Security News

South Korean hackers exploited WPS Office zero-day to deploy malware
2024-08-28 22:50

The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East...

APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor
2024-08-28 13:48

A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed...

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
2024-08-28 09:00

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East...

Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide
2024-08-22 16:46

Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms...

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
2024-08-18 08:00

Unpatched MS Office flaw may leak NTLM hashes to attackersA new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Key metrics for monitoring and improving ZTNA implementationsIn this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access implementation, focusing on balancing security with operational efficiency.

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
2024-08-12 10:23

A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure
2024-08-10 05:35

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.

Microsoft discloses unpatched Office flaw that exposes NTLM hashes
2024-08-09 16:14

​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]

Microsoft discloses Office zero-day, still working on a patch
2024-08-09 16:14

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

Microsoft 365, Office users hit by wave of ‘30088-27’ update errors
2024-07-10 23:13

Over the last month, Microsoft 365 and Microsoft Office users have been experiencing "30088-27" errors when attempting to update the application. Based on widespread user reports, the update problems plague Microsoft 365 users and those who use Click-To-Run versions of Office 2016, 2019, and 2021.