Phishers send corrupted documents to bypass email security

Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits an… Continue reading Phishers send corrupted documents to bypass email security

Microsoft fixes 6 zero-days under active attack

August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory … Continue reading Microsoft fixes 6 zero-days under active attack

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interactio… Continue reading Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Point… Continue reading Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2… Continue reading Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have been… Continue reading Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

Get Seven Iconic MS Office Programs For Just $25

This bundle gives you lifetime access to 2019 versions of Excel, Word, Outlook, PowerPoint, Access, Publisher and One Note with no subscription or license fees. Continue reading Get Seven Iconic MS Office Programs For Just $25

August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ

August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for which proof-of-exploit code exists. Other than the fact that a patch is availa… Continue reading August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ

Just $80 for MS Office, Windows 11 Pro, and 1TB Cloud Backup Plan

Upgrade your work-from-home suite with Microsoft products and more at Prime Day-like price through July 14. Continue reading Just $80 for MS Office, Windows 11 Pro, and 1TB Cloud Backup Plan

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed … Continue reading Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)