Lucene search
K

59 matches found

SUSE CVE
SUSE CVE
added 2024/06/04 12:55 p.m.1 views

SUSE CVE-2021-40444

unknown...

7.8CVSS8.5AI score0.96843EPSS
Exploits38References2
The Hacker News
The Hacker News
added 2023/07/17 9:4 a.m.332 views

Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher...

9.3CVSS7.4AI score0.99374EPSS
Exploits90
The Hacker News
The Hacker News
added 2022/09/28 10:9 a.m.292 views

Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves...

8.8CVSS2.1AI score0.96843EPSS
Exploits38
Trellix
Trellix
added 2022/06/20 12:0 a.m.68 views

Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite

Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite By Ben Marandel, Arnab Roy · June 20, 2022 Cyber Espionage campaigns by nature are targeted attacks that can go undetected for prolonged periods of time. Cyber Espionage campaigns often involve adversaries...

0.96843EPSS
Exploits38
GithubExploit
GithubExploit
added 2022/06/01 11:27 p.m.39 views

Exploit for CVE-2022-30190

MS-MSDT Follina CVE-2022-30190 PoC Malicious docx generator t...

9.3CVSS8.2AI score0.99374EPSS
Exploits90
ThreatPost
ThreatPost
added 2022/03/30 1:13 p.m.116 views

MSHTML Flaw Exploited to Attack Russian Dissidents

A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. Researchers from MalwareBytes identified a campaign last we...

8.8CVSS8AI score0.96843EPSS
Exploits38References9
Malwarebytes
Malwarebytes
added 2022/03/29 6:2 p.m.937 views

New spear phishing campaign targets Russian dissidents

This blog post was authored by Hossein Jazi. -- Updated to clarify the two different campaigns Cobalt Strike and Rat Several threat actors have taken advantage of the war in Ukraine to launch a number of cyber attacks. The Malwarebytes Threat Intelligence team is actively monitoring these threats...

9.3CVSS7.7AI score0.99933EPSS
Exploits67
hivepro
hivepro
added 2022/03/23 4:17 a.m.114 views

Weekly Threat Digest: 14 – 20 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 567 22 5 36 15 60 The third week of March 2022 witnessed the discovery of 567 vulnerabilities out of which 22 gain...

10CVSS0.3AI score0.99999EPSS
Exploits96
hivepro
hivepro
added 2022/03/21 5:34 a.m.201 views

New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML CVE-2021-40444, which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it...

6.8CVSS0.5AI score0.96843EPSS
Exploits38
Malwarebytes
Malwarebytes
added 2022/03/18 10:58 p.m.269 views

Meet Exotic Lily, access broker for ransomware and other malware peddlers

The Google Threat Analysis Group TAG has shared their observations about a group of cybercriminals called Exotic Lily. This group has specialized itself as an initial access broker, which means they find a vulnerability in an organizations defenses, exploit that vulnerability, and sell the access...

6.8CVSS8.1AI score0.96843EPSS
Exploits38
The Hacker News
The Hacker News
added 2022/03/18 7:31 a.m.120 views

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

Google's Threat Analysis Group TAG took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a...

8.8CVSS1.1AI score0.96843EPSS
Exploits38
The Hacker News
The Hacker News
added 2022/01/25 2:4 p.m.95 views

Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets

Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a...

8.8CVSS0.2AI score0.96843EPSS
Exploits38
GithubExploit
GithubExploit
added 2021/12/28 6:33 a.m.910 views

Exploit for Path Traversal in Microsoft

Fully Weaponized CVE-2021-40444 Malicious docx generator to e...

8.8CVSS7.9AI score0.96843EPSS
Exploits38
The Hacker News
The Hacker News
added 2021/12/22 7:45 a.m.406 views

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation ...

8.8CVSS8.3AI score0.96843EPSS
Exploits38
GithubExploit
GithubExploit
added 2021/12/19 8:16 a.m.485 views

Exploit for Path Traversal in Microsoft

Microsoft-Office-Word-MSHTML-Remote-Code-Exe...

8.8CVSS7.7AI score0.96843EPSS
Exploits38
Rapid7 Blog
Rapid7 Blog
added 2021/12/10 9:36 p.m.212 views

Metasploit Wrap-Up

Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...

6.8CVSS7.4AI score0.96843EPSS
Exploits38
0day.today
0day.today
added 2021/12/09 12:0 a.m.362 views

Microsoft Office Word MSHTML Remote Code Execution Exploit

This Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead to code execution. This vulnerability exists because an attacker can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering...

8.8CVSS7.5AI score0.96843EPSS
Exploits38
Packet Storm
Packet Storm
added 2021/12/09 12:0 a.m.602 views

Microsoft Office Word MSHTML Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office Word Malicious MSHTML RCE', 'Description' = %q This module creates a malicious docx file that when opened in Word on a vulnerabl...

8.8CVSS0.96843EPSS
Exploits38
The Hacker News
The Hacker News
added 2021/11/25 11:33 a.m.181 views

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines. "The...

8.8CVSS7AI score0.96843EPSS
Exploits38
GithubExploit
GithubExploit
added 2021/11/25 5:13 a.m.195 views

Exploit for Path Traversal in Microsoft

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...

8.8CVSS7.7AI score0.96843EPSS
Exploits38
Rows per page
Query Builder