Cyber Security Headlines: PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks

New PDF MalDoc allows evasion of antivirus

Researchers from Japanese cybersecurity research firm JPCERT/CC have identified a new technique for evading antivirus technology that is achieved by embedding a Microsoft Word file into a PDF. Called MalDoc in PDF by the researchers, this polyglot has already been seen in the wild. They are quoted in The Hacker News saying, “A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF […] If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

(The Hacker News and JPCert)

MinIO Storage system being used to compromise servers

The exploits are being performed by an unknown threat actor with the goal of achieving code execution on affected servers. This is according to a report from cybersecurity and incident response firm Security Joes, who stated, “the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance.” The vulnerabilities in question are numbered CVE-2023-28432 (CVSS score: 7.5) and CVE-2023-28434 (CVSS score: 8.8). This second CVE was added to the CISA Known Exploited Vulnerabilities catalog on April 21.

(The Hacker News and Security Joes)

Okta warns of IT help desk attacks

Okta, an identity and access management company, has issued a warning about a new wave of social engineering attacks aimed at IT service desk agents at some of its US-based customers. The company says these attacks are aimed at Okta Super Administrator accounts in order to get them to reset MFAs for power users. According to Bleeping Computer, “Okta has provided indicators of compromise for attacks observed between July 29 and August 19” and has also provided a list of IP addresses associated with these attacks, as well as security measures that should be taken.

(Bleeping Computer)

Germany anticipates a cybercrime cost of $224 billion

This number was presented by Bitkom, a German digital association, and is based on their survey of more than one thousand companies, of which three quarters had been affected by cyberattacks in the past year. That number is actually down from 84 percent the year prior, an indicator, the organization says, of improved awareness and protective measures. Germany’s economy is considered among the strongest in the EU.

(Security Affairs)

Huge thanks to our sponsor, DataBee, from Comcast Technology Solutions

Data rules everything around us – but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee can help your organization make better informed decisions, quickly and cost-effectively. Visit

British high school suffers cyberattack, goes offline

Just in time for back to school, the Church of England Debenham High School, a private high school in the eastern county of Suffolk in the UK, suffered the attack last week, although representatives from the school state that thanks to up-to-date safeguards, no personal information was lost, and that restoration is happening quickly. Although this is an isolated occurrence, it serves as a reminder that schools and hospitals remain in the crosshairs of many cyberattack groups, especially those that lack the resources or collective awareness to institute protections such as DMARC for emails.

(InfoSecurity Magazine)

University of Sydney suffers breach

In another school related cyberattack story, this attack has been described by university representatives as breach “suffered by a third-party service provider [that] exposed the personal information of recently applied and enrolled international applicants.” The school says the breach affected only a small number of applicants and did not affect local students, staff, alumni, or donors. The school has not elaborated on the type of information exposed, or the nature of the attack, but did say that it affected only a single platform within the University’s systems.

(Security Affairs)

The Windows 11 23H2 update is almost here

Microsoft has released the most anticipated features of its upcoming mid-year update to Windows 11 to testers in the Beta channel. According to Bleeping Computer, these are: Copilot, an AI assistant that works with Bing Chat, an updated File Explorer interface that allows for faster and more intuitive access to files, and an improved power use energy report, including a “battery usage per app” feature that monitors energy consumption on an app-by-app basis.

(Bleeping Computer)

Windows will disable insecure TLS soon

In additional Windows news, Microsoft will be disabling insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols by default in future releases, but the option to re-enable them manually will exist. The two protocols were replaced by TLS 1.3. in March 2018.

(Bleeping Computer)

Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.