China’s Tonto Team increases espionage activities against Russia

According to analyses of several cybersecurity firms and CERT Computer Emergency Response Team Ukraine CERT-UA, the state-sponsored threat actor group Tonto Team, which has been linked to China-backed cyber operations, is ramping up its spying campaign against Russian government agencies. The...

The vulnerability of the Microsoft Office software relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Office suite is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted malicious email message containing an RTF format file...

Exploit for CVE-2022-30190

...

Microsoft Office Word MSDTJS

This module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code. Module Options msf use exploit/windows/fileformat/wordmsdtjsrce msf exploitwordmsdtjsrce show...

CVE-2022-30190

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs,...

Exploit for CVE-2022-30190

Follina Proof of Concept CVE-2022-30190 Quick and easy "pro...

Exploit for CVE-2022-30190

POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina...

Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)

Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool MSDT in Windows vulnerability. The mitigation offered by Microsoft consists of an alternative method to...

Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild

Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as naosec uncovered a Word document...

br.com.caelum.vraptor:vraptor-environment (=1.0.1), br.com.caelum.vraptor:vraptor-freemarker (>=1.0.1 <=1.1.0) +411 more potentially affected by CVE-2010-1622 via org.springframework:spring (>=2.5.1 <=2.5.6.SEC03)

org.springframework:spring MAVEN version =2.5.1, =1.0.1, =1.0.1, =3.1.1, =1.1, =1.1, =1.2, =1.2.1 and more Source cves: CVE-2010-1622 Source advisory: OSV:GHSA-VPR3-F594-MG5G...

MSHTML Flaw Exploited to Attack Russian Dissidents

A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. Researchers from MalwareBytes identified a campaign last we...

New spear phishing campaign targets Russian dissidents

This blog post was authored by Hossein Jazi. -- Updated to clarify the two different campaigns Cobalt Strike and Rat Several threat actors have taken advantage of the war in Ukraine to launch a number of cyber attacks. The Malwarebytes Threat Intelligence team is actively monitoring these threats...

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word allows attackers to execute remote code or cause a denial-of-service DoS via crafted RTF data...

Microsoft Office Stack-based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution...

OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Patchwork APT caught in its own web

Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS Ragnatela Remote...

USN-5202-1: OpenJDK vulnerabilities

Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information rudimentary por...

USN-5202-1 openjdk-8, openjdk-lts vulnerabilities

Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information rudimentary por...

OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Hackers Increasingly Using RTF Template Injection Technique in Phishing Attacks

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF aka Rich Text Format template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique...