Security News > 2023 > July > Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America.
Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
Malware delivery to Microsoft Teams users made easyA tool that automates the delivery of malware from external attackers to target employees' Microsoft Teams inbox has been released.
Law firms under cyberattackIn April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised.
Number of email-based phishing attacks surges 464%The evolving cyberattack landscape reveals the increasing utilization of generative artificial intelligence systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.
20% of malware attacks bypass antivirus protectionSecurity leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren't concerned at all, according to SpyCloud.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-11 | CVE-2023-36884 | Race Condition vulnerability in Microsoft products Windows Search Remote Code Execution Vulnerability | 0.0 |