Security News

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said.

Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. Microsoft is aware of targeted attacks that try to exploit the vulnerability by sending specially-crafted Microsoft Office documents to potential victims, the company says in an advisory today.

Microsoft plans to allow Office 365 admins ensure that end-users can't ignore organization-wide policies set up to block active content on Trusted Documents. Redmond says trusted docs are files with active content functions that don't require user interaction) that open without warnings after the content has been enabled.

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails. Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with protection from multiple threats, including business email compromise and credential phishing, as well as automated attack remediation.

While many U.S. professionals are embracing hybrid work arrangements, a research from Robert Half shows a majority of companies anticipate a full return to the office once the pandemic ends. According to a survey of more than 2,800 senior managers in the U.S., 71% of respondents said they will require their teams to be on-site full time once COVID-19-related restrictions completely lift.

Local reports suggest Microsoft Hyper-V crack was the cause, as rumours swirl of data leak Pakistan's Federal Board of Revenue – the nation's tax office – has experienced a lengthy outage after a...

Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.

Patch bypass flaw in Pulse Secure VPNs can lead to total compromiseThe patch for a vulnerability in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich Warren has found. Vulnerable TCP/IP stack is used by almost 200 device vendorsResearchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. A look at the 2021 CWE Top 25 most dangerous software weaknessesThe 2021 Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses is a demonstrative list of the most common issues experienced over the previous two calendar years.

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers - including a 9.8-rated nasty. The two vulnerabilities affect the RV340, RV345, RV340W, and RV345P products, which are aimed at SMEs and home office setups.

Microsoft is warning about an ongoing, "Sneakier than usual" phishing campaign aimed at Office 365 users. An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.