Following the recent increase in cyber attacks using Microsoft OneNote .one attachments as the carrier, OneNote is to get some enhanced security updates from Microsoft. Although it looks like we will have to wait for this extra protection from high risk phishing attacks until the end of April 2023.
Microsoft OneNote to get enhanced security after recent malware abuse (bleepingcomputer.com)
So until then have a look at this:
I have added two new sections to my social engineering, phishing and cyber security awareness courses, one to include this OneNote issue and the other to address extortion ransomware. The live courses already include the new material, the CyberAwake recorded modules are due to be produced early next month – although for anyone who has already signed up for CyberAwake I am running a half hour online Teams meeting for them to cover the extra material.
Sadly, you just need one user to accidentally allow a malicious file to run for an entire corporate network to be compromised in a full blown ransomware attack.
Lawrence Abrams, Bleeping Computer
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
OneNote stories on Smart Thinking Solutions