Mar 09 2023 03:52 AM
Hi Folks,
Any comments or recommendations regarding the increase of attacks via onenote files as noted in the below articles? I'm seeing a increased number of recommendations for blocking .one and .onepkg mail attachments. One issue is onepkg files currently cannot be added to the malware filter.
Microsoft OneNote Abuse for Malware Delivery Surges - SecurityWeek
Detecting OneNote Abuse | WithSecure™ Labs
B
Joshua
Mar 12 2023 09:36 AM
@Joshua Bines Recommendation from bleeping computer article
How to prevent Microsoft OneNote files from infecting Windows with malware (bleepingcomputer.com)
Mar 13 2023 02:23 AM - edited Mar 13 2023 07:51 AM
SolutionThanks, yes I've read that one but I wonder if this is really needed if you have edr in block mode for example. I was hoping for a response from MS regarding this uptick in onenote malware and how these attacks can be mitigated by defender.
Here is my compiled list:
Another helpful url... https://www.rapid7.com/blog/post/2023/01/31/rapid7-observes-use-of-microsoft-onenote-to-spread-redli...
Mar 13 2023 02:23 AM - edited Mar 13 2023 07:51 AM
SolutionThanks, yes I've read that one but I wonder if this is really needed if you have edr in block mode for example. I was hoping for a response from MS regarding this uptick in onenote malware and how these attacks can be mitigated by defender.
Here is my compiled list:
Another helpful url... https://www.rapid7.com/blog/post/2023/01/31/rapid7-observes-use-of-microsoft-onenote-to-spread-redli...