Security News > 2023 > July > Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out
Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America.
Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
Malware delivery to Microsoft Teams users made easyA tool that automates the delivery of malware from external attackers to target employees' Microsoft Teams inbox has been released.
Law firms under cyberattackIn April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised.
Number of email-based phishing attacks surges 464%The evolving cyberattack landscape reveals the increasing utilization of generative artificial intelligence systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.
20% of malware attacks bypass antivirus protectionSecurity leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren't concerned at all, according to SpyCloud.
News URL
Related news
- Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (source)
- EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization? (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-11 | CVE-2023-36884 | Race Condition vulnerability in Microsoft products Windows Search Remote Code Execution Vulnerability | 7.5 |