Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Check Point Research: Microsoft the Most Phished Brand in Q2 2023

By Habiba Rashid The report highlights the fact that cybersecurity is essential for brand protection. This is a post from HackRead.com Read the original post: Check Point Research: Microsoft the Most Phished Brand in Q2 2023

HackRead
Open in Source
#vulnerability#web#windows#apple#google#microsoft#amazon#oracle
Memory corruption vulnerability in Microsoft Edge; MilesightVPN and router could be taken over

In all, Talos released 22 security advisories regarding Milesight products this month, nine of which have a CVSS score greater than 8, associated with 69 CVEs.

Microsoft Office 365 18.2305.1222.0 Remote Code Execution

Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.

Why are there so many malware-as-a-service offerings?

Ransomware-as-a-service is a relatively new version of these commodity groups, such as DarkSide, known for the cyber attack in 2021 that disrupted the Colonial oil pipeline and made gas more expensive for thousands of U.S. consumers.

Microsoft validation error allowed state actor to access user email of government agencies and others

Categories: News Tags: Microsoft. MSA Tags: OWA Tags: validation token Tags: signing key Tags: Storm-0556 Tags: GetAccessTokensForResource Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including government agencies. (Read more...) The post Microsoft validation error allowed state actor to access user email of government agencies and others appeared first on Malwarebytes Labs.

CVE-2023-3527: ASA-2023-087

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  

FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks

By Waqas According to Fortinet Labs, third parties have already purchased top-level domains (TLD) such as Joomla.zip and MSNBC.zip, which could potentially be a breach of the Anticybersquatting Consumer Protection Act (ACPA). This is a post from HackRead.com Read the original post: FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks

Pakistani Entities Targeted in Sophisticated Attack Deploying ShadowPad Malware

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and

Phishers Targeting Diplomats in Kyiv with Fake 2011 BMW Flyers

By Deeba Ahmed The fake flyer was emailed on 4 May 2023 to multiple diplomatic missions in Kyiv. This is a post from HackRead.com Read the original post: Phishers Targeting Diplomats in Kyiv with Fake 2011 BMW Flyers

Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground

Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT