Threat actors come up with yet another way to steal your Microsoft credentials…

I have just written this article, showing that more than 24billion stolen credentials are available for sale on the dark web: Now here is a voice mail phishing attack that is designed to steal your Microsoft credentials – so they can join the other 24 billion on the Dark Web: …

More on Follina exploits including advice on how to protect your organisation – now executing in File Explorer preview pane… UPDATE 15 June 2022

Follina email phishing

This post was originally made on 9 June 2022 Update 15 June 2022 Microsoft has included updates in it’s Patch Tuesday bundle to address this issue: Microsoft Patch Tuesday – Follina zero-day fixed – Smart Thinking Solutions Get the updates done as soon as possible. Let’s hope this is really …

Active exploit for Follina – the still unpatched flaw in Microsoft Word

phishing email threat

Here is another excellent breakdown, with screen shots, of phishing emails exploiting the Microsoft Word/Follina/ms-msdt flaw. Being aware of the types of phishing emails the threat actors use is part of the defence in depth you need to have great cyber security. TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) …