Security News

Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. "Microsoft recommends installing the updates as soon as possible," the company further urged customers in a post on the Microsoft Security Response Center.

Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. Microsoft has fixed the widely-exploited Windows Follina MSDT zero-day vulnerability tracked as CVE-2022-30190 in the June 2022 Updates.

Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach. Threat Insight, part of cybersecurity vendor Proofpoint, noted on Twitter this week that miscreants have been seen exploiting the Follina flaw, tracked as CVE-2022-30190, in the Windows Support Diagnostic Tool to deliver Qbot, also known as QakBot, QuakBot and Pinkslipbot, onto victims' computers.

A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. As Proofpoint security researchers shared today, the TA570 Qbot affiliate has now begun using malicious Microsoft Office.

Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool have been released today through the 0patch platform. Diagcab files are downloaded from the Internet and include a Mark-of-the-Web, Windows ignores it for this file type and allows the file to be opened without a warning.

Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool have been released today through the 0patch platform. Diagcab files are downloaded from the Internet and include a Mark-of-the-Web, Windows ignores it for this file type and allows the file to be opened without a warning.

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format documents designed to exploit a critical Windows zero-day vulnerability known as Follina. BleepingComputer is aware of local governments in at least two US states that were targeted by this phishing campaign.

Zero-day bug exploited by attackers via macro-less Office documentsA newly numbered Windows zero-day vulnerability is being exploited in the wild via specially crafted Office documents, security researchers are warning. DDoS threats growing in sophistication, size, and frequencyCorero Network Security has published the latest edition of its annual DDoS Threat Intelligence Report that compiles the trends, observations, predictions, and recommendations based on DDoS attacks against Corero customers during 2021.

Atlassian on Friday rolled out fixes to address a critical security flaw affecting its Confluence Server and Data Center products that have come under active exploitation by threat actors to achieve remote code execution. Tracked as CVE-2022-26134, the issue is similar to CVE-2021-26084 - another security flaw the Australian software company patched in August 2021.

Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. The zero-day affects all supported versions of Confluence Server and Data Center and allows unauthenticated attackers to gain remote code execution on unpatched servers.