The US Government, Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft Windows and RAR (zip software), vulnerabilities to it’s database. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
Yesterday was Patch Tuesday – Exchange server gets a special mention
Microsoft has issued it’s monthly round of patches and updates, SANS Internet Storm Centre has a round-up here: Microsoft August 2022 Patch Tuesday – SANS Internet Storm Center This update addresses the DogWalk zero-day vulnerability. Here are the Microsoft release notes: August 2022 Security Updates – Release Notes – Security …
Continue reading “Yesterday was Patch Tuesday – Exchange server gets a special mention”
Security patch round-up
Wired UK has an excellent article rounding-up the security updates across a range of products – our support team found it really useful – you might too. Apple Just Patched 39 iPhone Security Bugs—Update iOS ASAP | WIRED UK
Commercialised cyberweapons
For when you have time, here are two articles from Microsoft looking at cyberweapons: Continuing the fight against private sector cyberweapons – Microsoft On the Issues Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog The view from the US Government Pegasus spyware: Just ‘tip of …
And we thought blocking Microsoft Office macros was a good idea – but close one door to the threat actors and of course they find another way to get to you…
Research is showing that with Microsoft now blocking Office VBA macros from the internet, threat actors are moving to other attachments that can execute malicious instructions, such as Windows Shortcut .lnk, .iso and .rar. As Microsoft blocks Office macros, hackers find new attack vectors (bleepingcomputer.com) My advice: Make sure your …
