Legitimate cloud storage services are increasingly being exploited for cyber espionage, so the discovery of a similar operation in the context of the Russian invasion of Ukraine was just a matter of time.

With many financial institutions continuing to feel an impact from The Great Resignation, and seeing tighter budgets across the board in 2023, security leaders are being asked to do more with less. So far in 2023, many organizations are hesitant to hire additional staff or even backfill open positions—forcing many security leaders to make do with fewer people than in the past.

The last decade has seen a notable step in the evolution of network security and operations as companies move to a Software Defined Network (SDN) model, centralising control of switches, routers, VPN concentrators, load balancers and SD-WAN devices. This simplifies the management and operation of the network, driving down operational costs and reducing risk through better patch and update management.

In the February 2023 Patch Tuesday, Microsoft fixed a remote code execution vulnerability in Microsoft Word, tracked as CVE-2023-21716. The vulnerability is critical, having a CVSS score of 9.8 out of 10, and could allow an attacker to execute code with the same privileges as the victim through rich text format (RTF) documents.

Emotet is undoubtedly a very resilient botnet. Even though its operation was disrupted by Europol in January 2021, Emotet came back a few months later and continues to spread. In May 2022, shortly after Microsoft released new controls related to malicious macros, Netskope Threat Labs analyzed an Emotet campaign where they were testing a new delivery method, by using LNK files.

Netskope Threat Labs publishes a monthly summary blog post of the top threats we are tracking on the Netskope platform. The purpose of this post is to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

A now fixed zero-day elevation of privilege (EoP) vulnerability in Microsoft Outlook (CVE-2023-23397) allows attackers to send craft emails to exploit Outlook. The vulnerability does not require user interaction to be exploited and runs even before the email is visualized in the preview pane of Outlook, which makes this vulnerability even more dangerous.

Late last year, the EU Parliament formally adopted a new Directive, NIS2, updating and superseding the existing NIS Directive which helped the organisations responsible for Europe’s critical national infrastructure to better understand, manage, and reduce their cybersecurity risk.

The Netskope Security team is happy to announce the official release of our newest Cloud Threat Exchange plugin built in-house, which now allows users to pull threat data discovered by SecLytics. This integration leverages the SecLytics Bulk API to allow users to pull identified URL, IP, and CIDR block indicators of behavior (IoBs) into Cloud Exchange.

BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking affiliates and stating that they would take 15% of the profit, which is below the typical average of 20-30%. On February 28, 2023, a new variant of BlackSnake was spotted, and is notable for having a clipper module that targets cryptocurrency users.