwarebytes researchers, who noted that confirmation of the leak's legitimacy would suggest emirking's access to ChatGPT conversations and queries.
Aside from delivering unencrypted device and mobile app registration information to Volcano Engine servers owned by TikTok parent firm ByteDance, DeepSeek's iOS app has also been leveraging an insecure symmetric encryption algorithm, a hardcoded encryption key, and old initialization vectors, an audit from NowSecure showed.