Cybersecurity Starts in the Boardroom
The National Cyber Security Centre are back with their weekly threat report – having had a week off for the Queen’s Platinum Jubilee. Threat Report 10 June 2022 – NCSC.GOV.UK However it does not mention the latest information on the Microsoft Word / msdt.exe / Follina zero-day cyber security risk:
CISA Adds Three Known Exploited Vulnerabilities to Catalog   | CISA These alerts are for SAP NetWeaver.
The discovery of Linux backdoor malware is unusual as it uses stealth techniques that have not been seen before. This malware is extremely hard to detect as it does a very efficient job of cleaning the infected systems of any traces of it’s operations. Once infected the malware gives high …
Continue reading “Stealth Linux malware – using new methods of evasion”
CISA Adds 36 Known Exploited Vulnerabilities to Catalog  | CISA Updates to the Known Exploited Vulnerabilities Catalog include: Owl Labs QNAP Google Cisco Adobe Netgear Microsoft
Here is another excellent breakdown, with screen shots, of phishing emails exploiting the Microsoft Word/Follina/ms-msdt flaw. Being aware of the types of phishing emails the threat actors use is part of the defence in depth you need to have great cyber security. TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) …
Continue reading “Active exploit for Follina – the still unpatched flaw in Microsoft Word”
