Threat Report 27th January 2023 – NCSC.GOV.UK
CISA adds a software development tool vulnerability to the Known Exploited Vulnerabilities Catalog and security advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for Telerik, a software development tool, to it’s Known Exploited Vulnerabilities Catalog: CISA Has Added One Known Exploited Vulnerability to Catalog | CISA This week CISA also released a security advisory for a range of Apple products, …
Do you know what an Excel XLL file is? The hackers do.
An Excel XLL file is a an add-in file that allows third parties to add extra functionality to Microsoft Excel – pretty useful. But of course the threat actors have extended that third party functionality to include malware. Now, just like with macros, Microsoft is blocking XLL files, originating from …
Continue reading “Do you know what an Excel XLL file is? The hackers do.”
Close one door and another opens
I had an article published yesterday discussing the risks still posed by the Microsoft Office macro, even though Microsoft has tightened the security when using them: Microsoft Office Macros Are Still an Issue – CyberAwake But the threat actors do not stop there. Closing the macro attack vector sent the …
Security advisory for Drupal – do you know if this applies to you?
Is your website produced using Drupal? Or WordPress? Do you know? Do you discuss this and the security of your website with your web developers? Drupal is a similar product to WordPress and is used to create website, so any security update to a product that sits there on the …
Continue reading “Security advisory for Drupal – do you know if this applies to you?”