Microsoft Outlook for Mac Spoofing Vulnerability

CVE-2023-35619

Microsoft Outlook Elevation of Privilege Vulnerability

CVE-2023-23397

Outlook for Android Elevation of Privilege Vulnerability.

CVE-2022-24480

Security analysts expect little improvement until at least the second half of the year.

Financial activity in the cybersecurity industry declined sharply in the first quarter of 2023 compared to the same period in 2022, and analysts tracking the sector expect little improvement until at least the second half of the year.

Even that expectation is tinged with some uncertainty over how the market will respond — in the short and long term — to Silicon Valley Bank's (SVB) stunning collapse in mid March and the resulting impact on venture capital funding in the sector.

And meanwhile, next quarter in fact might be the slowest for cybersecurity startup funding in years, at least one researcher predicts.

**Continued Financial Headwinds for Cyber**

"Conservatism and expectations for continued headwinds throughout 2023 were the recurring themes across the public cybersecurity company annual earnings calls held throughout the first quarter," says Eric McAlpine, founder and managing partner at Momentum Cyber. "\[Strategic decision makers\] are approaching the rest of the year with great caution and that has downstream impact for everyone else in the ecosystem."

The cautionary tone comes amid lingering fears of a broad economic recession, falling stock prices and huge layoffs at technology giants such as Amazon, Meta, Microsoft, and Tesla. Though analyst firms such as IDC expect cybersecurity spending to increase 12.1% in 2023 to $219 billion, there are some fears that inflation and rising technology costs could dent the gains organizations are hoping to get from the increased spending.

McAlpine says that through Feb. 28, Momentum Cyber has tracked 32 cybersecurity M&A deals totaling $2.6 billion in disclosed deal value and 102 financing deals totaling $2.5 billion in value. That is down sharply from the M&A deal volume of $13.8 billion across 79 deals that Momentum Cyber tracked in the year-ago quarter. In Q2 last year, that number surged to a record $89.8 billon before dipping sharply in the last half of the year.

"Both M&A and financing deal count and dollar value are down considerably from the same period in 2022 as we continue to deal with turbulent markets," he says.

Market research firm Omdia reported a similar slowdown in the first quarter of 2023 with analyst Ketaki Borade describing the volume of M&A transactions so far this year as just over half of last year's volume in the same period: 44 versus 97 in 2022.

Notable M&A examples in the first quarter of 2023 include Thoma Bravo’s $1.1 billion acquisition of Magnet Forensics, Francisco Partners' purchase of Sumo Logic for $1.7 billion, and SailPoint's acquisition of SecZetta for an undisclosed sum in January.

**Broad Investment Slowdown, Including in VC**

It was not just M&A activity that slowed in the first three months of 2023. Venture capital and other investment activity in cybersecurity companies declined as well says Richard Stiennon, chief research analyst at market research firm IT-Harvest.

Stiennon says IT-Harvest tracked a total of 41 investments totaling some $1.35 billion in cybersecurity companies through March: "That is at an annual rate of only $8 billion \[which is\] considerably down from 2022, which saw investments of $17 billion, and 2021, which set an all-time high of $24 billion." 

Of the 41 investments, there were seven rounds of $50 million or more which accounted for $893 million of the total $1.35 billion, Stiennon says. There have been no initial public offerings (IPOs) so far this year.

Despite the general slowdown in cybersecurity M&A and investment activity, the first three months of 2023 had its share of major transactions. Easily the standout among them was Israeli cloud security vendor Wiz' capital raise of $300 million in a Series D financing round in February that valued the company at an astounding $10 billion, Stiennon says. That made Wiz the highest valued private cybersecurity firm ever.

Stiennon points to a $205 million growth funding round that identity management vendor Saviynt secured from AB Private Credit Investors and $180 million in equity investments and strategic financing that MDR vendor Deepwatch raised in February, as two other major deals in 2023's first quarter. Yet another was a $500 million capital raise by Alphabet spinoff Sandbox AQ in February.

**Hot Sectors**

As has always been the case, some segments within the cybersecurity industry received more love from investors than other segments. Rik Turner, an analyst with Omdia, identified the segments that have received the largest amounts of funding so far in 2023 as network security, security management, and SecOps. These sectors have perennially been attractive to investors, he says. 

