Collaborate Disseminate
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-2… Continue reading Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
Microsoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file type. “Users will receive a notification when … Continue reading Microsoft to boost protection against malicious OneNote documents
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of MS O… Continue reading PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet b… Continue reading Office exploits continue to spread more than any other category of malware
Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of… Continue reading Escanor malware delivered in weaponized Microsoft Office documents
Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. Conducted in partnership with criminal intelligence provider Forensic Pathways between November 2021 and March 2022, the research analyzed 35 million… Continue reading 87% of the ransomware found on the dark web has been delivered via malicious macros
By Deeba Ahmed
Research reveals that around 80% of all malware attacks used MS Office flaws. Atlas VPN has shared its…
This is a post from HackRead.com Read the original post: Microsoft Office Most Exploited Software in Malware Attacks – Re… Continue reading Microsoft Office Most Exploited Software in Malware Attacks – Report
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at Microsoft, announced, just as the company confirmed that it will resume the rollo… Continue reading Microsoft adds default protection against RDP brute-force attacks
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns. A complex vulnerability Microsoft has described CVE-2022-301… Continue reading Attackers are leveraging Follina. What can you do?
Microsoft Office apps – including Outlook and Teams – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users hovering above a link in a phishing email, a Word or Excel document… Continue reading Microsoft Office apps are vulnerable to IDN homograph attacks