CISA Adds 36 Known Exploited Vulnerabilities to Catalog | CISA Updates to the Known Exploited Vulnerabilities Catalog include: Owl Labs QNAP Google Cisco Adobe Netgear Microsoft
Apple and FIDO
Apple will be releasing iOS 16 to the public this autumn, however the developer release was made at Apple’s World Wide Developers Conference 2022. Also announced were an array of forthcoming Apple hardware and software about to be released – what interests me here is that Apple, true to it’s …
Microsoft seizes threat actor domains
The Microsoft Digital Crimes Unit has gone to court to seize 41 domains alleged to have been used by an Iranian cybercrime group called Bohrium. The Bohrium group ran a targeted email spear-phishing operation against organizations in the US, Middle East, and India. As part of the operation they would pose …
Ransomware via IoT
I have written before about the security limitations of “Internet of Things” (IoT) devices. Many of them are simple devices, possibly based on older tech, they tend to lack the hardware to allow for regular security updates, etc, etc etc. At least the UK Government is enacting laws to make …
Microsoft guidance for Office zero-day vulnerability – Follina
I have written about this Microsoft Word vulnerability earlier this week: New attack using Microsoft Office documents – could you or your team recognise it? – Smart Thinking Solutions There is still not patch – but Microsoft has issued some mitigation guidance: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability …
Continue reading “Microsoft guidance for Office zero-day vulnerability – Follina”
Zero-day threat using Microsoft Office documents – even if macros are disabled – it’s called Follina
I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …
More vulnerabilities to be aware of… Including Microsoft, Adobe, Linux and Google Chrome
The US Cybersecurity and Infrastructure Security Agency is having a busy week of updating it’s Known Exploited Vulnerabilities Catalog: CISA Adds 34 Known Exploited Vulnerabilities to Catalog | CISA Microsoft and Adobe figure strongly on the list today but there are other products there – go and check. There is …