Security News

Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and Outlook," researchers from Check Point research said in a report published today.

Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine. According to the researchers, the issue is in a MSGraph file parsing function, which "Is commonly used across multiple different Microsoft Office products, such as Excel, Office Online Server and Excel for OSX.".

Synopsys Cybersecurity Research Centre has warned of easily triggered denial-of-service vulnerabilities in three popular open-source Internet of Things message brokers: RabbitMQ, EMQ X, and VerneMQ. The message brokers, responsible for handling data sent to or from IoT devices like smart home hubs and door locks, all share a common protocol: Message Queuing Telemetry Transport, first released in 1999 for monitoring oil pipelines and since repurposed for a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

Cisco and AT&T are making it easier for businesses to adapt to the future of work, whatever it may be. "Our Webex solutions transformed the cloud calling experience and combine enterprise-calling features with market-leading virtual meetings and collaboration technology - all within the Webex App. And we're proud to work with AT&T to provide its customers and employees with the tools and technologies they require to thrive in the new hybrid workplace."

Exploits for vulnerabilities in Microsoft's Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report. Microsoft Office exploits accounted for more than half of the observed exploits, with CVE-2017-11882 remaining the most commonly targeted vulnerability.

The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices. The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations.

Microsoft is investigating an Office 365 issue causing Outlook and Exchange Online emails to skip recipients' inboxes and being sent their junk folders instead. "We're investigating an issue in which email is being sent to the junk folder," Microsoft shared on the company's Microsoft 365 Status Twitter account. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this ongoing incident.

Businesses operating in the word of infosec have been urged to write to the Home Office and support a public interest defence being added to the Computer Misuse Act. On a TechUK-organised call to discuss industry's response to the review of the act, British and overseas companies operating in the UK were urged by both the industry body and the Cyberup campaign to tell UK.gov what they think the law ought to say.

Organizations need to revisit their privileged access permissions and double down on their security strategy to protect their data and people from being exposed in the next big data breach. As companies move to a hybrid model, it's important to look closely at which employees may have been granted additional access during the shift to working remotely and reassess who has privileged access now to minimize this threat.

The Orbi Pro WiFi 6 Mini Dual-band Mesh System with its attractive price point is designed for small businesses and home-based offices. With an WiFi 6 multi-node mesh system, the base configuration of an Orbi Pro WiFi 6 Mini system comprises a router and a satellite.