Security News
Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. The Word file that weaponizes CVE-2021-40444 contains an external GoFile link embedded within an XML file that leads to the download of an HTML file, which exploits Follina to download a next-stage payload, an injector module written in Visual Basic that decrypts and launches LokiBot.
Microsoft offers different Word document security solutions. Microsoft Word offers several ways to secure a document so that other people can't view or edit it.
The US International Trade Administration has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won't answer questions about it, according to US Senator Ron Wyden. Wyden, in a letter to US Commerce Secretary Gina Raimondo, has demanded answers about the surveillance and policing tech that ITA - a US government agency - pushes to other countries.
Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.
A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend. Tweet-sized PoC. Security researcher Joshua Drake last year discovered the vulnerability in Microsoft Office's "Wwlib.dll" and sent Microsoft a technical advisory containing proof-of-concept code showing the issue is exploitable.
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available.Patches for the flaw - which affects a wide variety of MS Office and SharePoint versions, Microsoft 365 Apps for Enterprise and other products - have been released by Microsoft last month.
A vulnerability in network technology widely used in space and aircraft could, if successfully exploited, have disastrous effects on those critical systems, according to academics. In a study published today, boffins at the University of Michigan in the US, with some help from NASA, detailed the flaw and a technique to exploit it, which they dubbed PCspooF. Exploiting PCspooF can cause critical systems on a network to malfunction by disrupting their timing.
Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country. Gamaredon is a group of Russian hackers believed to be part of the 18th Center of Information Security of the FSB, Russia's Federal Security Service.
A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments. The lure used by the operators of AstraLocker 2.0 is a Microsoft Word document that hides an OLE object with the ransomware payload. The embedded executable uses the filename "WordDocumentDOC.exe".
A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. According to a new report by HP, the malware has been under deployment since April 2022, with the developers releasing several updates in May 2022.