Microsoft OneDrive | Breaking Cybersecurity News | The Hacker News

The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as  dead drop resolvers , command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security defenses and making upstream infrastructure tracking and actor attribution more difficult," Recorded Future  said  in a report shared with The Hacker News. The cybersecurity firm described the approach as "living-off-trusted-sites" (LOTS), a spin on the living-off-the-land (LotL) techniques often adopted by threat actors to conceal rogue activity and fly under the radar. Prominent among the methods by which GitHub is  abused   relates  to  payload   delivery , with some actors leveraging its features for command-and-control (C2) obfuscation. Last month, ReversingLabs  detailed  a number of rogue

Microsoft has introduced a new password-protected folder within its OneDrive online file storage service that will allow you to keep your sensitive and important files protected and secured with an extra layer of authentication. Dubbed Personal Vault , the new OneDrive folder can only be accessed with an additional step of identity verification, such as your fingerprint, face, PIN, or a two-factor authentication code sent to you via email or SMS. The Personal Vault folder will appear next to other folders in the OneDrive app like your Documents and Pictures, but it will be locked and prompt you for an additional code each time you try to access them via the web, PC, or mobile devices, thus keeping them more secure in the event when someone gains access to your account or your device. Microsoft suggests this new protected area in OneDrive would be useful for users to store more sensitive and personal files like copies of passport, tax, car or home documents, identification cards,

For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,