386 matches found
Microsoft PowerPoint CVE-2018-8501 Security Bypass Vulnerability
Description Microsoft PowerPoint is prone to a security-bypass vulnerability. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary code in the context of the affected application; this may aid in launching further attacks. Technologies Affected Microso...
Potential Hurricane Florence Phishing Scams
NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in...
Internet Explorer Memory Corruption Vulnerability
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit...
OWA for hackers: ExchangeRelayX
ExchangeRelayX is a PoC tools to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...
Phishing Campaign Steals Money From Industrial Companies
Industrial production companies are the targets in a large-scale spear-phishing email campaign aimed at installing legitimate remote administration software on victims’ systems. Researchers with Kaspersky Lab said that emails purporting to be commercial offers were the conduit to enabling attacke...
Machine learning vs. social engineering
Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning h...
Easter Holiday Phishing Scams and Malware Campaigns
As the Easter holiday approaches, NCCIC/US-CERT reminds users to be aware of potential holiday scams and cyber campaigns, which may include emails and ecards from unknown senders that may contain malicious links, fake advertisements or shipping notifications with attachments infected with malware...
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability
Zimbra Collaboration Suite ZCS is an open source collaboration suite from the US company Zimbra, which includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in the 'ZmMailMsgView.getAttachmentLinkHtml' function in ZCS versions prior to 8.7 Patch 1 and 8.8....
Microsoft Outlook CVE-2018-0793 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...
Microsoft Outlook CVE-2018-0791 Remote Code Execution Vulnerability
Description Microsoft Outlook is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...
Security IQ: How to Survive the Holiday Phishing Season
Now that we’ve officially entered the holiday season it’s time to be especially mindful of the ways that an attacker may use this to their advantage. In fact, recent Carbon Black data noted a 20.5% uptick in attempted cyberattacks during the holiday season. “Good” Deals If you’re looking to find...
Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange DDE fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Microsoft...
The flaws exploit the bug using the kit Exploit Kit simple history introduction-vulnerability warning-the black bar safety net
Malicious Trojan virus software as well as the rest of the unpopular French there are many ways to get into your computer, but in snapped past few years, the most popular of the two wrist is an e-mail to seduce and application vulnerability flaws bug the application kit. Now, the scum mail of...
Microsoft Office Outlook CVE-2017-11774 Security Bypass Vulnerability
Description Microsoft Office Outlook is prone to a security-bypass vulnerability because it fails to properly handle input. An attacker can leverage this issue to bypass certain security restrictions and execute arbitrary commands in the context of the affected application; this may aid in...
FormBook—Cheap Password Stealing Malware Used In Targeted Attacks
It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsor...
Tragic-Event-Related Scams
In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from truste...
CVE-2014-8878
Removed by vendor...
Potential Hurricane Harvey Phishing Scams
US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a...
Neutralization reaction
Incident Response Guide PDF Despite there being no revolutionary changes to the cyberthreat landscape in the last few years, the growing informatization of business processes provides cybercriminals with numerous opportunities for attacks. They are focusing on targeted attacks and learning to use...
Warning: Two Dangerous Ransomware Are Back – Protect Your Computers
Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware attacks...