Security News > 2023 > July > Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America.
Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
Malware delivery to Microsoft Teams users made easyA tool that automates the delivery of malware from external attackers to target employees' Microsoft Teams inbox has been released.
Law firms under cyberattackIn April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised.
Number of email-based phishing attacks surges 464%The evolving cyberattack landscape reveals the increasing utilization of generative artificial intelligence systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.
20% of malware attacks bypass antivirus protectionSecurity leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren't concerned at all, according to SpyCloud.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Trust Signing service abused to code-sign malware (source)
- Microsoft Trusted Signing service abused to code-sign malware (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-11 | CVE-2023-36884 | Race Condition vulnerability in Microsoft products Windows Search Remote Code Execution Vulnerability | 0.0 |