"Others such as cloud, application, and data security are now also mainstays within the overall totals," Turner says. "\[The trend\] speaks to the growing amount of cloudification of app infrastructures, which was already underway before the pandemic, but was undoubtedly turbocharged by it."

Several of the technologies that investors are betting on are also — unsurprisingly — the areas where enterprise organizations are spending most of their security dollars on as well. In a recent Dark Reading virtual event, Chenxi Wang, founder and general partner of Rain Capital, identified cloud security, network security, identity and access management, SecOps, and application security as some of the top spending priorities for organizations currently.

In comments to Dark Reading, Wang says based on her observation, overall deal volumes and the velocity of strategic deals decreased in the first three months of 2023. "We observed the same thing on the venture side. Less companies are getting funded compared to last year."

**A Cautious Cyber-Investment Outlook for the Rest of 2023**

Wang and other industry analysts have a somewhat cautious outlook on M&A and investment activity in the cybersecurity sector for the rest of the year. 

One major issue is how SVB's demise will playout over the rest of the year. Wang believes — like many others — that the SVB collapse will make it harder for startups and early-stage companies — especially those with a high-risk appetite — to get funding. 

"In the long run, it means less companies will cross the chasm to scale up and become a sustainable business," she says.

McAlpine is less concerned about the short-term implications of SVB's implosion. The immediate slowdown in financial activity that the bank's collapse triggered has already begun reversing itself. But the longer-term impact may not be evident for years. 

"Going forward, we're advising companies to avoid putting all their eggs in one basket," he says. "Working with multiple banks, for example, \[such as\] one global bank and one regional bank, can help to avoid business interruptions during this period of volatility in the banking system."

He expects that things will start to loosen up sooner rather than later. Financing and M&A activity can't remain in a state of limbo forever, he says. Many companies will still need capital to reach the next stage of their business, even if they're able to adjust and extend their runway near term. "We also expect to see more companies take a parallel approach where they pursue financing and M&A at the same time," he says. "This gives them optionality if one or the other doesn't materialize at a valuation that's acceptable to founders and investors."

Steinnon, who expected a lot of funding that didn't happen last year to be pushed into 2023, says he is underwhelmed by what he has seen so far this year. But he predicts investment and M&A activity will begin ticking upward starting in the third quarter and will at least match 2020's total of $10 billion. 

He predicts that the second quarter of 2023 will be the slowest investment quarter in years in the cybersecurity industry. 

"Fallout from SVB's failure is going to have a negative impact on all funding, including in cybersecurity," he says. "I fully expect private equity to take advantage of decreased valuations \[and\] to snap up deals from the public and private sectors."

Cybersecurity Investment Outlook Remains Grim as Funding Activity Sharply Declines

Microsoft Outlook for Mac Security Feature Bypass Vulnerability.

CVE-2022-23280

Microsoft Outlook for Mac Security Feature Bypass Vulnerability

This week on the Lock and Code podcast, we speak with Anna Brading and Mark Stockley from Malwarebytes about the apparent "appeal" of Little Brother surveillance, whether the tenets of privacy can ever fully defeat that surveillance, and what the possible merits of this surveillance could be.

_This week on the Lock and Code podcast…_

A worrying trend is cropping up amongst Americans, particularly within Generation Z—they’re spying on each other more.

Whether reading someone’s DMs, rifling through a partner’s text messages, or even rummaging through the bags and belongings of someone else, Americans _enjoy_ keeping tabs on one another, especially when they’re in a relationship. According to recent research from Malwarebytes, a shocking 49% of Gen Zers agreed or strongly agreed with the statement: “Being able to track my spouse’s/significant other’s location when they are away is extremely important to me.”

On the Lock and Code podcast with host David Ruiz, we’ve repeatedly tackled the issue of surveillance, from the NSA’s mass communications surveillance program exposed by Edward Snowden, to the targeted use of Pegasus spyware against human rights dissidents and political activists, to the purchase of privately-collected location data by state law enforcement agencies across the country. But the type of surveillance we’re talking about today is different. It isn’t so much “Big Brother”—a concept introduced in the socio-dystopian novel 1984 by author George Orwell. It’s “Little Brother.”

As far back as 2010, in a piece titled “Little Brother is Watching,” author Walter Kirn wrote for the New York Times:

>  “As the internet proves every day, it isn’t some stern and monolithic Big Brother that we have to reckon with as we go about our daily lives, it’s a vast cohort of prankish Little Brothers equipped with devices that Orwell, writing 60 years ago, never dreamed of and who are loyal to no organized authority. The invasion of privacy — of others’ privacy but also our own, as we turn our lenses on ourselves in the quest for attention by any means — has been democratized.”

Little Brother is us, recording someone else on our phones and then posting it on social media. Little Brother is us, years ago, Facebook stalking someone because they’re a college crush. Little Brother is us, watching a Ring webcam of a delivery driver, including when they are mishandling a package but also when they are doing a stupid little dance that we requested so we could post it online and get little dopamine hits from the Likes. Little Brother is our anxieties being _soothed_ by watching the shiny blue GPS dots that represent our husbands and our wives, driving back from work.

Little Brother isn’t just surveillance. It is increasingly popular, normalized, and accessible surveillance. And it’s creeping its way into more and more relationships every day. 

So, what can stop it? 

Today, we speak with our guests, Malwarebytes security evangelist Mark Stockley and Malwarebytes Labs editor-in-chief Anna Brading, about the apparent “appeal” of Little Brother surveillance, whether the tenets of privacy can ever fully defeat that surveillance, and what the possible merits of this surveillance could be, including, as Stockley suggested, in revealing government abuses of power. 

> “My question to you is, as with all forms of technology, there are two very different sides for this. So is it bad? Is it good? Or is it just oxygen now?” 

Tune in today to listen to the full conversation.

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

 Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 

**DUBLIN, Oct. 27, 2022 /PRNewswire/ —** The "Banking Encryption Software Market Size, Share & Trends Analysis Report by Component, by Deployment, by Enterprise Size, by Function (Cloud Encryption, Folder Encryption), by Region, and Segment Forecasts, 2022-2030" report has been added to **ResearchAndMarkets.com's** offering.

The global banking encryption software market size is expected to reach USD 5.03 billion by 2030, expanding at a CAGR of 13.0% from 2022 to 2030, according to this study conducted. The growing need for modern security solutions worldwide is anticipated to drive the growth of the industry. In addition, the rising incidences of cyber-attacks also bode well for growth.

Banking encryption software facilitates the confidential exchange of vital data by encrypting the data at the sender's end in a form not readable without a proper authentication key, which is usually in the form of a password. The receiver can use the authentication key to decrypt the data and read it. The strong emphasis banks and other financial institutions are putting on securing data transactions is driving the adoption of banking encryption software.

The growing partnerships among the encryption software providers are expected to drive market growth. For instance, In April 2021, Google Cloud and Broadcom collaborated. This collaboration increased the integration of cloud services into Broadcom's primary software franchises. In this partnership, Broadcom was able to make enterprise operations software and its security suite available on Google Cloud, enabling organizations to encrypt and decrypt data at the column level.

**Banking Encryption Software Market Report Highlights**

*   The software segment is expected to dominate the segment over the forecast period. This is due to its offered benefits such as security and privacy protection to the financial institutes
*   The cloud segment is anticipated to witness the fastest growth over the projection period. The growth of the segment can be attributed to the inexpensive deployment and customization options
*   The large enterprise segment dominated the market in 2021. Large organizations are adopting encryption solutions to meet the changing security needs owing to the rising incidences of cybercrimes
*   The cloud encryption segment is anticipated to witness the fastest growth because of its capability to facilitate a cost-effective and scalable encryption model
*   The Asia Pacific regional market is expected to witness the fastest growth over the projection period due to an increase in demand for encryption software among banks in developing countries in the Asia-Pacific, including China and India, to safeguard and ensure the privacy of data

**Key Topics Covered**

Chapter 1: Methodology and Scope  
Chapter 2: Executive Summary  
Chapter 3: Banking Encryption Software Industry Outlook  
Chapter 4: Investment Landscape Analysis  
Chapter 5: FinTech Industry Highlights  
Chapter 6: Banking Encryption Software Component Outlook  
Chapter 7: Banking Encryption Software Deployment Outlook  
Chapter 8: Banking Encryption Software Enterprise Size Outlook  
Chapter 9: Banking Encryption Software Function Outlook  
Chapter 10: Banking Encryption Software Regional Outlook  
Chapter 11: Competitive Analysis  
Chapter 12: Competitive Landscape

