Active exploit for Follina – the still unpatched flaw in Microsoft Word

phishing email threat

Here is another excellent breakdown, with screen shots, of phishing emails exploiting the Microsoft Word/Follina/ms-msdt flaw. Being aware of the types of phishing emails the threat actors use is part of the defence in depth you need to have great cyber security. TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) …

Confluence Server and Confluence Data Center – actively being attacked – there’s a patch UPDATE 8 June 2022

software patches are essential cybersecurity

This post was first published on 4 June 2022 Following the CISA alert, about vulnerability and active exploits, Atlassian has released new versions of their collaboration software, Confluence Server and Confluence Data Center. Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134 | CISA Update 8 …

Zero-day threat using Microsoft Office documents – even if macros are disabled – it’s called Follina

Office macros slide

I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …

New attack using Microsoft Office documents – could you or your team recognise it?

We all send and receive Microsoft Office documents, day in and day out, using email. It is how businesses and organisations work in a Microsoft Business World – even if you have a Mac or an iPad. So any attack vector that combine a Microsoft Word document with email is …