Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability

An advanced persistent threat (APT) actor aligned with Chinese state interests has been observed weaponizing the new zero-day flaw in Microsoft Office to achieve code execution on affected systems. "TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using URLs to deliver ZIP archives which contain Word Documents that use the technique," enterprise security firm Proofpoint said in

The Hacker News
Open in Source
#vulnerability#web#mac#windows#microsoft#rce#zero_day#firefox#The Hacker News
New Microsoft Zero-Day Attack Underway

"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.

MyBB Admin Control Remote Code Execution

This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).

Microsoft Office MSDT Follina Proof Of Concept

Proof of concept for the remote code execution vulnerability in MSDT known as Follina.

Microsoft Follina Proof Of Concept

Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.

Fast Food Ordering System 1.0 Cross Site Scripting

Fast Food Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability.

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

You Need to Update iOS, Chrome, Windows, and Zoom ASAP

Plus: Google patches 36 Android vulnerabilities, Cisco fixes three high-severity issues, and VMWare closes two “serious” flaws.

You Need to Update iOS, Chrome, Windows, and Zoom ASAP

Plus: Google patches 36 Android vulnerabilities, Cisco fixes three high-severity issues, and VMWare closes two “serious” flaws.

Microsoft Releases Workarounds for Office Vulnerability Under Active Exploitation

Microsoft on Monday published guidance for a newly discovered zero-day security flaw in its Office productivity suite that could be exploited to achieve code execution on affected systems. The weakness, now assigned the identifier CVE-2022-30190, is rated 7.8 out of 10 for severity on the CVSS vulnerability scoring system. Microsoft Office versions Office 2013, Office 2016, Office 2019, and