Pre-defined Signers

ys to exploit businesses’ trust in electronic signatures, like using fake DocuSign templates. At the same time, there are new security problems in popular software from Microsoft and Google. Additionally, Microsoft is making sure their top leaders are responsible for keeping the company safe from cyberattacks. In this advisory, we will talk about these issues and how you can implement measures to protect your organization.

Fake DocuSign Templates: A Growing Threat
Scammers are using fake DocuSign templates to trick businesses into giving away sensitive information or making payments. These fake templates look real and can cause significant financial and reputational damage. It’s important to be aware of these scams and take steps to protect your business.

Details:

• Scam Types: Scammers create fake DocuSign templates that look like real business documents. Common scams include urgent payment requests, fake legal documents, and threats of data breaches.
• Mitigation Steps: To protect against these scams, implement internal controls, conduct regular social engineering tests, educate employees through security awareness training, verify sender identities, and use DocuSign features like pre-defined signers and custom branding.

Microsoft and Google Zero-Day Vulnerabilities
Both Microsoft and Google have recently fixed zero-day vulnerabilities that were being exploited by attackers. These vulnerabilities allowed attackers to gain control over systems and steal data. It’s crucial to apply the latest security patches to protect your systems.

Details:

• Microsoft Zero-Day (CVE-2024-30051): This vulnerability in the Windows Desktop Window Manager was used to deliver QakBot malware. It allowed attackers to gain SYSTEM privileges on affected systems.
• Google Chrome Zero-Day (CVE-2024-4947): This type of confusion bug in the V8 JavaScript engine was actively exploited. It allowed attackers to execute arbitrary code and perform malicious activities.

Recommendations:

1. Update Software: Apply the latest security patches from Microsoft and Google immediately.
2. Monitor Systems: Keep an eye on system activity to detect any signs of exploitation. Using a SIEM to collect and correlate logs to detect and respond to active threats.
3. Vulnerability Scanning: Conduct regular vulnerability scans and all internal and external infrastructure in IT and OT environments.
4. Educate Users: Inform users about the importance of installing updates promptly and recognizing when software is out of date.

Microsoft to Hold Executives Accountable for Cybersecurity
Microsoft has announced a new initiative to hold its executives accountable for cybersecurity performance. This move ties executive pay to the company’s security metrics, ensuring top leadership prioritizes robust cybersecurity practices. The Secure Future Initiative (SFI), launched last November, has been expanded to affect executive compensation. Part of the compensation for Microsoft’s Senior Leadership Team will be based on meeting security goals and milestones. Microsoft has also made several changes, including appointing Deputy CISOs and improving security governance.

1. Reason for Change: This decision comes in response to increasing cyber threats and the growing importance of robust cybersecurity measures. Microsoft has been hit with a number of incidents recently which has not helped its reputation. By tying executive pay to security outcomes, Microsoft aims to ensure that its leadership prioritizes and actively manages cybersecurity risks.
2. Details of the Policy:
   • Performance Metrics: Specific cybersecurity metrics and goals will be set, and the achievement of these goals will directly impact executive bonuses and other forms of compensation.
   • Accountability: This policy aims to foster a culture of accountability at the highest levels of the company, ensuring that senior leaders are directly incentivized to prevent data breaches and other security incidents.
3. Industry Impact: Microsoft’s approach is likely to influence other companies to adopt similar policies, especially as regulatory pressures and cyber threats continue to escalate. This could set a new standard in the tech industry for how companies manage and prioritize cybersecurity.
4. Public Statements: Microsoft executives have expressed that this initiative underscores the company’s commitment to security and acknowledges the critical role that leadership plays in safeguarding customer data and company assets.

The recent cybersecurity news highlights the variety and seriousness of threats that companies face today. The increase in fake DocuSign templates shows the need for better user education and strong internal controls. Microsoft and Google’s quick response to serious security flaws shows how important it is to update software on time and monitor systems regularly. Microsoft’s new plan to link executive pay to cybersecurity performance sets a new standard for making leaders responsible for protecting company data. Ultimately, a proactive and informed approach to cybersecurity is essential in managing the challenges of today’s interconnected world.