**Companies Mentioned**

*   Broadcom
*   ESET North America
*   IBM Corporation
*   Intel Corporation
*   McAfee, LLC
*   Microsoft
*   Sophos Ltd.
*   Thales Group
*   Trend Micro Incorporated
*   WinMagic

For more information about this report visit https://www.researchandmarkets.com/r/fp92vx.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

More Insights

Webinars

*   Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker
*   Building & Maintaining an Effective Incident Readiness and Response Plan

Reports

*   How Machine Learning, AI & Deep Learning Improve Cybersecurity
*   Breaches Prompt Changes to Enterprise IR Plans and Processes

Editors' Choice

Tara Seals, Managing Editor, News, Dark Reading

Jai Vijayan, Contributing Writer, Dark Reading

Shauli Rozen, CEO and Co-Founder, ARMO

Dark Reading Staff, Dark Reading

Webinars

*   Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker
*   Building & Maintaining an Effective Incident Readiness and Response Plan
*   State of Bot Attacks: What to Expect in 2023
*   Analyzing and Correlating Security Operations Data
*   Understanding Cyber Attackers & Their Methods

Reports

*   How Machine Learning, AI & Deep Learning Improve Cybersecurity
*   Breaches Prompt Changes to Enterprise IR Plans and Processes
*   Implementing Zero Trust In Your Enterprise: How to Get Started
*   6 Elements of a Solid IoT Security Strategy
*   Incorporating a Prevention Mindset into Threat Detection and Response

White Papers

*   Understanding the Zero Trust Approach
*   Top Cloud Threats to Cloud Computing: Pandemic Eleven
*   BotGuard for Applications Higher Education Case Study
*   Top Four Steps to Reduce Ransomware Risk
*   2022 Cyber Threat Landscape Report

Events

*   Understanding Cyber Attackers - A Dark Reading Nov 17 Event
*   Black Hat Europe - December 5-8 - Learn More
*   Black Hat Middle East & Africa - November 15-17 - Learn More

More Insights

Webinars

*   Penetration Testing, Red Teaming, and More: Improving Your Defenses By Thinking Like an Attacker
*   Building & Maintaining an Effective Incident Readiness and Response Plan

Reports

*   How Machine Learning, AI & Deep Learning Improve Cybersecurity
*   Breaches Prompt Changes to Enterprise IR Plans and Processes

Worldwide Banking Encryption Software Market to Reach $5.03 Billion by 2030 at a 13% CAGR

About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability. The vulnerability is from the January Microsoft Patch Tuesday. OLE (Object Linking and Embedding) is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this technology is embedding an Excel table in a Word document. What […]

**About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability.** The vulnerability is from the January Microsoft Patch Tuesday. OLE (Object Linking and Embedding) is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this technology is embedding an Excel table in a Word document.

What is this vulnerability about? The attacker’s code executes when a specially crafted RTF document is opened or when **a malicious email is opened or previewed in Microsoft Outlook**. In the second case, no action is required from the victim other than clicking on the message. 🤷‍♂️ Microsoft recommends viewing messages in Outlook only in plain text.

On January 20, an exploit PoC appeared on GitHub that demonstrates Memory Corruption when opening an RTF document. Now we are waiting for an RCE exploit for Outlook. 😉

There have been no reports of attacks yet.

Fix this vulnerability ASAP!

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability

Microsoft says hackers somehow stole a cryptographic key, perhaps from its own network, that let them forge user identities and slip past cloud defenses.

For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”

China has been relentlessly hacking Western networks for decades. But this latest attack uses a unique trick: Microsoft says hackers stole a cryptographic key that let them generate their own authentication “tokens”—strings of information meant to prove a user’s identity—giving them free rein across dozens of Microsoft customer accounts.

“We put trust in passports, and someone stole a passport-printing machine,” says Jake Williams, a former NSA hacker who now teaches at the Institute for Applied Network Security in Boston. “For a shop as large as Microsoft, with that many customers impacted—or who could have been impacted by this—it’s unprecedented.”

In web-based cloud systems, users’ browsers connect to a remote server and, when they enter credentials like a username and password, they’re given a bit of data, known as a token, from that server. The token serves as a kind of temporary identity card that lets users come and go as they please within a cloud environment while only occasionally reentering their credentials. To ensure that the token can’t be spoofed, it’s cryptographically signed with a unique string of data known as a certificate or key that the cloud service possesses, a kind of unforgeable stamp of authenticity.

