Researchers have discovered a case of "forced authentication" that threat actors could exploit to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking the victim into opening a specially crafted Microsoft Access file. The attack exploits a legitimate database management system solution feature that enables users to link to external data sources such as a remote SQL Server table. NTLM, a challenge-response authentication protocol introduced by Microsoft in 1993, is used to authenticate users during sign-in.

According to the inaugural SMB Threat Report by Huntress, a company that provides a security platform and services to small and midsize businesses (SMBs) and Managed Service Providers (MSPs), malware-free attacks, attackers' increased reliance on legitimate tools and scripting frameworks, and Business Email Compromise (BEC) scams were the most prominent threats SMBs faced in the third quarter of 2023.

Hackers are targeting CVE-2023-49103, a critical ownCloud vulnerability that exposes admin passwords, mail server credentials, and license keys in containerized deployments. The ownCloud product is a popular open-source file synchronization and sharing solution for those who want to manage and share data through a self-hosted platform. On November 21, the developers of the software released security bulletins for three vulnerabilities that could lead to data breaches, suggesting that ownCloud administrators implement the recommended mitigations.

Law enforcement agencies in seven countries recently teamed up with Europol and Eurojust to dismantle a major Ukraine-based ransomware operation.  According to Europol, 30 properties were searched on November 21 in four regions of Ukraine, resulting in the arrest of a 32-year-old who is allegedly the operation’s ringleader, as well as four key accomplices.  This law enforcement activity is part of an operation that resulted in the arrests of a dozen individuals back in 2021.  Europol noted that the cybercrime operation targeted thousands of entities across 71 countries.

Google is disputing a recent report by a security vendor about a design flaw in Google Workspace that exposes users to data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's domain-wide delegation feature allows attackers to steal email from Gmail, exfiltrate data from Google Drive, and perform other unauthorized actions within Google Workspace Application Programming Interfaces (APIs) on all identities in a targeted domain.

On Monday, Ardent Health Services announced that its clinical and financial operations had been disrupted by a ransomware attack discovered on Thanksgiving morning.  The company noted that the incident forced it to take systems offline and suspend user access to IT applications, including corporate servers and internet and clinical programs.  The company stated that while this incident temporarily disrupts certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics.

According to new data from Truecaller, US consumers were deluged with an estimated two billion spam and scam calls last month.  The company noted that although the October 2023 figures are down from a high of over 2.6 billion spam calls in November 2022, they still represent nearly six nuisance or malicious calls per person per month.  In 2023 to date, the company estimates that Americans have wasted around 195 million hours answering these calls.

A collaboration between the tech startup Tide Foundation and RMIT University is turning groundbreaking research into a cybersecurity capability. Critical infrastructure in Australia, including ports, energy grids, and water supplies, reported 143 cyberattacks in the past year, up from 95 incidents the previous year. Clare O'Neil, Federal Minister for Cybersecurity, recently announced that 168 of the country's critical infrastructure assets would require improved cybersecurity, nearly doubling the 87 assets previously considered systems of national significance.

University of Bristol cyber-physical security researchers warn that smart farming devices can introduce digital security risks unless they are protected with encryption and other often overlooked security methods. One key takeaway from their paper "The Internet of Insecure Cows - A Security Analysis of Wireless Smart Devices Used for Dairy Farming" is that farmers have no way of knowing which agriculture technology products are secure by design or how effective their security controls may be.

A cyberattack affecting multiple conveyancing firms has disrupted House sales and purchases across the UK.  CTS, a legal sector specialist infrastructure service provider, recently confirmed in a statement that it has experienced a service outage caused by a cyberattack.  The firm said the cyberattack has impacted a portion of the services it delivers to some of its clients.  The firm noted that the outage is believed to have affected up to 200 law firms that use CTS’ services.