I have written before about the security limitations of “Internet of Things” (IoT) devices. Many of them are simple devices, possibly based on older tech, they tend to lack the hardware to allow for regular security updates, etc, etc etc. At least the UK Government is enacting laws to make …
Microsoft guidance for Office zero-day vulnerability – Follina
I have written about this Microsoft Word vulnerability earlier this week: New attack using Microsoft Office documents – could you or your team recognise it? – Smart Thinking Solutions There is still not patch – but Microsoft has issued some mitigation guidance: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability …
Continue reading “Microsoft guidance for Office zero-day vulnerability – Follina”
Zero-day threat using Microsoft Office documents – even if macros are disabled – it’s called Follina
I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …
More vulnerabilities to be aware of… Including Microsoft, Adobe, Linux and Google Chrome
The US Cybersecurity and Infrastructure Security Agency is having a busy week of updating it’s Known Exploited Vulnerabilities Catalog: CISA Adds 34 Known Exploited Vulnerabilities to Catalog | CISA Microsoft and Adobe figure strongly on the list today but there are other products there – go and check. There is …
Twenty more known vulnerabilities added to the CISA database
Following yesterday’s post, more vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities Catalog. Yesterday: Twenty-one additions to the known exploited database! – Smart Thinking Solutions Today: CISA Adds 20 Known Exploited Vulnerabilities to Catalog | CISA Microsoft, Apple and Cisco figure highly among …
Continue reading “Twenty more known vulnerabilities added to the CISA database”