Microsoft, in its blog post revealing the Chinese Outlook breaches, has described a kind of two-stage breakdown of that authentication system. First, hackers were somehow able to steal a key that Microsoft uses to sign tokens for consumer-grade users of its cloud services. Second, the hackers exploited a bug in Microsoft’s token validation system, which allowed them to sign consumer-grade tokens with the stolen key and then use them to instead access enterprise-grade systems. All of this occurred despite Microsoft’s attempt to check for signatures from different keys for those different grades of token.

Microsoft says it has now blocked all tokens that were signed with the stolen key and replaced the key with a new one, preventing the hackers from accessing victims’ systems. The company adds that it has also worked to improve the security of its “key management systems” since the theft occurred.

But exactly how such a sensitive key, allowing such broad access, could be stolen in the first place remains unknown. WIRED contacted Microsoft, but the company declined to comment further.

In the absence of more details from Microsoft, one theory of how the theft occurred is that the token-signing key wasn’t in fact stolen from Microsoft at all, according to Tal Skverer, who leads research at the security Astrix, which earlier this year uncovered a token security issue in Google’s cloud. In older setups of Outlook, the service is hosted and managed on a server owned by the customer rather than in Microsoft’s cloud. That might have allowed the hackers to steal the key from one of these “on-premises” setups on a customer’s network.

Then, Skverer suggests, hackers might have been able to exploit the bug that allowed the key to sign enterprise tokens to gain access to an Outlook cloud instance shared by all the 25 organizations hit by the attack. “My best guess is that they started from a single server that belonged to one of these organizations,” says Skverer, “and made the jump to the cloud by abusing this validation error, and then they got access to more organizations that are sharing the same cloud Outlook instance.”

But that theory doesn’t explain why an on-premises server for a Microsoft service inside an enterprise network would be using a key that Microsoft describes as intended for signing consumer account tokens. It also doesn’t explain why so many organizations, including US government agencies, would all be sharing one Outlook cloud instance.

Another theory, and a far more troubling one, is that the token-signing key used by the hackers was stolen from Microsoft’s own network, obtained by tricking the company into issuing a new key to the hackers, or even somehow reproduced by exploiting mistakes in the cryptographic process that created it. In combination with the token validation bug Microsoft describes, that may mean it could have been used to sign tokens for any Outlook cloud account, consumer or enterprise—a skeleton key for a large swath, or even all, of Microsoft’s cloud.

The well-known web security researcher Robert “RSnake” Hansen says he read the line in Microsoft’s post about improving the security of “key management systems” to suggest that Microsoft’s “certificate authority”—its own system for generating the keys for cryptographically signing tokens—was somehow hacked by the Chinese spies. “It’s very likely there was either a flaw in the infrastructure or configuration of Microsoft’s certificate authority that led an existing certificate to be compromised or a new certificate to be created,” Hansen says.

If the hackers did in fact steal a signing key that could be used to forge tokens broadly across consumer accounts—and, thanks to Microsoft’s token validation issue, on enterprise accounts, too—the number of victims could be far greater than 25 organizations Microsoft has publicly accounted for, warns Williams.

To identify enterprise victims, Microsoft could look for which of their tokens had been signed with a consumer-grade key. But that key could have been used to generate consumer-grade tokens, too, which might be far harder to spot given that the tokens might have been signed with the expected key. “On the consumer side, how would you know?” Williams asks. “Microsoft hasn’t discussed that, and I think there’s a lot more transparency that we should expect.”

Microsoft’s latest Chinese spying revelation isn’t the first time state-sponsored hackers have exploited tokens to breach targets or spread their access. The Russian hackers who carried out the notorious Solar Winds supply chain attack also stole Microsoft Outlook tokens from victims’ machines that could be used elsewhere on the network to maintain and expand their reach into sensitive systems.

For IT administrators, those incidents—and particularly this latest one—suggest some of the real-world trade-offs of migrating to the cloud. Microsoft, and most of the cybersecurity industry, has for years recommended the move to cloud-based systems to put security in the hands of tech giants rather than smaller companies. But centralized systems can have their own vulnerabilities—with potentially massive consequences.

“You’re handing over the keys to the kingdom to Microsoft,” says Williams. “If your organization is not comfortable with that now, you don’t have good options.”

Search

outlook iniciare sesión