Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#rce#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2023-36883: Microsoft Edge for iOS Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36887: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker must send the user a malicious file and convince them to open it.

CVE-2023-36883: Microsoft Edge for iOS Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2023-36888: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of availability (A:L)? What does that mean for this vulnerability?** The performance can be interrupted and/or reduced, but the attacker cannot fully deny service.

U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack

An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation

Zero-day deploys remote code execution vulnerability via Word documents

Categories: Business Tags: microsoft Tags: zero-day Tags: exploit Tags: CVE-2023-36884 Tags: storm-0978 Tags: email Tags: phish Tags: phishing Tags: Ukraine We take a look at reports of an exploit being deployed via booby trapped Word documents. (Read more...) The post Zero-day deploys remote code execution vulnerability via Word documents appeared first on Malwarebytes Labs.

How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom

Microsoft says hackers somehow stole a cryptographic key, perhaps from its own network, that let them forge user identities and slip past cloud defenses.

New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs

By Waqas LokiBot, a notorious Trojan active since 2015, specializes in stealing sensitive information from Windows machines, posing a significant threat to user data. This is a post from HackRead.com Read the original post: New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs

Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft

By Waqas Microsoft has exposed and halted an intrusion campaign by a China-based threat actor, Storm-0558. This is a post from HackRead.com Read the original post: Chinese Group Storm-0558 Hacked European Govt Emails, Microsoft