Security News > 2023 > July > Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out

Week in review: Malware delivery via Microsoft Teams, law firms under cyberattack, CVSS 4.0 is out
2023-07-16 08:30

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America.

Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.

Malware delivery to Microsoft Teams users made easyA tool that automates the delivery of malware from external attackers to target employees' Microsoft Teams inbox has been released.

Law firms under cyberattackIn April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised.

Number of email-based phishing attacks surges 464%The evolving cyberattack landscape reveals the increasing utilization of generative artificial intelligence systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.

20% of malware attacks bypass antivirus protectionSecurity leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren't concerned at all, according to SpyCloud.


News URL

https://www.helpnetsecurity.com/2023/07/16/week-in-review-malware-delivery-via-microsoft-teams-law-firms-under-cyberattack-cvss-4-0-is-out/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-36884 Race Condition vulnerability in Microsoft products
Windows Search Remote Code Execution Vulnerability
network
high complexity
microsoft CWE-362
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774