Acer is a well-known tech company that's based in Taiwan and with facilities and offices around the world. The company's main headquarters are in San Jose, California, in the United States. The company is known for engineering, technical manufacturing, and creating many products in the electronics industry today. The organization recently suffered a significant data attack that may have exposed company secrets, product keys, and many software images that could hurt the organization.

We recently issued the Cato Networks SASE Threat Research Report, which highlights cyber threats and trends based on more than 1.3 trillion flows that passed through the Cato SASE Cloud network during the second half of 2022. The report highlights the most popular vulnerabilities that threat actors attempted to exploit, and the growing use of consumer applications that may present a risk to the enterprise.

In part one, we examined how threat actors abuse a OneNote document to install an infostealer. Part 2 of this series discusses an AsyncRAT infection chain while detailing important parts of the code. We’ll also quickly analyze other notable malware strains such as Qakbot and RemcosRAT.

Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files. Once clicked, an attacker can use the embedded code for various malicious purposes, such as stealing data or installing ransomware on victims' systems.

JavaScript is the world’s most popular programming language, providing many web frameworks that help developers build secure, reliable Node.js web applications. Each framework has unique features, and which framework is right for you depends on your preference and the type of application you intend to create. With so many frameworks available, you need a way to assess their security.

On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to be of critical severity, Microsoft assessed at the time of publication that the vulnerability was “less likely” to be exploited, and no proof-of-concept exploit was available. Microsoft also noted that the vulnerability may be exploited through the Preview Pane in Microsoft Outlook.

It’s been three years since the California Consumer Privacy Act (CCPA) came into effect, marking improved security and data privacy for individuals both inside and outside of California. However, just because the law has been in effect, it doesn’t mean that all organizations are actively complying with the statutes.

Getting the basics right sounds simple enough, but it will demand a detailed focus.