Cybersecurity Starts in the Boardroom
This post was originally made on 9 June 2022 Update 15 June 2022 Microsoft has included updates in it’s Patch Tuesday bundle to address this issue: Microsoft Patch Tuesday – Follina zero-day fixed – Smart Thinking Solutions Get the updates done as soon as possible. Let’s hope this is really …
Here is another excellent breakdown, with screen shots, of phishing emails exploiting the Microsoft Word/Follina/ms-msdt flaw. Being aware of the types of phishing emails the threat actors use is part of the defence in depth you need to have great cyber security. TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt) …
Continue reading “Active exploit for Follina – the still unpatched flaw in Microsoft Word”
This post was first published on 4 June 2022 Following the CISA alert, about vulnerability and active exploits, Atlassian has released new versions of their collaboration software, Confluence Server and Confluence Data Center. Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134 | CISA Update 8 …
Awareness of the variations of phishing email attacks is a big step in defending against them – that I why I always try and post about any in depth analysis of phishing emails and their payloads that SANS Internet Storm Centre runs. HTML phishing attachments – now with anti-analysis features …
I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …
