MS Office
Escanor malware delivered in weaponized Microsoft Office documents
Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram …
87% of the ransomware found on the dark web has been delivered via malicious macros
Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. Conducted in partnership with criminal intelligence provider Forensic …
Microsoft adds default protection against RDP brute-force attacks
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at …
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
Microsoft Office apps are vulnerable to IDN homograph attacks
Microsoft Office apps – including Outlook – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users …
Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)
A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers …
Windows Autopatch: Managed enterprise patching for Windows and Office
While IT administrators are mentally preparing themselves for yet another Patch Tuesday, Microsoft has announced Windows Autopatch: a new service that aims make the second …
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …
Attackers bypass Microsoft patch to deliver Formbook malware
Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file …
Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to …
Microsoft announces passwordless authentication option for consumers
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The …
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments