Security News

Unpatched MS Office flaw may leak NTLM hashes to attackersA new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Key metrics for monitoring and improving ZTNA implementationsIn this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access implementation, focusing on balancing security with operational efficiency.

A new MS Office zero-day vulnerability can be exploited by attackers to grab users' NTLM hashes, Microsoft has shared late last week. Once attackers get a victim's NTLM hash, they can relay it another service and authenticate as the victim.

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200, has been described as a spoofing flaw that affects the following versions of Office -.

​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

Over the last month, Microsoft 365 and Microsoft Office users have been experiencing "30088-27" errors when attempting to update the application. Based on widespread user reports, the update problems plague Microsoft 365 users and those who use Click-To-Run versions of Office 2016, 2019, and 2021.

Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. The malware delivered to users includes remote access trojans, cryptocurrency miners, malware downloaders, proxy tools, and anti-AV programs.

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary...

Security researchers analyzing phishing campaigns that target United States Postal Service saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. "The amount of traffic to the illegitimate domains was almost equal to the amount of traffic to legitimate domains on a normal day - and greatly exceeded legitimate traffic during the holidays." - Akamai.

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on...